20d5b3b5c00578da460e4e4f4653366e504f2d2ad07ae4939203ab82dff2dbbe_NeikiAnalytics[.]exe

General

Target

20d5b3b5c00578da460e4e4f4653366e504f2d2ad07ae4939203ab82dff2dbbe_NeikiAnalytics.exe
Size

215KB
MD5

392ae1514d37d9228250fd2d8c991410
SHA1

06557972a903b3908c25c889cf5f74db4a93ab97
SHA256

20d5b3b5c00578da460e4e4f4653366e504f2d2ad07ae4939203ab82dff2dbbe
SHA512

803b2be95787c0b1cbcfac1df3864c495411f58d6e53d536914e00c95075ddcf7a421be3e4fe0b00dcf19a8cda1cb69c97d96173965a4787ad6c0c3f7d4838fd
SSDEEP

6144:GhARfzJj1UPIv0Cx/pMOSunlR/x3fibdzdh:Pz7vP0z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20d5b3b5c00578da460e4e4f4653366e504f2d2ad07ae4939203ab82dff2dbbe_NeikiAnalytics.exe

Files

20d5b3b5c00578da460e4e4f4653366e504f2d2ad07ae4939203ab82dff2dbbe_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

3c04313a3f112edc0ec36e9b912475a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

win32k.sys

EngStretchBlt
EngLockSurface
EngAssociateSurface
EngCreateBitmap
EngUnlockSurface
PATHOBJ_bEnum
EngFreeMem
EngAllocMem
BRUSHOBJ_pvGetRbrush
EngCreatePalette
EngDeletePalette
EngDeviceIoControl
PALOBJ_cGetColors
PATHOBJ_bEnumClipLines
PATHOBJ_vEnumStartClipLines
PATHOBJ_vEnumStart
EngStrokePath
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
STROBJ_bEnum
EngTextOut
EngBitBlt
EngCopyBits
EngDeleteSemaphore
EngCreateSemaphore
EngReleaseSemaphore
EngAcquireSemaphore
EngQueryPerformanceFrequency
EngQueryPerformanceCounter
EngFindImageProcAddress
EngLoadImage
EngMultiByteToUnicodeN
EngUnloadImage
EngGetDriverName
EngCreateDeviceBitmap
BRUSHOBJ_pvAllocRbrush

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 992B - Virtual size: 962B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c04313a3f112edc0ec36e9b912475a3

Headers

File Characteristics

Imports

win32k.sys

Sections

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 14KB - Virtual size: 14KB

INIT Size: 992B - Virtual size: 962B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 14KB - Virtual size: 14KB

INIT
Size: 992B - Virtual size: 962B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB