2a6375140f3c499d9ea502fa7b7ca76985bd991f182d0dd36b224ec5bae4a7af_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2a6375140f3c499d9ea502fa7b7ca76985bd991f182d0dd36b224ec5bae4a7af_NeikiAnalytics.exe
Size

2.0MB
MD5

df276baf10c7c5b08fe76cf0d45f1510
SHA1

3d98d8ed295f3dc4f1385804c4cd7a36479208d1
SHA256

2a6375140f3c499d9ea502fa7b7ca76985bd991f182d0dd36b224ec5bae4a7af
SHA512

306ceabf770b2fc08ab77c7ae31c446fdb7c23df94b08ecaf79fd1f6f18b84ecdf0e7a921b051bced8c35ef27b1a075055e5859d41848456c72c6b91c26a3609
SSDEEP

24576:NexPCD9VePVL43r5hUu9O5oW4oHCLWb+ERcs3JUhah7lGTikqhd:2PqA43r5hJbWh3JUhalsTikqhd

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a6375140f3c499d9ea502fa7b7ca76985bd991f182d0dd36b224ec5bae4a7af_NeikiAnalytics.exe

Files

2a6375140f3c499d9ea502fa7b7ca76985bd991f182d0dd36b224ec5bae4a7af_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

443dfd49d452179f12739b20c37ccfbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\hera\Bin\nbvm.pdb

Imports

kernel32

CreateProcessA
GetLastError
GetModuleHandleW
DeleteFileA
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcpynW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalMemoryStatusEx
GetSystemInfo
GetLocalTime
GetPrivateProfileSectionA
Module32FirstW
Module32NextW
OpenProcess
VirtualQueryEx
ReadProcessMemory
GetCurrentProcess
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetModuleFileNameA
CreateFileA
WriteFile
GetCurrentThread
ExitProcess
Sleep
OutputDebugStringW
SetEvent
DeleteFileW
TerminateProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetTickCount
ResumeThread
GetThreadPriority
SetThreadPriority
lstrlenA
CloseHandle
CreateEventW
WaitForSingleObject
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetLastError
IsBadReadPtr
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GlobalFree
GlobalAlloc
GetNativeSystemInfo
GetComputerNameA
GetWindowsDirectoryW
FindNextFileW
GetTempPathW
GetFileAttributesW
GetSystemDirectoryW
CreateDirectoryW
SetErrorMode
InterlockedCompareExchange
DeleteTimerQueueEx
DeviceIoControl
CreateFileW
ReadConsoleW
ReadFile
SetEnvironmentVariableA
SetStdHandle
GetExitCodeProcess
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
FreeEnvironmentStringsW
InterlockedExchange
FreeLibrary
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileAttributesExW
LoadLibraryW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
SetEndOfFile
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetOEMCP
WideCharToMultiByte
DuplicateHandle
GetCurrentThreadId
GetExitCodeThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeW
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapReAlloc
CreateThread
ExitThread
LoadLibraryExW
RaiseException
CreateTimerQueue
IsProcessorFeaturePresent
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
IsDebuggerPresent
MoveFileExW
GetCommandLineA
GetCPInfo
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP

user32

WindowFromPoint
FindWindowA
wsprintfW
GetCursorPos
GetSystemMetrics
wsprintfA

advapi32

LookupPrivilegeValueA
OpenServiceA
CloseServiceHandle
DeleteService
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
ControlService
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CreateServiceA
StartServiceA
OpenSCManagerA

shell32

ShellExecuteW
SHGetFolderPathA

shlwapi

StrStrIA
PathFindExtensionA

ws2_32

inet_addr
recv
closesocket
send
ntohl
ntohs
gethostbyname
inet_ntoa
gethostname
accept
freeaddrinfo
WSAGetLastError
connect
WSASendTo
WSARecvFrom
WSAIoctl
WSASend
WSARecv
listen
socket
WSAStartup
WSACleanup
shutdown
htons
getaddrinfo
htonl
getpeername
setsockopt
bind

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionA
SetupDiGetDeviceRegistryPropertyA

mswsock

AcceptEx

wininet

InternetOpenA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle

Sections

.text
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

443dfd49d452179f12739b20c37ccfbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

iphlpapi

psapi

version

setupapi

mswsock

wininet

Sections

.text Size: 638KB - Virtual size: 638KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 214KB - Virtual size: 237KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 638KB - Virtual size: 638KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 214KB - Virtual size: 237KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 34KB - Virtual size: 34KB