6612e9148b887dfda114024956bb4b8bf4e0a2a0b774086cce160b06577f59ea_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6612e9148b887dfda114024956bb4b8bf4e0a2a0b774086cce160b06577f59ea_NeikiAnalytics.exe
Size

312KB
MD5

4b09dbe2dfd099aa9abf97c31e569380
SHA1

974eca468982488bbdc9d1977e283a3724d79c61
SHA256

6612e9148b887dfda114024956bb4b8bf4e0a2a0b774086cce160b06577f59ea
SHA512

20e69200b8502947574e8843a972dd12abe700f74ae6774fce8c16f9f2ac3ed097fb65ec01636d3bfce7c80ef62b59280916aad0877627f8bce325e21c8b51e1
SSDEEP

6144:jRiHL993bu+mezg/BArrAYeCM+0DehaY:OnspQU+OekY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6612e9148b887dfda114024956bb4b8bf4e0a2a0b774086cce160b06577f59ea_NeikiAnalytics.exe

Files

6612e9148b887dfda114024956bb4b8bf4e0a2a0b774086cce160b06577f59ea_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

6a999769ec56261256088c67235034c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

psisdecd.pdb

Imports

kernel32

Sleep
MultiByteToWideChar
lstrlenW
lstrcpyW
GetLastError
lstrcmpiW
HeapDestroy
DisableThreadLibraryCalls
lstrcpynW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcatW
lstrlenA
SizeofResource
LoadResource
FindResourceW
InitializeCriticalSection
CloseHandle
LockResource
GetModuleHandleW
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
DeleteCriticalSection
LeaveCriticalSection
LoadLibraryExW
EnterCriticalSection
SetStdHandle
LCMapStringW
LCMapStringA
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
IsBadWritePtr
WideCharToMultiByte
LocalFree
InterlockedExchange
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
HeapReAlloc
RaiseException
ExitProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
WriteFile

ntdll

RtlUnwind

winmm

timeGetTime

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

user32

CharPrevW
CharNextW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
SysStringLen
RegisterTypeLi
LoadTypeLi
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a999769ec56261256088c67235034c6

Headers

File Characteristics

PDB Paths

Imports

kernel32

ntdll

winmm

advapi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 277KB - Virtual size: 277KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 277KB - Virtual size: 277KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 15KB - Virtual size: 14KB