68551e1425079700d77cbcde0e7230eb14c734e8ebff051d5ac48f1041ccb09a_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

68551e1425079700d77cbcde0e7230eb14c734e8ebff051d5ac48f1041ccb09a_NeikiAnalytics.exe
Size

46KB
MD5

1ed6174f4b64107238ec1218f0d4aa80
SHA1

3ac6880a50538c8a549c106542fb5191108e082f
SHA256

68551e1425079700d77cbcde0e7230eb14c734e8ebff051d5ac48f1041ccb09a
SHA512

041b3a08b1d1044f74e9696928bb9aaa630a7b655aff9b3159025a9281caecfa342410de24299244f56ca79b36dc9fcbfaefc3efc251aa719bb19822d60055ca
SSDEEP

768:zVX8JemRL4g/hr1k2WnJDsAvHCd6llSlxM3:zZy54g1WnJDsA/CkbUxM3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68551e1425079700d77cbcde0e7230eb14c734e8ebff051d5ac48f1041ccb09a_NeikiAnalytics.exe

Files

68551e1425079700d77cbcde0e7230eb14c734e8ebff051d5ac48f1041ccb09a_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

3e31c2d89ed5d7588c37cc4bba56c054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

logging

?__log@__Log@@YAXW4eTrace_Level@1@PEAXGPEBD2PEB_WZZ
?__registerLoggingModule@__Log@@YAPEAXV?$basic_string_view@_WU?$char_traits@_W@std@@@std@@@Z

core

?accessFileManager@@YAAEAVIFileManager@@XZ
?close@filesystem@@YAHH@Z
?lseek@filesystem@@YA_JH_JH@Z
?mmap@filesystem@@YAHPEAX_KHUSceMap@1@H_JPEAPEAX@Z
?munmap@filesystem@@YAHPEAX_K@Z
?open@filesystem@@YAHPEBDUSceOpen@1@G@Z

msvcp140

?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Winerror_map@std@@YAHH@Z
?_XGetLastError@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xruntime_error@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
_Xtime_get_ticks

msvcp140_atomic_wait

__std_calloc_crt
__std_free_crt
__std_tzdb_delete_leap_seconds
__std_tzdb_delete_time_zones
__std_tzdb_get_leap_seconds
__std_tzdb_get_time_zones

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
DisableThreadLibraryCalls
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetLocaleInfoEx
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LocalFree
QueryPerformanceCounter
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
UnhandledExceptionFilter
WakeAllConditionVariable
WideCharToMultiByte

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
memcpy
memmove
memset

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

strlen

Exports

Exports

MODULE_NAME
uEqMfMITvEI=
vU+FqrH+pEY=
Uco1I0dlDi8=
73fF1MFU8hA=
v6EZ-YWRdMs=
rvBSfTimejE=
3OMbYZBaa50=
uWIYLFkkwqk=
-RJWNMK3fC8=
Nn7zKwnA5q0=
ts6GlZOKRrE=
M1Gma1ocrGE=
-Q1-u1a7p0g=
4AAcTU9R3XM=
LosLlHOpNqQ=
gUPGiOQ1tmQ=
MPe0EeBGM-E=

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e31c2d89ed5d7588c37cc4bba56c054

Headers

DLL Characteristics

File Characteristics

Imports

logging

core

msvcp140

msvcp140_atomic_wait

kernel32

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 512B - Virtual size: 160B

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 512B - Virtual size: 160B