3a720e61ad4cd27c9fab5f4e7d20fae9a4955420564bb73303860afeff700d95_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3a720e61ad4cd27c9fab5f4e7d20fae9a4955420564bb73303860afeff700d95_NeikiAnalytics.exe
Size

242KB
MD5

734613fe17de74b28b88a3fff97a2300
SHA1

da21c453400d34c556462997559e4ac716e7d5a5
SHA256

3a720e61ad4cd27c9fab5f4e7d20fae9a4955420564bb73303860afeff700d95
SHA512

9ee236ff91ab7143ee7c54e35928f522cc379899839099b4f1e69615f23a7a1a19641719b5bdc67a9962b7cc1300b55c1e5cb06ea6dff5879d7eb716040e506b
SSDEEP

6144:d5279l9NxFtrqHDNDeaD/3g9Slx/fHDAATPA4CuN5:dEPx+XBe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a720e61ad4cd27c9fab5f4e7d20fae9a4955420564bb73303860afeff700d95_NeikiAnalytics.exe

Files

3a720e61ad4cd27c9fab5f4e7d20fae9a4955420564bb73303860afeff700d95_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

758ab9a83db4b5ef9c3694b454eb2621

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mcbuilder.pdb

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegFlushKey
RegEnumValueW
RegOpenKeyExW

kernel32

GetLastError
GetProcAddress
LoadLibraryW
EnumUILanguagesW
HeapAlloc
GetProcessHeap
GetSystemTimeAsFileTime
GetFileTime
MoveFileExW
LoadLibraryExW
GetVersionExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDirectoryW
IsValidLocale
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
CreateMutexW
WaitForSingleObject
GetSystemWindowsDirectoryW
WriteFile
FlushFileBuffers
FreeLibrary
FlushViewOfFile
LocalFree
GetCurrentThread
GetDiskFreeSpaceExW
DeviceIoControl
GlobalMemoryStatusEx
ExpandEnvironmentStringsW
GetFileAttributesExW
SetFileAttributesW
CreateFileW
GetFileSizeEx
ReadFile
HeapFree
OpenFileMappingW
MapViewOfFile
SetLastError
UnmapViewOfFile
ReleaseMutex
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
SystemTimeToFileTime
Sleep
InterlockedExchange
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
FreeResource
GetSystemPreferredUILanguages
GetSystemTime
GetSystemDefaultUILanguage
LCIDToLocaleName
GetProductInfo
CreateFileMappingW

msvcrt

bsearch
towlower
printf
_wcsupr
_wgetenv
wcsncmp
wcsrchr
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
malloc
_callnewh
free
towupper
_wfopen_s
fgetws
fclose
??0exception@@QAE@XZ
_wcsicmp
_wcsnicmp
_wcsupr_s
__CxxFrameHandler3
wcsstr
swscanf
_CxxThrowException
wcstol
wcstoul
wcschr
memset
memcpy
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
_vsnwprintf

ntdll

RtlReAllocateHeap
EtwEventUnregister
RtlGetSystemPreferredUILanguages
EtwEventEnabled
EtwEventWrite
RtlExpandEnvironmentStrings
RtlAllocateHeap
RtlFreeHeap
RtlInitUnicodeString
RtlHashUnicodeString
NtUnmapViewOfSection
RtlNtStatusToDosError
NtMapViewOfSection
RtlUnicodeStringToInteger
EtwEventRegister

netapi32

NetGetJoinInformation
NetApiBufferFree

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

758ab9a83db4b5ef9c3694b454eb2621

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

netapi32

Sections

.text Size: 182KB - Virtual size: 182KB

PAGELK Size: 5KB - Virtual size: 5KB

.data Size: 15KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 37KB

.text
Size: 182KB - Virtual size: 182KB

PAGELK
Size: 5KB - Virtual size: 5KB

.data
Size: 15KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 37KB