28f12d3a3afff197bfcf8bd20c7269932ac520a0d764089b6b3e45556815ab1e_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

28f12d3a3afff197bfcf8bd20c7269932ac520a0d764089b6b3e45556815ab1e_NeikiAnalytics.exe
Size

58KB
MD5

b82f9a76832d193e0a891650c864b000
SHA1

b2e0d6ed7815ca86e3d096a3c94e741a22d4a91d
SHA256

28f12d3a3afff197bfcf8bd20c7269932ac520a0d764089b6b3e45556815ab1e
SHA512

5f64261f06ba6c42bb8040a7fca1058cf2c1c484912ce3c6db67008ec477bd8998dca7083aee8b74562aa45303bfb7d298008ad774caa0a153609eac4820b53e
SSDEEP

1536:PV/GrlhiYZBZoKSFRPt7gMf7d2MS8ls5LeQ:ArlhiYZw1FLF7dijxeQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f12d3a3afff197bfcf8bd20c7269932ac520a0d764089b6b3e45556815ab1e_NeikiAnalytics.exe

Files

28f12d3a3afff197bfcf8bd20c7269932ac520a0d764089b6b3e45556815ab1e_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

0f737807d46c5a9e1654b97b0efb649b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setspn.pdb

Imports

kernel32

FormatMessageW
LoadLibraryW
GetLastError
GetSystemDirectoryW
ExitProcess
GetModuleHandleW
GetProcessHeap
HeapAlloc
GetStdHandle
WriteFile
HeapFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetConsoleOutputCP
SetThreadUILanguage
WideCharToMultiByte

msvcrt

_fileno
_lseeki64
__pioinfo
_isatty
__badioinfo
ferror
malloc
_itoa
_snprintf
__wgetmainargs
isleadbyte
__mb_cur_max
mbtowc
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
_write
fwprintf
_errno
_vsnwprintf
memcpy
calloc
_wcsnicmp
_wcsicmp
_iob
fprintf
towupper
free
wcschr
memset
_wsetlocale

netapi32

DsGetDcNameWithAccountW
NetApiBufferFree

ntdsapi

DsCrackNamesW
DsBindW
DsUnBindW
DsFreeNameResultW
DsWriteAccountSpnW

wldap32

ord46
ord170
ord16
ord73
ord191
ord208
ord41
ord26
ord147
ord88
ord127
ord140
ord224
ord167
ord97
ord135
ord206
ord12
ord118
ord133
ord145
ord13
ord27

user32

LoadStringW

shlwapi

StrChrW
StrCmpW

ntdll

RtlInitUnicodeString
RtlUnwind

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f737807d46c5a9e1654b97b0efb649b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

netapi32

ntdsapi

wldap32

user32

shlwapi

ntdll

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 29KB - Virtual size: 30KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 29KB - Virtual size: 30KB