42ca443d14348a354792692405f3a409047808ef2ba1b097c2d95e52802c1018_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

42ca443d14348a354792692405f3a409047808ef2ba1b097c2d95e52802c1018_NeikiAnalytics.exe
Size

446KB
MD5

afd0d1aeb45658310fba01bacc3dc2a0
SHA1

0c9be851d30b3bf02dceed605f7e4cb3ab4ea3e9
SHA256

42ca443d14348a354792692405f3a409047808ef2ba1b097c2d95e52802c1018
SHA512

ddd4e1152789e650fabf5f1059e0bc3787aab3e603bbcfc6382fdd6b4ca94e4e3cf368790419b17926b23ca156a6ff991916587881a33ff3fb3162e4b313c781
SSDEEP

6144:hTy6AJPGmESGSeWNGGcw+6jHFRBFTK4XbNxraL0FcivLnzQ6MD+pC:V9wPGmE9Wsx6DFRfOAhxraYFc6Lz5A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42ca443d14348a354792692405f3a409047808ef2ba1b097c2d95e52802c1018_NeikiAnalytics.exe

Files

42ca443d14348a354792692405f3a409047808ef2ba1b097c2d95e52802c1018_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

3a77ae95e795ebee411e0038b4f5fbef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM

Imports

kernel32

GetStdHandle
FindFirstFileA
HeapAlloc
ExitProcess
WaitForSingleObject
CreateEventA
lstrcmpiA
HeapFree
HeapCreate
MulDiv
GlobalAlloc
GetLastError
SetLastError
FindResourceW
WideCharToMultiByte
GetACP
InterlockedIncrement
CreateFileW
SetStdHandle
WriteConsoleW
CloseHandle
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryW
SetConsoleWindowInfo
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
HeapReAlloc
GetWindowsDirectoryA
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
EnumResourceLanguagesA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
WriteFile
MultiByteToWideChar
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetConsoleScreenBufferSize
GetConsoleWindow
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FindNextFileA
FindClose
InterlockedDecrement
_lopen
GetStartupInfoA
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
RtlUnwind
RaiseException
LocalFree
GetProcAddress
FileTimeToLocalFileTime
HeapSize
FileTimeToSystemTime
LoadResource
GetModuleHandleA
GetCurrentThreadId
GetModuleHandleW
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetTickCount
GetOEMCP

user32

GetMenuItemID
GetMenuItemCount
ShowWindow
SendMessageA
LookupIconIdFromDirectory
GetWindowTextA
DefFrameProcA
LoadStringA
DrawMenuBar
EnableMenuItem
GetSystemMenu
GetWindowRect
GetDesktopWindow
FindWindowA
LoadCursorA
wsprintfA
LoadIconA
SetClassLongA
GetClassInfoA
UnregisterClassA
CheckMenuItem
WindowFromPoint
GetDlgCtrlID
SetWindowRgn
GetClassNameA
GetWindowContextHelpId
GetWindowLongA
GetWindow
ShowScrollBar
DefWindowProcA
GetDC
ReleaseDC
CreateWindowExA
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItem
EnableWindow
GetClientRect
SetWindowLongA

gdi32

GetObjectA
CreateFontIndirectA
CreateHalftonePalette
GetPaletteEntries
CreateRectRgnIndirect
EnumFontsA
CreateCompatibleDC

comdlg32

GetOpenFileNameA

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
StringFromGUID2
CoCreateInstance
CoInitializeEx

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocString

shlwapi

PathStripToRootA

comctl32

ImageList_Add
ImageList_Create

activeds

ord9

pdh

PdhAddCounterA
PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryA

rpcrt4

UuidCreateSequential

authz

AuthzInitializeResourceManager

ntdsapi

DsGetRdnW

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.directo
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gave
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a77ae95e795ebee411e0038b4f5fbef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

shlwapi

comctl32

activeds

pdh

rpcrt4

authz

ntdsapi

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 5KB - Virtual size: 12KB

.directo Size: 144KB - Virtual size: 143KB

.gave Size: 14KB - Virtual size: 14KB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 5KB - Virtual size: 12KB

.directo
Size: 144KB - Virtual size: 143KB

.gave
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 78KB - Virtual size: 78KB