0a224bca0c2b776ae4f09ad163db225869d0a255ddbe5ea224b4e8531f944c1b_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0a224bca0c2b776ae4f09ad163db225869d0a255ddbe5ea224b4e8531f944c1b_NeikiAnalytics.exe
Size

1.3MB
MD5

e24801d8382ca53eb80b5e128d147700
SHA1

38eeaf75cab9126de898c7ba2f50ee681d2b7024
SHA256

0a224bca0c2b776ae4f09ad163db225869d0a255ddbe5ea224b4e8531f944c1b
SHA512

7cc9ce8824fe4dbaa40483b0b1ff96ed50ec4b8bdaebea2924825a60daa7fa07d230b026a981e26e65428db0bea627dc6c7b64b893af863f75874c67c899c388
SSDEEP

12288:Lm2N0Qj1XBaaRCzjtxcadvfOXQmKIUH9DRFm5KxqeeSwtf6mZTiMw+Sv7:S2NR9HmtNvyZ01UAxqe+f6aTiVz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a224bca0c2b776ae4f09ad163db225869d0a255ddbe5ea224b4e8531f944c1b_NeikiAnalytics.exe

Files

0a224bca0c2b776ae4f09ad163db225869d0a255ddbe5ea224b4e8531f944c1b_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

1b31d5bf56f31446dc3caf847a3d3456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

dismhost.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
wcscpy_s
_beginthreadex
wcsstr
wcsrchr
__C_specific_handler
calloc
memmove_s
malloc
memcpy_s
_purecall
free
fgetws
_wfopen
wcstok_s
fclose
iswctype
toupper
strrchr
_vsnprintf
??1exception@@UEAA@XZ
__getmainargs
?what@exception@@UEBAPEBDXZ
exit
_exit
_cexit
__CxxFrameHandler3
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_wtoi
towlower
wcschr
_wcsnicmp
_vsnwprintf
_vscprintf
vsprintf_s
vswprintf_s
_vscwprintf
swscanf_s
_callnewh
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
_XcptFilter
_amsg_exit
__set_app_type
_lock
_unlock
__dllonexit
_onexit
feof
memmove
memcpy
memcmp
memset

advapi32

RegOpenKeyExW
EventWriteTransfer
EventRegister
EventProviderEnabled
EventUnregister
EqualSid
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl

kernel32

SetLastError
GetCurrentThread
GetLastError
CreateEventExW
CloseHandle
WaitForSingleObjectEx
SetErrorMode
GetCommandLineW
InitializeCriticalSection
SetThreadUILanguage
SetEvent
EnterCriticalSection
LeaveCriticalSection
OpenEventW
WaitForMultipleObjectsEx
ExitProcess
DeleteCriticalSection
OutputDebugStringW
GetModuleFileNameW
RaiseException
GetCurrentThreadId
GetModuleHandleW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
TlsSetValue
TlsAlloc
DeviceIoControl
FreeLibrary
FlushFileBuffers
IsDebuggerPresent
GetWindowsDirectoryW
GetFileSizeEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalAlloc
DebugBreak
CreateFileMappingA
DeleteFileW
DeleteFileA
CreateFileA
GetVersion
ReleaseMutex
CreateMutexA
CreateMutexW
SetFilePointer
WriteFile
GetModuleFileNameA
VirtualQuery
FormatMessageA
TlsFree
TlsGetValue
GetFileSize
GetLocalTime
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
CreateFileW
FormatMessageW
FindResourceExW
LoadResource
LocalFree
LoadLibraryExW
GetProcAddress
GetTempFileNameW
WaitForSingleObject
GetModuleHandleExW
SearchPathW

ole32

CoRevokeClassObject
CoCreateInstance
CLSIDFromString
CoRegisterClassObject
CoTaskMemFree
ProgIDFromCLSID
CoUninitialize
CoRegisterPSClsid
CoInitializeEx
CoInitializeSecurity

user32

LoadStringW

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlGetVersion
RtlNtStatusToDosError

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b31d5bf56f31446dc3caf847a3d3456

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

user32

oleaut32

ntdll

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB