2fbf4a59487c4e0c71c5807604138ce3af4a3693d2e25fa7213f028c915a5851_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2fbf4a59487c4e0c71c5807604138ce3af4a3693d2e25fa7213f028c915a5851_NeikiAnalytics.exe
Size

1.7MB
MD5

bc0390e94d2341bb2c61b7e00c66b030
SHA1

b528455deab58691aa6bd1a714bb3a8a45e28e39
SHA256

2fbf4a59487c4e0c71c5807604138ce3af4a3693d2e25fa7213f028c915a5851
SHA512

08945eafe2e58b6eb321b7b43c80a83c4f510dba700293a404651c0d785aef9e91176494c3a341e6b7907032ed4590559ffc85a6b689ea861078ef3f595bf96f
SSDEEP

24576:GDh5UNJMdLh5jSKSECFj9deG4WX2rc2pjJnRssIATSFjlGPZB:AUNy95jSKRCFjHeG8hB1TSFpGP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fbf4a59487c4e0c71c5807604138ce3af4a3693d2e25fa7213f028c915a5851_NeikiAnalytics.exe

Files

2fbf4a59487c4e0c71c5807604138ce3af4a3693d2e25fa7213f028c915a5851_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

5e6e80b2383a287036ccb0ca4773753c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

wininet

InternetCloseHandle
HttpOpenRequestW
InternetSetOptionW
InternetOpenW

version

VerQueryValueW

kernel32

OpenThread
FindNextFileW
DeleteCriticalSection
GetCurrentThreadId
GetModuleHandleW
OpenProcess
LoadLibraryW
Sleep
GetTempPathW
GetProcAddress
CloseHandle
CreateMutexW
WaitForSingleObject
OpenMutexW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
FlushFileBuffers
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
HeapAlloc
HeapFree
GetProcessHeap
GetVersionExW
GetCurrentProcessId
FindFirstFileW
GetSystemTimeAsFileTime
GetFileSizeEx
FindClose
LocalFree
LocalAlloc
InitializeCriticalSection
LoadLibraryA
FreeLibrary
TerminateProcess
GetVersion
ExitProcess
CreateRemoteThread
VirtualFreeEx
ReadProcessMemory
GetExitCodeProcess
VirtualAllocEx
GlobalFree
GlobalHandle
DuplicateHandle
WriteProcessMemory
GetDiskFreeSpaceW
SetEvent
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
CreateEventW
WaitForMultipleObjects
CancelIo
LoadLibraryExW
lstrcmpiW
GetStdHandle
RtlVirtualUnwind
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
AreFileApisANSI
GetModuleHandleExW
GetCommandLineA
MoveFileExW
RtlPcToFileHeader
IsProcessorFeaturePresent
IsDebuggerPresent
EnterCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
HeapSize
HeapReAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
lstrcmpW
CreateFileW
GetTimeZoneInformation
GetModuleFileNameW
GetMailslotInfo
MulDiv
LeaveCriticalSection
GlobalAlloc
GetTickCount
GlobalLock
GetCurrentProcess
PeekNamedPipe
MultiByteToWideChar
WideCharToMultiByte
LockResource
GetFileType
SizeofResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
CreateThread

user32

GetUserObjectInformationW
GetProcessWindowStation
UnregisterClassW
MoveWindow
GetWindow
DefWindowProcW
CallWindowProcW
GetMonitorInfoW
SetWindowTextW
MapWindowPoints
SendMessageW
SetWindowLongPtrW
ReleaseCapture
CreateWindowExW
IsWindow
SetWindowPos
GetSysColor
GetDesktopWindow
SendDlgItemMessageW
GetMessageW
TranslateMessage
CreateDialogIndirectParamW
PeekMessageW
DispatchMessageW
MessageBoxW
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetWindowRect
MapDialogRect
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetWindowLongPtrW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
GetDC
SetWindowContextHelpId
IsDialogMessageW
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
GetClassNameW
ReleaseDC
MonitorFromWindow
GetDlgItem
SetWindowLongW
EndDialog
RedrawWindow
CharNextW

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetObjectW
DeleteDC
BitBlt
GetStockObject
GetDeviceCaps
CreateSolidBrush

advapi32

DeregisterEventSource
RegQueryInfoKeyW
RegEnumValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueW
GetSidSubAuthority
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
ReportEventW
RegisterEventSourceW
RegCreateKeyExW
RegQueryValueExW
GetSidSubAuthorityCount

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
StringFromGUID2
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
CoInitialize
CoCreateGuid
StringFromIID
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

SysAllocString
DispCallFunc
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
SysStringLen
LoadRegTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysFreeString

comctl32

InitCommonControlsEx

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e6e80b2383a287036ccb0ca4773753c

Headers

DLL Characteristics

File Characteristics

Imports

psapi

wininet

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 392KB - Virtual size: 392KB

.data Size: 220KB - Virtual size: 246KB

.pdata Size: 67KB - Virtual size: 66KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 392KB - Virtual size: 392KB

.data
Size: 220KB - Virtual size: 246KB

.pdata
Size: 67KB - Virtual size: 66KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 43KB