009ae25ee36a446e7bd770934f8e4467dc2d54d2742aba9b04925b66f8e4ced4_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

009ae25ee36a446e7bd770934f8e4467dc2d54d2742aba9b04925b66f8e4ced4_NeikiAnalytics.exe
Size

678KB
MD5

6fbd372f9deb3359c52b05966c137b60
SHA1

1aa6c3050a376feaf336a0778e12e8c1b2d6699e
SHA256

009ae25ee36a446e7bd770934f8e4467dc2d54d2742aba9b04925b66f8e4ced4
SHA512

671cad39a262fbf6abbe1cd7d7f0d6d5ae4cbd16f1dfa4ea7161b34f28538f3d5af32b8ce001a2aa201cd8620fcea21d50bb81f7e4873d51655514ccd539f08a
SSDEEP

12288:jKUabY+oKESCksuUcfJrDatyM6LbrwYAa8L/drPJ6kaEpCdEHQ2CXvIoNvM2oo+D:OUg9FCksLsctyTjP9G/drPJ6kaEpCdEl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009ae25ee36a446e7bd770934f8e4467dc2d54d2742aba9b04925b66f8e4ced4_NeikiAnalytics.exe

Files

009ae25ee36a446e7bd770934f8e4467dc2d54d2742aba9b04925b66f8e4ced4_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

516c8afbdaed2929b39897fe1f954182

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msspellcheckingfacilitydl.pdb

Imports

user32

CharNextW
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
UnregisterClassA

msvcrt

_controlfp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
_isctype
towupper
iswspace
toupper
iswctype
tolower
??3@YAXPAX@Z
??_V@YAXPAX@Z
_vsnwprintf
wcsncpy_s
free
wcscpy_s
wcscat_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
abort
??8type_info@@QBEHABV0@@Z
wcschr
towlower
bsearch
_wtoi
wcsrchr
swscanf_s
strerror
__uncaught_exception
__crtLCMapStringW
__crtCompareStringW
___mb_cur_max_func
___lc_codepage_func
__pctype_func
___lc_collate_cp_func
___lc_handle_func
_errno
memcpy
__CxxFrameHandler3
setlocale
_CxxThrowException
_callnewh
_resetstkoflw
malloc
calloc
memset
realloc
strchr
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
memmove_s
??0exception@@QAE@XZ
memmove
??0exception@@QAE@ABV0@@Z
_purecall
memcpy_s
_wfopen_s
fclose
fseek
ftell
fread
wcsncmp
wcstombs_s
wcscspn
iswalpha
iswupper
iswlower
wcsstr
iswdigit
iswxdigit
?what@exception@@UBEPBDXZ
_ftol2_sse

kernel32

FlushFileBuffers
SetFilePointer
LoadLibraryExA
GetSystemInfo
LocalAlloc
VirtualQuery
FindResourceW
LockResource
GetFileSize
FindResourceExW
LoadResource
SizeofResource
FreeLibrary
GetSystemWindowsDirectoryW
GetUserPreferredUILanguages
DeleteTimerQueueTimer
CreateTimerQueueTimer
FormatMessageW
InitializeCriticalSectionAndSpinCount
SetLastError
NormalizeString
LCMapStringW
FoldStringW
VirtualProtect
GetCurrentProcessId
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
DecodePointer
EncodePointer
GetStringTypeW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLastError
CloseHandle
GetModuleHandleW
GetProcAddress
LocalFree
ReleaseMutex
CreateMutexW
WaitForSingleObject
CreateEventW
OpenProcess
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExW
RaiseException
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetEvent
GetCommandLineW
Sleep
CreateThread
CompareStringOrdinal
GetCurrentThread
GetCurrentProcess
GetVersionExW
ReadFile
CreateFileW
SleepEx
FindClose
CreateFileMappingW
GetFileSizeEx
CreateDirectoryW
FindFirstFileExW
FindNextFileW
AcquireSRWLockShared
ReleaseSRWLockShared
GetFileTime
SetFilePointerEx
LockFile
WriteFile
SetEndOfFile
UnlockFile
MoveFileW
GetSystemTime
SystemTimeToFileTime
SetFileTime
FindFirstChangeNotificationW
FindNextChangeNotification
InitOnceExecuteOnce
WaitForMultipleObjectsEx
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

advapi32

OpenProcessToken
RegEnumValueW
RegNotifyChangeKeyValue
GetTokenInformation
OpenThreadToken
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegGetValueW
EventWrite
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
EventRegister
EventUnregister
ConvertSidToStringSidW
RegOpenCurrentUser
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegDeleteTreeW

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysFreeString
VariantInit
VariantCopy
VariantClear
SetErrorInfo
CreateErrorInfo
VarUI4FromStr
RegisterTypeLi

ole32

CoDisableCallCancellation
CoCancelCall
CoEnableCallCancellation
CoGetMalloc
CoTaskMemAlloc
CoRevertToSelf
CoImpersonateClient
CoTaskMemFree
CLSIDFromString
CoSuspendClassObjects
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitializeEx
CoResumeClassObjects
CoCreateInstance
CoTaskMemRealloc

shell32

SHGetKnownFolderPath
ord47

shlwapi

PathFileExistsW
PathFindNextComponentW
PathIsDirectoryW
PathIsPrefixW
PathAppendW
PathStripPathW
PathIsNetworkPathW
PathCombineW

rpcrt4

UuidCreateSequential

Sections

.text
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

516c8afbdaed2929b39897fe1f954182

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcrt

kernel32

advapi32

oleaut32

ole32

shell32

shlwapi

rpcrt4

Sections

.text Size: 595KB - Virtual size: 595KB

.data Size: 8KB - Virtual size: 10KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 12B

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 55KB - Virtual size: 56KB

.text
Size: 595KB - Virtual size: 595KB

.data
Size: 8KB - Virtual size: 10KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 55KB - Virtual size: 56KB