4833916d1a5f68bccdeeaca43c468c4a01c147f7ec9ef2b11755d2ab08aa9c76_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4833916d1a5f68bccdeeaca43c468c4a01c147f7ec9ef2b11755d2ab08aa9c76_NeikiAnalytics.exe
Size

90KB
MD5

22b66b96b0edd454d74fd076c459e390
SHA1

ad7a4cdbfaebefbd0152c60b3234e60f36792c61
SHA256

4833916d1a5f68bccdeeaca43c468c4a01c147f7ec9ef2b11755d2ab08aa9c76
SHA512

6f528a414ef5c19c4714eb11adb87b4d3a9e5fc638fd6443d8f595fc39bbfb7b43a4cd5a99f476e4500f5938a92a704eeddb9d8fa405669338f45f88bbd5ccf7
SSDEEP

1536:ZoHHNBrUS2knsjBhcRsmn7t918AFaW63nSIBc7ZTfy1rkGTls:aNxBnsOf7xOW63n3W1kkGTls

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4833916d1a5f68bccdeeaca43c468c4a01c147f7ec9ef2b11755d2ab08aa9c76_NeikiAnalytics.exe

Files

4833916d1a5f68bccdeeaca43c468c4a01c147f7ec9ef2b11755d2ab08aa9c76_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

cbac66d369f24cd8e3181e034c4d01b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

getmac.pdb

Imports

kernel32

SetLastError
InterlockedDecrement
WriteConsoleW
GetStdHandle
GetLastError
FileTimeToSystemTime
GetModuleFileNameW
GetTimeFormatW
GetComputerNameExW
SetConsoleMode
ReadFile
ReadConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
FormatMessageW
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
lstrlenW
LocalAlloc
HeapAlloc
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedIncrement
GetModuleHandleA

msvcrt

_exit
wcstol
wcstoul
wcstod
__iob_func
fprintf
fflush
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
wcstok
_cexit
__wgetmainargs
_CxxThrowException
memset
wcsstr
_iob
memcpy
__CxxFrameHandler3
??2@YAPAXI@Z
_wcsicmp
??3@YAXPAX@Z
_memicmp
_get_osfhandle
_errno
_fileno
_vsnwprintf

user32

LoadStringW
wsprintfW
CharUpperW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringByteLen
SysStringLen
VariantChangeType
SysAllocString
VariantCopy
VariantInit
SysFreeString
VariantClear

secur32

GetUserNameExW

ws2_32

WSACleanup
FreeAddrInfoW
GetNameInfoW
WSAStartup
WSAGetLastError
GetAddrInfoW

framedynos

?SetAt@CHString@@QAEXHG@Z
?Mid@CHString@@QBE?AV1@HH@Z
?Empty@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
?Format@CHString@@QAAXPBGZZ
?FindOneOf@CHString@@QBEHPBG@Z
??0CHString@@QAE@PBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?ReleaseBuffer@CHString@@QAEXH@Z
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@PBG@Z
?Find@CHString@@QBEHG@Z
?Left@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z

netapi32

NetServerGetInfo
NetWkstaTransportEnum
NetApiBufferFree

shlwapi

StrChrW
StrStrIW
StrStrW
StrChrIW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cbac66d369f24cd8e3181e034c4d01b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

user32

mpr

ole32

oleaut32

secur32

ws2_32

framedynos

netapi32

shlwapi

version

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 30KB - Virtual size: 31KB