5aa7a2b93549c95b43cbc0977bb516cc8828de2b9e2bdbf0aebea1cda3a84138_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5aa7a2b93549c95b43cbc0977bb516cc8828de2b9e2bdbf0aebea1cda3a84138_NeikiAnalytics.exe
Size

264KB
MD5

4c41fb6849d9bb15ddec2cc8e2afc610
SHA1

4947014d4c158e871a1d5879e26aa8d19914eff2
SHA256

5aa7a2b93549c95b43cbc0977bb516cc8828de2b9e2bdbf0aebea1cda3a84138
SHA512

a3328aea42899164921af2de101f39bf1f97a32610b2d48e2873ba726532ea699ffb418fabca2791f7f76daf7448721b83aa6b11f3c9107cfd7341d3f270d6ec
SSDEEP

6144:Ju8jbHuVK1rZFyioM/F5JAEqmyjA06UU:JyKMioM/DJAiIU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aa7a2b93549c95b43cbc0977bb516cc8828de2b9e2bdbf0aebea1cda3a84138_NeikiAnalytics.exe

Files

5aa7a2b93549c95b43cbc0977bb516cc8828de2b9e2bdbf0aebea1cda3a84138_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

8cac24eec5b67ba07b5412bf7042f178

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\binaries.x86ret\bin\i386\bbt\opt\mscoree.pdb

Imports

kernel32

InterlockedCompareExchange
CloseHandle
UnmapViewOfFile
FreeLibrary
SetLastError
GetLastError
GetFileSize
InterlockedExchange
GetProcAddress
VirtualQuery
VirtualAlloc
GlobalMemoryStatus
ReleaseMutex
WaitForSingleObject
GetSystemInfo
SetErrorMode
MapViewOfFile
InterlockedIncrement
ExitProcess
DisableThreadLibraryCalls
VirtualProtect
WriteFile
GetLocalTime
ReadProcessMemory
CreateToolhelp32Snapshot
InterlockedDecrement
ReadFile
FindClose
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapCreate
HeapDestroy
GetStringTypeW
MultiByteToWideChar
IsDBCSLeadByteEx
TlsGetValue
GetModuleHandleA
LocalFree
IsDBCSLeadByte
GetCPInfo
GetACP
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
lstrlenW
GetSystemDefaultLangID
GetVersionExA
GetWindowsDirectoryA
GetWindowsDirectoryW
GetModuleHandleW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
LoadLibraryExA
LoadLibraryExW
GetFullPathNameA
GetFullPathNameW
GetModuleFileNameA
GetModuleFileNameW
RaiseException
CreateFileA
CreateFileW
CreateSemaphoreA
CreateSemaphoreW
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
LCMapStringA
LCMapStringW
FindFirstFileA
FindFirstFileW
GetVersionExW
OutputDebugStringA
OutputDebugStringW
CreateMutexA
CreateMutexW
CreateEventA
CreateEventW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
GetEnvironmentVariableA
GetEnvironmentVariableW
CreateFileMappingA
CreateFileMappingW
GetCurrentProcessId
LocalAlloc
FormatMessageA
FormatMessageW
SetEvent
ResetEvent
ReleaseSemaphore
TlsSetValue
TlsAlloc
TlsFree
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObjectEx
SleepEx
VirtualFree
HeapValidate
CreateThread
GetStdHandle
LoadLibraryA
GetCommandLineA
RtlUnwind
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
GetTickCount
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
HeapSize
HeapReAlloc
GetStringTypeA
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers

Exports

Exports

CallFunctionShim
CloseCtrs
ClrCreateManagedInstance
CoEEShutDownCOM
CoInitializeCor
CoInitializeEE
CoUninitializeCor
CoUninitializeEE
CollectCtrs
CorBindToCurrentRuntime
CorBindToRuntime
CorBindToRuntimeByCfg
CorBindToRuntimeByPath
CorBindToRuntimeByPathEx
CorBindToRuntimeEx
CorBindToRuntimeHost
CorDllMainWorker
CorExitProcess
CorGetSvc
CorIsLatestSvc
CorMarkThreadInThreadPool
CorTickleSvc
CreateConfigStream
CreateDebuggingInterfaceFromVersion
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EEDllGetClassObjectFromClass
EEDllRegisterServer
EEDllUnregisterServer
GetAssemblyMDImport
GetCORRequiredVersion
GetCORRootDirectory
GetCORSystemDirectory
GetCORVersion
GetCompileInfo
GetFileVersion
GetHashFromAssemblyFile
GetHashFromAssemblyFileW
GetHashFromBlob
GetHashFromFile
GetHashFromFileW
GetHashFromHandle
GetHostConfigurationFile
GetMetaDataInternalInterface
GetMetaDataInternalInterfaceFromPublic
GetMetaDataPublicInterfaceFromInternal
GetPermissionRequests
GetPrivateContextsPerfCounters
GetProcessExecutableHeap
GetRealProcAddress
GetRequestedRuntimeInfo
GetRequestedRuntimeVersion
GetRequestedRuntimeVersionForCLSID
GetStartupFlags
GetTargetForVTableEntry
GetTokenForVTableEntry
GetVersionFromProcess
GetXMLElement
GetXMLElementAttribute
GetXMLObject
IEE
InitErrors
InitSSAutoEnterThread
LoadLibraryShim
LoadLibraryWithPolicyShim
LoadStringRC
LoadStringRCEx
LockClrVersion
LogHelp_LogAssert
LogHelp_NoGuiOnAssert
LogHelp_TerminateOnAssert
MetaDataGetDispenser
ND_CopyObjDst
ND_CopyObjSrc
ND_RI2
ND_RI4
ND_RI8
ND_RU1
ND_WI2
ND_WI4
ND_WI8
ND_WU1
OpenCtrs
PostError
ReOpenMetaDataWithMemory
ReOpenMetaDataWithMemoryEx
RunDll32ShimW
RuntimeOSHandle
RuntimeOpenImage
RuntimeReleaseHandle
SetTargetForVTableEntry
StrongNameCompareAssemblies
StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameGetBlob
StrongNameGetBlobFromImage
StrongNameGetPublicKey
StrongNameHashSize
StrongNameKeyDelete
StrongNameKeyGen
StrongNameKeyGenEx
StrongNameKeyInstall
StrongNameSignatureGeneration
StrongNameSignatureGenerationEx
StrongNameSignatureSize
StrongNameSignatureVerification
StrongNameSignatureVerificationEx
StrongNameSignatureVerificationFromImage
StrongNameTokenFromAssembly
StrongNameTokenFromAssemblyEx
StrongNameTokenFromPublicKey
TranslateSecurityAttributes
UpdateError
_CorDllMain
_CorExeMain
_CorExeMain2
_CorImageUnloading
_CorValidateImage

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cac24eec5b67ba07b5412bf7042f178

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 238KB - Virtual size: 238KB

.data Size: 11KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 238KB - Virtual size: 238KB

.data
Size: 11KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB