2ad15aa0de412c5ca2a512a1003ef0837b011beeedbe0bcb22c28664fb2fcfba_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2ad15aa0de412c5ca2a512a1003ef0837b011beeedbe0bcb22c28664fb2fcfba_NeikiAnalytics.exe
Size

74KB
MD5

bdcb5333cf51f731cc62795155a9ff40
SHA1

2ba3f44c306f131e5d763771037a679735ba7c06
SHA256

2ad15aa0de412c5ca2a512a1003ef0837b011beeedbe0bcb22c28664fb2fcfba
SHA512

9d7fc6776ce6ad4ddbedb73d3d7ab30e150c563b8585eaf236cc2ccde7cad9f70aa6f8920a18a224da6045b12fbfeecaae430fe631bc7f87c55a0603078a8b5f
SSDEEP

1536:CAcXNQ6MHIx+HeLpK3zxoEAxzdfVhCYwBlE:lONioFpuYthVhC1Ba

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ad15aa0de412c5ca2a512a1003ef0837b011beeedbe0bcb22c28664fb2fcfba_NeikiAnalytics.exe

Files

2ad15aa0de412c5ca2a512a1003ef0837b011beeedbe0bcb22c28664fb2fcfba_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

e83c43a0a0660977831ca16f5521b0e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

svchost.pdb

Imports

api-ms-win-core-crt-l2-1-0

_purecall
__dllonexit3
exit
__wgetmainargs
_initterm
_initterm_e
_onexit

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
SetProcessAffinityUpdateMode
ExitProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetErrorMode
SetUnhandledExceptionFilter

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

memset
memmove_s
memcpy
qsort_s
_wcsicmp
memcmp
memcpy_s

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeSRWLock
InitializeCriticalSectionEx
OpenSemaphoreW
CreateMutexExW
ReleaseMutex
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDisablePredefinedCacheEx
RegCloseKey
RegQueryValueExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

I_RpcMapWin32Status
I_RpcServerDisableExceptionFilter
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcServerUnregisterIf
RpcServerRegisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
RpcMgmtSetServerStackSize

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-security-base-l1-1-0

InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
AddAccessAllowedAce
GetLengthSid
SetSecurityDescriptorOwner
GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
ReleaseActCtx
DeactivateActCtx
CreateActCtxW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

TpSetTimer
TpAllocTimer
RtlQueryHeapInformation
TpReleaseTimer
_vsnwprintf
EtwEventEnabled
TpReleaseWait
RtlNtStatusToDosErrorNoTeb
TpSetWait
TpAllocWait
EtwEventRegister
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
RtlImageNtHeader
NtQuerySystemInformation
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
TpWaitForTimer
RtlInitializeCriticalSection
TpSetTimerEx
RtlInitializeSid
RtlAllocateHeap
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
RtlFreeHeap
EtwEventWrite

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e83c43a0a0660977831ca16f5521b0e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-private-l1-1-3

api-ms-win-core-crt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 140B

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 140B