607744b0b949500c4fa578ef4a4ac5d924a6d159b5711bef24f50b31b4b9c857_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

607744b0b949500c4fa578ef4a4ac5d924a6d159b5711bef24f50b31b4b9c857_NeikiAnalytics.exe
Size

236KB
MD5

7e8895a07a117f39c35190ebb9b50a90
SHA1

4fbfb934c8508bf6144bd552ea42b3e1df56ff96
SHA256

607744b0b949500c4fa578ef4a4ac5d924a6d159b5711bef24f50b31b4b9c857
SHA512

c5211571f898be0d1d5757033e2628e6aa0265dcbc0783a8ad197e06a1ac6046e6673aa7b3302fdf135feeb9c0211823fd508558cfd26777a54fe95404603d4d
SSDEEP

3072:62UjBmWOT+y0NqjPvZISpXpdQTvGXekOWKEznsS9qw3vP:ZABmjT+yGq7ZF4W7znsOR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
607744b0b949500c4fa578ef4a4ac5d924a6d159b5711bef24f50b31b4b9c857_NeikiAnalytics.exe

Files

607744b0b949500c4fa578ef4a4ac5d924a6d159b5711bef24f50b31b4b9c857_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

07b9eaca53a451cda1af5ec98e5ef38e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pnputil.pdb

Imports

msvcrt

_vsnwprintf
_resetstkoflw
_fmode
?terminate@@YAXXZ
_commode
__C_specific_handler
_initterm
_wcsicmp
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
memcpy
_amsg_exit
wcsrchr
_XcptFilter
wcschr
_wcsnicmp
memset

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SetStdHandle
ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
GetFileAttributesW
WriteFile
CreateDirectoryW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExA
LoadStringW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Class_PropertyW
CM_MapCrToWin32Err

devobj

DevObjCreateDeviceInfoList
DevObjChangeState
DevObjDestroyDeviceInfoList
DevObjUninstallDevice
DevObjClassNameFromGuid
DevObjClassGuidsFromName
DevObjDeleteDevice
DevObjOpenDeviceInfo
DevObjGetDeviceProperty

cfgmgr32

CM_Reenumerate_DevNode
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Size
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_PropertyW
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des
CM_Get_First_Log_Conf
CM_Get_Res_Des_Data

api-ms-win-devices-query-l1-1-0

DevFindProperty
DevGetObjects
DevGetObjectProperties
DevFreeObjectProperties
DevFreeObjects

ntdll

NtQueryValueKey
NtOpenKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
NtClose
RtlGUIDFromString
RtlInitUnicodeString
RtlGetVersion
RtlNtStatusToDosError
NtQuerySystemInformation
RtlIsStateSeparationEnabled

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
WaitForSingleObjectEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07b9eaca53a451cda1af5ec98e5ef38e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-devices-config-l1-1-1

devobj

cfgmgr32

api-ms-win-devices-query-l1-1-0

ntdll

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-shutdown-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 68KB - Virtual size: 66KB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 1KB

.didat Size: 4KB - Virtual size: 216B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 68KB - Virtual size: 66KB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 1KB

.didat
Size: 4KB - Virtual size: 216B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB