2ba0e291fd39b880b97aab19ba6fd8bdfdf892dc38b302804ab939cfa4e7c4a8_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2ba0e291fd39b880b97aab19ba6fd8bdfdf892dc38b302804ab939cfa4e7c4a8_NeikiAnalytics.exe
Size

299KB
MD5

3eb43a82daea850b8df77983f7d04a60
SHA1

176452aa14c5b4635b4ab4fd6a885051d0b35733
SHA256

2ba0e291fd39b880b97aab19ba6fd8bdfdf892dc38b302804ab939cfa4e7c4a8
SHA512

2ebf1946232e78a2705bb2286b98fb19fb9fbd757e07b35301a4c9a77299437dacec287336fc3e6de8a6b7b6f4a18fed4494535c1874ca57aacc8deaefe6e1ed
SSDEEP

6144:g7COUCjoTLrlApet2Gcl6YRQHzI4l/4OMx7apSPWI2:d0KLrcScAYGrO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ba0e291fd39b880b97aab19ba6fd8bdfdf892dc38b302804ab939cfa4e7c4a8_NeikiAnalytics.exe

Files

2ba0e291fd39b880b97aab19ba6fd8bdfdf892dc38b302804ab939cfa4e7c4a8_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

ed38c2a8e9b86860aca127d0df06ae39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vcpkg\buildtrees\libpq\x64-windows-rel\Release\libpq\libpq.pdb

Imports

libssl-3-x64-0d90254026fa387c53eb39d344bcb55e

SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_check_private_key
SSL_new
SSL_free
SSL_connect
SSL_read
SSL_write
SSL_ctrl
SSL_CTX_ctrl
SSL_get_error
SSL_get_version
TLS_method
SSL_shutdown
SSL_get_certificate
SSL_CTX_set_default_verify_paths
SSL_CTX_load_verify_locations
SSL_get_verify_result
SSL_set_ex_data
SSL_get_current_compression
OPENSSL_init_ssl
SSL_CTX_set_options
SSL_CTX_set_cert_cb
SSL_get1_peer_certificate
SSL_CTX_use_certificate_chain_file
SSL_use_PrivateKey_file
SSL_use_PrivateKey
SSL_set_verify
SSL_set_bio
SSL_pending
SSL_CIPHER_get_name
SSL_CIPHER_get_bits
SSL_get_current_cipher
SSL_CTX_get_cert_store
SSL_CTX_free
SSL_CTX_new
SSL_set_options
SSL_clear_options

libcrypto-3-x64-2df6ad096f45ac68491c2ef5c3dc4cc6

BIO_meth_set_create
BIO_meth_get_destroy
BIO_get_new_index
BIO_meth_set_destroy
GENERAL_NAME_free
BIO_meth_set_gets
BIO_meth_get_gets
BIO_meth_set_puts
BIO_meth_get_callback_ctrl
BIO_meth_set_callback_ctrl
ASN1_STRING_length
ASN1_STRING_get0_data
OBJ_nid2sn
EVP_sha256
EVP_get_digestbyname
X509_STORE_set_flags
X509_STORE_load_locations
X509_verify_cert_error_string
X509_digest
X509_free
X509_get_signature_info
X509_get_subject_name
X509_NAME_get_index_by_NID
X509_NAME_get_entry
EVP_md5
BIO_meth_get_create
EVP_sha1
BIO_meth_get_puts
BIO_meth_set_read
BIO_meth_set_write
BIO_meth_free
X509_NAME_ENTRY_get_data
BIO_meth_new
EVP_sha384
BIO_meth_get_ctrl
HMAC_CTX_new
HMAC_CTX_free
HMAC_Init_ex
HMAC_Update
BIO_s_socket
HMAC_Final
EVP_MD_CTX_new
EVP_MD_CTX_free
EVP_DigestInit_ex
EVP_DigestUpdate
BIO_int_ctrl
EVP_DigestFinal_ex
RAND_bytes
RAND_status
RAND_poll
X509_get_ext_d2i
ERR_new
ERR_set_debug
OPENSSL_sk_num
OPENSSL_sk_value
OPENSSL_sk_pop_free
ERR_set_error
ERR_get_error
ERR_clear_error
ERR_reason_error_string
ENGINE_by_id
ENGINE_free
BIO_get_data
BIO_set_data
BIO_new
BIO_clear_flags
ENGINE_init
ENGINE_finish
ENGINE_load_private_key
BIO_set_flags
EVP_sha512
BIO_meth_set_ctrl
EVP_sha224

ws2_32

WSAGetLastError
WSASetLastError
WSAStartup
socket
setsockopt
send
getaddrinfo
freeaddrinfo
getnameinfo
closesocket
inet_pton
select
recv
getsockopt
getsockname
WSAIoctl
connect
ioctlsocket

secur32

FreeContextBuffer
DeleteSecurityContext
AcquireCredentialsHandleA
InitializeSecurityContextA
FreeCredentialsHandle

wldap32

ord41
ord143
ord13
ord51
ord88
ord22
ord26
ord36
ord35
ord79

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
WideCharToMultiByte
SleepEx
GetProcAddress
FreeLibrary
LocalFree
DeviceIoControl
GetFileAttributesA
GetLocaleInfoEx
MultiByteToWideChar
CreateFileA
CloseHandle
GetFileInformationByHandle
GetSystemTimePreciseAsFileTime
LoadLibraryExA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FormatMessageA
GetLastError

advapi32

GetUserNameA

shell32

SHGetFolderPathA

vcruntime140

memcmp
memcpy
memset
strchr
memchr
memmove
strrchr
strstr
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
realloc

