5306a197f59a5b0a1907592ac5f9361a94745854133c21fdc8d7a0d6bb8d332d_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5306a197f59a5b0a1907592ac5f9361a94745854133c21fdc8d7a0d6bb8d332d_NeikiAnalytics.exe
Size

117KB
MD5

ac905c627db22c425e38798fe8970490
SHA1

e5b8121dfb6f63c7831674faba53ed0562558fe2
SHA256

5306a197f59a5b0a1907592ac5f9361a94745854133c21fdc8d7a0d6bb8d332d
SHA512

748abf1e598fc25f526c3d17bded2a7b18dd511674722db901a219faa786e375863d2a7678461788a545a51579b19448a685d6628339b63b30beb9d50624add3
SSDEEP

1536:CidV1T9EHsE56VNB+1J1oTN2s+zheW6BVrqzCJ3bdDY+W14N4NmzWlIA7hKRQLqH:CM85INEE2lQBV+UdE+rECWp7hKLN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5306a197f59a5b0a1907592ac5f9361a94745854133c21fdc8d7a0d6bb8d332d_NeikiAnalytics.exe

Files

5306a197f59a5b0a1907592ac5f9361a94745854133c21fdc8d7a0d6bb8d332d_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

98ff00193ed1cad8e5da182fb187b5d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rdrleakdiag.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wtol
_o_exit
_o_qsort
_o_terminate
_except_handler4_common
_o___stdio_common_vswprintf
_o___p__commode
_o___p___wargv
_o___p___argc
wcsrchr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
SetFilePointer
GetTempFileNameW
RemoveDirectoryW
WriteFile
DeleteFileW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetProcessTimes
GetCurrentThreadId
SetProcessShutdownParameters
OpenProcessToken
GetProcessId

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LoadStringW
GetProcAddress
GetModuleHandleW

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-eventing-provider-l1-1-0

EventWrite

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

ntdll

NtWaitForSingleObject
NtResetEvent
EtwEventRegister
NtQueryInformationThread
RtlFreeHeap
NtCreateMutant
NtSetEvent
NtQueryInformationProcess
RtlAllocateHeap
RtlNtStatusToDosError
NtCreateEvent
NtReleaseMutant
NtDuplicateObject
RtlCreateProcessReflection
NtClose
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
NtOpenProcess
RtlEqualUnicodeString
RtlInitUnicodeString
EtwEventUnregister
NtCreateThreadEx

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98ff00193ed1cad8e5da182fb187b5d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-console-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-memory-l1-1-3

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB