733609ce21908132f56dd516e19d7592718d0c2e06e1dcb6f0829f7ca6ff1965_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

733609ce21908132f56dd516e19d7592718d0c2e06e1dcb6f0829f7ca6ff1965_NeikiAnalytics.exe
Size

305KB
MD5

05024940271cf118e996845510789900
SHA1

a9ed24fee40a98a439b2f4cfe9c41b2636db0169
SHA256

733609ce21908132f56dd516e19d7592718d0c2e06e1dcb6f0829f7ca6ff1965
SHA512

ada45a4df1003fbc974623ec629da1dfbf584184292266ccefd2d5be9d364ac85836c8e1676411d31aa464b842bd072e3671b5a4e32a29e81f119eaeade557d7
SSDEEP

6144:B+/ZZ9juqEvhDoOgkomu0u/qxKJRBQeN2O1oRNfHGD7n:yZ9juqEpDoOgko2wZjNMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
733609ce21908132f56dd516e19d7592718d0c2e06e1dcb6f0829f7ca6ff1965_NeikiAnalytics.exe

Files

733609ce21908132f56dd516e19d7592718d0c2e06e1dcb6f0829f7ca6ff1965_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

d6c8559ca6fd7f8f8093cf5aae7213a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\workspace\Windows-Installer-7.0.X\rw\CredentialProvider\sso\SRV2003_X64_RETAIL\HPrgsSSO.pdb

Imports

secur32

LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

shlwapi

SHStrDupW
ord219

ole32

CoTaskMemAlloc
CoTaskMemFree

advapi32

CredProtectW
CredIsProtectedW

credui

CredPackAuthenticationBufferW
CredUnPackAuthenticationBufferW

crypt32

CryptUnprotectData

kernel32

GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoW
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
TlsAlloc
DisableThreadLibraryCalls
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
lstrlenW
GetLastError
LocalAlloc
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
DeleteCriticalSection
GetCurrentThreadId
GetComputerNameW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
Sleep
ReadFile
DisconnectNamedPipe
CloseHandle
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MoveFileA
DeleteFileA
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
SetEnvironmentVariableA
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleW
GetProcAddress
ExitProcess
FatalAppExitA
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwindEx
SetFilePointer
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
HeapReAlloc
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6c8559ca6fd7f8f8093cf5aae7213a5

Headers

File Characteristics

PDB Paths

Imports

secur32

shlwapi

ole32

advapi32

credui

crypt32

kernel32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 8KB - Virtual size: 20KB

.pdata Size: 14KB - Virtual size: 14KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 8KB - Virtual size: 20KB

.pdata
Size: 14KB - Virtual size: 14KB

.reloc
Size: 2KB - Virtual size: 1KB