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtol

api-ms-win-crt-string-l1-1-0

isprint
_strdup
strnlen
isalnum
isupper
islower
isdigit
strspn
strncpy
isspace
isalpha
strncmp
strncat
strcmp
tolower
isxdigit

api-ms-win-crt-stdio-l1-1-0

_isatty
ferror
fclose
fgets
_popen
_setmode
_open_osfhandle
_fileno
__acrt_iob_func
_close
_read
_write
__stdio_common_vsprintf
fflush
feof
fputc
fputs
_pclose
fwrite
putc
__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

_errno
strerror
_initterm
_initterm_e
_seh_filter_dll
_getpid
_configure_narrow_argv
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
signal

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
strftime

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

_fdopen
_dclass

api-ms-win-crt-locale-l1-1-0

setlocale

Exports

Exports

PQbackendPID
PQbinaryTuples
PQcancel
PQclear
PQclientEncoding
PQcmdStatus
PQcmdTuples
PQconndefaults
PQconnectPoll
PQconnectStart
PQconnectStartParams
PQconnectdb
PQconnectdbParams
PQconnectionNeedsPassword
PQconnectionUsedGSSAPI
PQconnectionUsedPassword
PQconninfo
PQconninfoFree
PQconninfoParse
PQconsumeInput
PQcopyResult
PQdb
PQdefaultSSLKeyPassHook_OpenSSL
PQdescribePortal
PQdescribePrepared
PQdisplayTuples
PQdsplen
PQencryptPassword
PQencryptPasswordConn
PQendcopy
PQenterPipelineMode
PQenv2encoding
PQerrorMessage
PQescapeBytea
PQescapeByteaConn
PQescapeIdentifier
PQescapeLiteral
PQescapeString
PQescapeStringConn
PQexec
PQexecParams
PQexecPrepared
PQexitPipelineMode
PQfformat
PQfinish
PQfireResultCreateEvents
PQflush
PQfmod
PQfn
PQfname
PQfnumber
PQfreeCancel
PQfreeNotify
PQfreemem
PQfsize
PQftable
PQftablecol
PQftype
PQgetCancel
PQgetCopyData
PQgetResult
PQgetSSLKeyPassHook_OpenSSL
PQgetgssctx
PQgetisnull
PQgetlength
PQgetline
PQgetlineAsync
PQgetssl
PQgetvalue
PQgssEncInUse
PQhost
PQhostaddr
PQinitOpenSSL
PQinitSSL
PQinstanceData
PQisBusy
PQisnonblocking
PQisthreadsafe
PQlibVersion
PQmakeEmptyPGresult
PQmblen
PQmblenBounded
PQnfields
PQnotifies
PQnparams
PQntuples
PQoidStatus
PQoidValue
PQoptions
PQparameterStatus
PQparamtype
PQpass
PQping
PQpingParams
PQpipelineStatus
PQpipelineSync
PQport
PQprepare
PQprint
PQprintTuples
PQprotocolVersion
PQputCopyData
PQputCopyEnd
PQputline
PQputnbytes
PQregisterEventProc
PQregisterThreadLock
PQrequestCancel
PQresStatus
PQreset
PQresetPoll
PQresetStart
PQresultAlloc
PQresultErrorField
PQresultErrorMessage
PQresultInstanceData
PQresultMemorySize
PQresultSetInstanceData
PQresultStatus
PQresultVerboseErrorMessage
PQsendDescribePortal
PQsendDescribePrepared
PQsendFlushRequest
PQsendPrepare
PQsendQuery
PQsendQueryParams
PQsendQueryPrepared
PQserverVersion
PQsetClientEncoding
PQsetErrorContextVisibility
PQsetErrorVerbosity
PQsetInstanceData
PQsetNoticeProcessor
PQsetNoticeReceiver
PQsetResultAttrs
PQsetSSLKeyPassHook_OpenSSL
PQsetSingleRowMode
PQsetTraceFlags
PQsetdbLogin
PQsetnonblocking
PQsetvalue
PQsocket
PQsslAttribute
PQsslAttributeNames
PQsslInUse
PQsslStruct
PQstatus
PQtrace
PQtransactionStatus
PQtty
PQunescapeBytea
PQuntrace
PQuser
appendBinaryPQExpBuffer
appendPQExpBuffer
appendPQExpBufferChar
appendPQExpBufferStr
createPQExpBuffer
destroyPQExpBuffer
enlargePQExpBuffer
initPQExpBuffer
lo_close
lo_creat
lo_create
lo_export
lo_import
lo_import_with_oid
lo_lseek
lo_lseek64
lo_open
lo_read
lo_tell
lo_tell64
lo_truncate
lo_truncate64
lo_unlink
lo_write
pg_char_to_encoding
pg_encoding_to_char
pg_utf_mblen
pg_valid_server_encoding
pg_valid_server_encoding_id
pgresStatus
pqsignal
printfPQExpBuffer
resetPQExpBuffer
termPQExpBuffer

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed38c2a8e9b86860aca127d0df06ae39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libssl-3-x64-0d90254026fa387c53eb39d344bcb55e

libcrypto-3-x64-2df6ad096f45ac68491c2ef5c3dc4cc6

ws2_32

secur32

wldap32

kernel32

advapi32

shell32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 142KB - Virtual size: 141KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB