0a372448ed35a526f047a81d83cf7e704bc7831561c7b676f022c46971e02dd8_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0a372448ed35a526f047a81d83cf7e704bc7831561c7b676f022c46971e02dd8_NeikiAnalytics.exe
Size

588KB
MD5

1617dda1fe0cf6c9e33fb8c1c9775000
SHA1

85927cb375c6ec5c0bbb57a6eac68dd3c88fab40
SHA256

0a372448ed35a526f047a81d83cf7e704bc7831561c7b676f022c46971e02dd8
SHA512

b39b9bb400bc88ad033b440e97373c236da84d84df0dc0c417935da0391cecf536ba11b72e742d72dece06bcad08d6cbc7399dee761f194ae4456604094e4f53
SSDEEP

6144:bmtootSKvqI53iDQkcM2OmwcFS2FZbPA7pWVj4Osp0AsJPULGT+rqcl1ntvl5sFn:LWvqII8kcMbmD+eklp0AsJYrqAxE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a372448ed35a526f047a81d83cf7e704bc7831561c7b676f022c46971e02dd8_NeikiAnalytics.exe

Files

0a372448ed35a526f047a81d83cf7e704bc7831561c7b676f022c46971e02dd8_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

403dc08b9a67b5f5676a894e7fc9c521

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Microsoft.AsyncTextService.pdb

Imports

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
SleepConditionVariableCS
Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockShared
TryEnterCriticalSection
CreateEventExW
OpenSemaphoreW
WaitForSingleObject
EnterCriticalSection
AcquireSRWLockShared
CreateSemaphoreExW
InitializeCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateMutexExW
ResetEvent
SetEvent
LeaveCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
CoGetObjectContext
CoGetInterfaceAndReleaseStream
CoGetApartmentType

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

coremessaging

CoreUICallReceive
CoreUICreate
CoreUICallCreateEndpointHost
CoreUICallSend

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-heap-l2-1-0

LocalFree

msvcrt

_commode
wcslen
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
memset
abort
memcmp
___lc_collate_cp_func
__pctype_func
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
_acmdln
_callnewh
malloc
__set_app_type
__getmainargs
_ismbblead
_amsg_exit
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_unlock
_lock
realloc
strchr
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
wcsrchr
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
wcstol
_errno
memmove_s
__ExceptionPtrRethrow
?terminate@@YAXXZ
__ExceptionPtrCreate
__ExceptionPtrCurrentException
__ExceptionPtrCopy
__ExceptionPtrDestroy
_purecall
??0exception@@QEAA@AEBV0@@Z
wcsstr
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
__CxxFrameHandler4
calloc
_fmode
__setusermatherr
_initterm
_cexit
_exit
??0exception@@QEAA@AEBQEBDH@Z
exit
??1type_info@@UEAA@XZ

wincorlib

?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
??0Object@Platform@@QE$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoFailFastWithErrorContext
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsCompareStringOrdinal
WindowsConcatString
WindowsDuplicateString

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

403dc08b9a67b5f5676a894e7fc9c521

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-l1-2-0

coremessaging

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-heap-l2-1-0

msvcrt

wincorlib

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

Sections

.text Size: 415KB - Virtual size: 414KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 35KB - Virtual size: 38KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 35KB - Virtual size: 38KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB