982a66009179e9842f3539619f2c89edf5c3b44ff39e2c922f18b513ef2830f7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

982a66009179e9842f3539619f2c89edf5c3b44ff39e2c922f18b513ef2830f7_NeikiAnalytics.exe
Size

413KB
MD5

9e60dd4424c757d0e424649bf41fa070
SHA1

00c14317d896f6a14063de35efe00f989ba56290
SHA256

982a66009179e9842f3539619f2c89edf5c3b44ff39e2c922f18b513ef2830f7
SHA512

8741922af86a3100f9db2b5fc45066378a809a6b94c12abc2deaeee009e2937f4d789bd816f0ff89bf8cb247da676aa5eeb718997c1fff4cfdff0856374af97f
SSDEEP

6144:000j3xvrzKxDC34u548KQmsX5EKny/Cf50Td92Nvr6lbIhSXy1cGH5enhW2D:000j3l3K1A4uKGw/msd9zmkymGH0nhW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
982a66009179e9842f3539619f2c89edf5c3b44ff39e2c922f18b513ef2830f7_NeikiAnalytics.exe

Files

982a66009179e9842f3539619f2c89edf5c3b44ff39e2c922f18b513ef2830f7_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

b59af26b08aa14ba66272388bc9c2443

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WMIC.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW

kernel32

SetFilePointer
CreateFileW
WriteFile
SetLastError
GetLastError
CopyFileW
GetFileSizeEx
GetLocalTime
GetFileType
GetStdHandle
FormatMessageW
GetConsoleScreenBufferInfo
GetSystemDefaultUILanguage
GetComputerNameW
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
WriteConsoleW
SetConsoleCursorPosition
SetConsoleScreenBufferSize
ReadConsoleW
SetConsoleMode
GetConsoleMode
GetCurrentProcess
GetSystemDirectoryW
GetUserPreferredUILanguages
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryW
LocalAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetCommandLineW
DeleteFileW
HeapSetInformation
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetConsoleCtrlHandler
InitializeCriticalSection
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenA
LocalFree
lstrlenW
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoW
UnhandledExceptionFilter

msvcrt

?what@exception@@UBEPBDXZ
wcsncmp
fprintf
fflush
fwprintf
wcstombs
fread
fseek
towlower
swscanf
_iob
_exit
wcsstr
fgets
__CxxFrameHandler3
wcstoul
_wfopen
fwrite
fclose
_ftol2_sse
_getch
ceil
_cexit
__wgetmainargs
_callnewh
malloc
free
_wfreopen
fgetws
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
memmove_s
memcpy_s
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
feof
_XcptFilter
_wsystem
_wtoi
_fileno
_filelength
_wremove
wctomb
fputws
_itow
??0exception@@QAE@ABV0@@Z
_wcsnicmp
_wtol
_vsnprintf
wcstok
_wcsicmp
memset
_ltow
??0exception@@QAE@XZ
memcpy
_CxxThrowException
_vsnwprintf
_kbhit

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstanceEx
CoCreateInstance
CoInitializeSecurity

oleaut32

SafeArrayGetLBound
SysStringLen
SysFreeString
SysAllocStringByteLen
SafeArrayGetVartype
SysStringByteLen
VariantCopy
VariantChangeType
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear
SysAllocString

user32

OpenClipboard
LoadStringW
CloseClipboard
SetClipboardData
CharUpperW
EmptyClipboard

framedynos

??0CHString@@QAE@ABV0@@Z
?Find@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z
??H@YG?AVCHString@@ABV0@PBG@Z
??YCHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?TrimLeft@CHString@@QAEXXZ
?TrimRight@CHString@@QAEXXZ
?GetBuffer@CHString@@QAEPAGH@Z
?FindOneOf@CHString@@QBEHPBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Empty@CHString@@QAEXXZ
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@PBD@Z
?Right@CHString@@QBE?AV1@H@Z
??0CHString@@QAE@PBG@Z
??0CHString@@QAE@XZ
?Format@CHString@@QAAXPBGZZ
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@PBG@Z

shlwapi

StrStrIW

ws2_32

WSACleanup
freeaddrinfo
WSAStartup
getaddrinfo

secur32

GetUserNameExW

iphlpapi

Icmp6SendEcho2
Icmp6CreateFile
IcmpSendEcho
IcmpCreateFile
IcmpCloseHandle

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b59af26b08aa14ba66272388bc9c2443

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

user32

framedynos

shlwapi

ws2_32

secur32

iphlpapi

Sections

.text Size: 299KB - Virtual size: 299KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 41KB - Virtual size: 42KB

.text
Size: 299KB - Virtual size: 299KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 41KB - Virtual size: 42KB