718a6cdced6b57b392051af4df4af33baf5948b0e3490df065f8d91b9e3f4750_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

718a6cdced6b57b392051af4df4af33baf5948b0e3490df065f8d91b9e3f4750_NeikiAnalytics.exe
Size

1.2MB
MD5

1d2e98cd888d352fcfd9e0975e141be0
SHA1

82eab078769685f805adc1d3bed7d8501bf52db5
SHA256

718a6cdced6b57b392051af4df4af33baf5948b0e3490df065f8d91b9e3f4750
SHA512

4c9de89e7341d7527bd07f64aeb1adb130383719f6ac73db2d04cacff3ab6406fe2867b888c1adc69595958eaab3adcf2cf9d7181f804b68b0697e0393979a1b
SSDEEP

12288:FtyI0kN9+pNvtAi/CuHyPGcx0W9PO2t5VnPIsHMAjh6+KcgONAS:3yI0kX+pNrfSPGcymOO5NI4h95O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
718a6cdced6b57b392051af4df4af33baf5948b0e3490df065f8d91b9e3f4750_NeikiAnalytics.exe

Files

718a6cdced6b57b392051af4df4af33baf5948b0e3490df065f8d91b9e3f4750_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

1a702cc79219226d4f627dcc60043422

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForMultipleObjects
MapViewOfFile
OpenFileMappingA
CreateEventA
lstrcatA
GetSystemDirectoryA
SetPriorityClass
GetCurrentProcess
CreateThread
SetEvent
SetConsoleCtrlHandler
AllocConsole
CloseHandle
CreateProcessA
GetStartupInfoA
GetVersionExA
ReleaseMutex
WaitForSingleObject
OpenEventA
CreateMutexA
lstrlenA
Sleep
SetLastError
OutputDebugStringA
UnmapViewOfFile
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

user32

SendMessageTimeoutA
SendNotifyMessageA
SendMessageA
AttachThreadInput
SetCursorPos
PostMessageA
LoadIconA
SendInput
LoadCursorA
MessageBoxA
DefWindowProcA
FindWindowA
LoadStringA
DestroyWindow
PostQuitMessage
DispatchMessageA
TranslateMessage
RegisterClassA
GetMessageA
CreateWindowExA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

msvcrt

__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_acmdln
exit
_exit
_c_exit
_XcptFilter
__C_specific_handler
memset
strncpy
_vsnprintf
memcpy
_cexit

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a702cc79219226d4f627dcc60043422

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

shell32

shlwapi

msvcrt

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 672B

.rsrc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 672B

.rsrc
Size: 1.2MB - Virtual size: 1.8MB