501d9d841d3a9c5329729ec0d9da7987b4f9aeedf6e9122ab45c290fa5c04012_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

501d9d841d3a9c5329729ec0d9da7987b4f9aeedf6e9122ab45c290fa5c04012_NeikiAnalytics.exe
Size

148KB
MD5

e521dd83c0779a9733e59da0be45a7c0
SHA1

f89fbf2c3615923751d2fa885f8714aa42e87c19
SHA256

501d9d841d3a9c5329729ec0d9da7987b4f9aeedf6e9122ab45c290fa5c04012
SHA512

f78725b4b97be300c349b9bbf7132b1b4106cb4d0813507b5cdab62cd0c90b28364a9f66d9d1d5d14ed891eba6d492b02fc7b92f07be6a0089950e7f3c7e3312
SSDEEP

3072:JXUyfmEO2rMdxjCuj9Dq9jrVEZxWN3LCkossbhui/7Fg:JkzJdAuxDArVEZxEuFb5/7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
501d9d841d3a9c5329729ec0d9da7987b4f9aeedf6e9122ab45c290fa5c04012_NeikiAnalytics.exe

Files

501d9d841d3a9c5329729ec0d9da7987b4f9aeedf6e9122ab45c290fa5c04012_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

b813975e10b64a50774296c1a60a6140

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wmutil

WMGetPolicysPackageDN
WMGetAllScheduledObjects
WMGetAttributeValue
WMGetAttributeValueInfo
WMCacheSearchPolicy
WMCheckIfScheduleIsByPackage
WMGetAssociatedObject
WMGetTemporaryHash

calwin32

ord377
ord9
ord4

clxwin32

ord115
ord105
ord100
ord102
ord104
ord108
ord113
ord116
ord114
ord103
ord107

locwin32

ord23

netwin32

ord1004
ord1162
ord1007
ord1047
ord1072
ord1022
ord1028
ord1013
ord1008
ord1006
ord1015
ord1005
ord2031
ord2014
ord2008
ord1058
ord1029
ord1003
ord3028
ord3025
ord1002
ord1093
ord3029
ord1160

kernel32

CompareFileTime
lstrcpyA
ResetEvent
Process32Next
CreateFileA
DeviceIoControl
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
GetStartupInfoA
SystemTimeToFileTime
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
OpenProcess
SetEvent
InterlockedIncrement
InterlockedDecrement
Sleep
WaitForSingleObject
CloseHandle
CreateEventA
GetLastError
CreateMutexA
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
ExitProcess
UnmapViewOfFile
ReleaseMutex
FreeLibrary
GetProcAddress
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
GetExitCodeProcess
TerminateProcess
CreateProcessA
GetCurrentThreadId
lstrcmpA
lstrlenA
LocalAlloc
LocalFree
GetLocalTime
OpenEventA
SetThreadPriority
lstrcpynA
WaitForMultipleObjects
ExpandEnvironmentStringsA
OutputDebugStringA
lstrcatA
FormatMessageA
GetWindowsDirectoryA
DeleteFileA
CreateThread

user32

DestroyIcon
PostQuitMessage
MoveWindow
LoadMenuA
GetSubMenu
GetSystemMetrics
SetWindowPos
SetTimer
DestroyMenu
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
GetWindowRect
PostMessageA
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
MsgWaitForMultipleObjects
wsprintfA
SendMessageA
MessageBoxA
LoadStringA
SetDlgItemTextA
UpdateWindow
DestroyWindow
GetDesktopWindow
CreateDialogParamA
DialogBoxParamA
ExitWindowsEx
GetForegroundWindow
GetClassNameA
PeekMessageA
DispatchMessageA
KillTimer
EndDialog
SystemParametersInfoA
ShowWindow

gdi32

GetStockObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegEnumValueA

shell32

Shell_NotifyIconA

msvcrt

__setusermatherr
__getmainargs
_acmdln
_controlfp
_strupr
_except_handler3
?terminate@@YAXXZ
__p__fmode
__p__commode
__set_app_type
__CxxFrameHandler
_CxxThrowException
_adjust_fdiv
memmove
memcmp
??3@YAXPAX@Z
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_initterm
_onexit
__dllonexit
toupper
strchr
sprintf
strncpy
strtok
_vsnprintf
time
strstr
wcscmp
wcslen
_ltoa
wcscpy
??2@YAPAXI@Z
memset

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b813975e10b64a50774296c1a60a6140

Headers

File Characteristics

Imports

wmutil

calwin32

clxwin32

locwin32

netwin32

kernel32

user32

gdi32

advapi32

shell32

msvcrt

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 28KB - Virtual size: 26KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 28KB - Virtual size: 26KB

.rsrc
Size: 12KB - Virtual size: 8KB