99db3bc54c0d84c8154a992357fedd9baad805cad9a9c2c49c3162cd4209959f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

99db3bc54c0d84c8154a992357fedd9baad805cad9a9c2c49c3162cd4209959f_NeikiAnalytics.exe
Size

369KB
MD5

b42d90c8f068105d7e666f49351d2080
SHA1

5a199064af6ccb646fac7253b177f199f05e5b23
SHA256

99db3bc54c0d84c8154a992357fedd9baad805cad9a9c2c49c3162cd4209959f
SHA512

8525fd96556866cf76e700c46326121446c1d50679e586bc0d234cda28c3ec14999ec9c42ad6d8113745957c37f378c630e1de6126124fd72e376e79ee12823c
SSDEEP

6144:mSYU4gZGB/IGcDAYnDGfo/Ycga46sZj5RA1OooOa1+GTI3vfz6lS11h:mjgNGhMlwcl46yVR9opa1lSvfzAS1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99db3bc54c0d84c8154a992357fedd9baad805cad9a9c2c49c3162cd4209959f_NeikiAnalytics.exe

Files

99db3bc54c0d84c8154a992357fedd9baad805cad9a9c2c49c3162cd4209959f_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

b58db1d8030e6da84025d8fc3405ed00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
strncmp
realloc
_adjust_fdiv
_initterm
rand
memcmp
memmove
memcpy
memset
malloc

kernel32

RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
ResetEvent
DeleteCriticalSection
QueryPerformanceFrequency
lstrlenA
CreateDirectoryW
WaitForSingleObject
lstrcmpiA
lstrcmpA
MoveFileExW
GetSystemTimeAsFileTime
GetModuleFileNameW
CloseHandle
DeleteFileW
lstrcpyW
SetEvent
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
GetFileSizeEx
GetSystemTime
MapViewOfFile
UnmapViewOfFile
VirtualQuery
QueryPerformanceCounter
lstrcmpW
lstrlenW
CreateFileMappingW
VirtualProtect
GetFileTime
CreateThread
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsW
GetShortPathNameW
SystemTimeToFileTime
Sleep
lstrcpynW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalLock
GetModuleHandleW
GlobalUnlock
GetProcAddress
GetModuleHandleA
CreateEventW
IsDebuggerPresent
lstrcpyA
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

user32

GetClassNameW
SetWindowTextW
FindWindowExA
GetWindowTextW
CloseClipboard
IsClipboardFormatAvailable
FindWindowW
GetKeyboardState
GetKeyboardLayout
GetAsyncKeyState
GetClipboardData
SetWindowLongW
FindWindowExW
OpenClipboard
CallWindowProcW
wsprintfA
CharUpperW
ToUnicodeEx
wsprintfW
CharUpperA

shell32

SHGetFolderPathW
ShellExecuteA

ws2_32

send
closesocket
ioctlsocket
WSAGetLastError
inet_addr
bind
listen
accept
WSAStartup
htons
gethostbyname
connect
recv
socket

iphlpapi

GetAdaptersInfo

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Exports

Exports

Entry

Sections

.text
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b58db1d8030e6da84025d8fc3405ed00

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

ws2_32

iphlpapi

advapi32

Exports

Exports

Sections

.text Size: 268KB - Virtual size: 268KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 48KB - Virtual size: 65KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 268KB - Virtual size: 268KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 48KB - Virtual size: 65KB

.reloc
Size: 10KB - Virtual size: 9KB