1dee96be60f4a336efeddde16d90cb01505d449be816bb4eaa75c0224e45393c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1dee96be60f4a336efeddde16d90cb01505d449be816bb4eaa75c0224e45393c_NeikiAnalytics.exe
Size

158KB
MD5

f27c4edc0e41ae571d96d0a672b19c40
SHA1

31b6c4f0909e4a1accf869a674d065ea63c43761
SHA256

1dee96be60f4a336efeddde16d90cb01505d449be816bb4eaa75c0224e45393c
SHA512

c9920cf4ea8ce0b29639ae45f6e461b42d01f11536c8d87857b7509f100b8439cc6f2a2ac892f1236c63991782898711d4c7f52f057592dfe640e092801a4bf2
SSDEEP

3072:U5ZMCij1hEgKWjV3m1TEhKcjsMLYW0Fde0ORZHkLuS8RcUwKe0nn5Rhbz6IrZEK:U5oJDVIEtLYW0Fde0ORZHtzRcUw3on5B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1dee96be60f4a336efeddde16d90cb01505d449be816bb4eaa75c0224e45393c_NeikiAnalytics.exe

Files

1dee96be60f4a336efeddde16d90cb01505d449be816bb4eaa75c0224e45393c_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

95b53c843db843c873150ba1f06377d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adsnds.pdb

Imports

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleHandleA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
LocalAlloc
FormatMessageW
LocalFree
Sleep
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
SystemTimeToFileTime
FileTimeToSystemTime
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
GetSystemTime
GetLastError
InterlockedDecrement
MultiByteToWideChar

msvcrt

malloc
_strupr
sprintf
_initterm
_adjust_fdiv
free
wcsncpy
iswspace
_wtoi
_wtol
_except_handler3
wcschr
wcstok
_wcsupr
_purecall
_wcsicmp

ntdll

RtlInitUnicodeString
RtlSecondsSince1970ToTime
RtlTimeToSecondsSince1970

nwapi32

NwNdsModifyObject
NwNdsReadObject
NwNdsRemoveObject
NwNdsGetObjectListFromBuffer
NwNdsListSubObjects
NwNdsPutInBuffer
NwNdsMoveObject
NwNdsRenameObject
NwNdsGetClassDefListFromBuffer
NwNdsReadClassDef
NwNdsGetAttrDefListFromBuffer
NwNdsReadAttrDef
NwNdsGetAttrListFromBuffer
NwNdsGetSyntaxID
NwNdsChangeUserPassword
NWPChangeObjectPasswordEncrypted
NWPGetChallengeKey
NwNdsConnHandleFree
NwNdsObjectHandleToConnHandle
NwNdsOpenObject
NwNdsCreateQueryNode
NwNdsDeleteQueryTree
NwNdsSearch
NwNdsCreateBuffer
NwNdsAddObject
NwNdsFreeBuffer
NWCScanObject
NwNdsCloseObject
NWCDetachFromFileServer
NWCAttachToFileServerW

advapi32

SystemFunction041
SystemFunction040

nwprovau

NPOpenEnum

activeds

ord15
ord24
ord12
ord14
ord18
ord17
ord16
ord23
ord21
ord22
ord9

ole32

StringFromGUID2
CreatePointerMoniker
CoCreateInstance

winspool.drv

OpenPrinterW
SetPrinterW
ClosePrinter

user32

wsprintfW
LoadStringW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
DispInvoke
LoadRegTypeLi
DispGetIDsOfNames
SetErrorInfo
CreateErrorInfo
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayCreate
VariantCopy
VariantInit
VariantClear
SysFreeString
VariantCopyInd
SafeArrayDestroy
SafeArrayPutElement
SysAllocString
SafeArrayGetLBound

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95b53c843db843c873150ba1f06377d8

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ntdll

nwapi32

advapi32

nwprovau

activeds

ole32

winspool.drv

user32

oleaut32

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 131KB

.data Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 131KB - Virtual size: 131KB

.data
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 7KB - Virtual size: 7KB