057470b8a244e920643de6acc7759529095470619e775047e36c40c63fae5df3_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

057470b8a244e920643de6acc7759529095470619e775047e36c40c63fae5df3_NeikiAnalytics.exe
Size

200KB
MD5

8e1bbda6119d8b14d95a56d2d938dde0
SHA1

15923d56ac86820dc6739a2eb88134f4d927592d
SHA256

057470b8a244e920643de6acc7759529095470619e775047e36c40c63fae5df3
SHA512

0ef3687b3a588b25475cd4ccdb42044d95d1c1c867400bdfe89e4a129faeaf18efe73fa7e284c3d1616fd7d33ccf60156b808efb67dbe5ef75e0b2dd5aaa9666
SSDEEP

1536:RpDqI+YkSTvkSFhSbRs/hNVuHD9lJZcZNrsVk6Of8Pd7DhOzxtmNWoqxmRpfizKK:u8SOhoDEPiOShaOAxnWJzLewhha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
057470b8a244e920643de6acc7759529095470619e775047e36c40c63fae5df3_NeikiAnalytics.exe

Files

057470b8a244e920643de6acc7759529095470619e775047e36c40c63fae5df3_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

17d7fa668e080329c4276af297273ecf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

S:\wtf\_x64\exe.terminal\tterm:pdb

Imports

lib.i18n

?create@I18N@@SA?AV?$Ref@VI18N@@@@PEBD000_K@Z

svc.filesys

?open@File@Client@Filesystem@Services@@SA?AV?$Ref@VFile@Client@Filesystem@Services@@@@V?$Ref@VString@@@@I@Z
?search@Service@Client@Filesystem@Services@@SA?AV?$Ref@VString@@@@V5@0@Z
?parent@Service@Client@Filesystem@Services@@SA?AV?$Ref@VString@@@@V5@_N@Z
?resolveSubsts@Service@Client@Filesystem@Services@@SA?AV?$Ref@VString@@@@V5@@Z
?name@Service@Client@Filesystem@Services@@SA?AV?$Ref@VString@@@@V5@@Z

lib.syslog

?id@SysLogFilter@@SA_K_K@Z
?procName@SysLog@@SAXV?$Ref@VString@@@@@Z
?level@SysLogFilter@@SA_KXZ
?state@SysLogFilter@@SA_N_K@Z
?reg@SysLogFilter@@SA_KPEBD@Z
?stdOutPrinter@SysLogStream@@SA?AV?$Ref@VSysLogStream@@@@XZ

lib.zlib.1.2

inflateInit_
inflate
inflateEnd

lib.stdc

clock
memcmp
arc4random_buf
realloc
abort
fprintf
_getstderr
calloc
clock_gettime
free
malloc

svc.node

?create@Stream@Providers@Nodes@Services@@SA?AV?$Ref@VStream@Interfaces@@@@V?$Ref@VProvider@Nodes@Services@@@@@Z

lib.io.char

?trim@StringUtil@@SA?AV?$Ref@VString@@@@AEBV2@@Z
?split@StringUtil@@SA?AV?$Ref@V?$TVector@V?$Ref@VString@@@@@@@@AEBV?$Ref@VString@@@@I_K@Z
?num@StrConv@@SA_NV?$Ref@VString@@@@PEA_K0@Z
?num@StrConv@@SA_NV?$Ref@VString@@@@PEAI_K0@Z
?create@CharPrinter@@SA?AV?$Ref@VCharPrinter@@@@V?$Ref@VCharWriter@@@@@Z
?stdOut@StdIO@@SAXV?$Ref@VStream@Interfaces@@@@@Z
?create@CharWriter@@SA?AV?$Ref@VCharWriter@@@@V?$Ref@VStream@Interfaces@@@@_K@Z
?str@StrConv@@SA?AV?$Ref@VString@@@@_K@Z

svc.binary

?call@Binary@@SAIV?$Ref@VString@@@@IPEAV2@_KV?$Ref@VEnv@@@@@Z
?arg@Binary@@SA?AV?$Ref@VString@@@@_K@Z
?argCount@Binary@@SA_KXZ
?create@Env@@SA?AV?$Ref@VEnv@@@@XZ
?defaultPath@Env@@SA?AV?$Ref@VString@@@@XZ
?env@Binary@@SA?AV?$Ref@VEnv@@@@XZ

svc.event

?create@DeviceNode@@SA?AV?$Ref@VDeviceNode@@@@XZ
?create@DeviceServer@@SA?AV?$Ref@VDeviceServer@@@@XZ

svc.terminal

?create@TerminalScreen@@SA?AV?$Ref@VTerminalScreen@@@@_K@Z

system

?create@String@@SA?AV?$Ref@VString@@@@XZ
?set@Error@@SAXI@Z
??1Object@@MEAA@XZ
?selfTest@Object@@UEAA_NV?$Ref@VStream@Interfaces@@@@@Z
?dump@Object@@UEAAXV?$Ref@VStream@Interfaces@@@@@Z
?_selfTest@Object@@UEAA_NV?$Ref@VStream@Interfaces@@@@@Z
?_dump@Object@@UEAAXV?$Ref@VStream@Interfaces@@@@@Z
?gcproxy@Object@@UEAAPEAVGcProxy@@XZ
?obj@Object@@UEAA?AV?$Ref@VObject@@@@XZ
?counterRef@Object@@UEAA_KXZ
?unlockRef@Object@@UEAAXXZ
?lockRef@Object@@UEAAXXZ
?exit@Proc@@SAXI@Z
?incRef@Object@@UEAAXXZ
??0Object@@QEAA@XZ
?bootParameter@Sys@@SA?AV?$Ref@VString@@@@XZ
?fill8@Mem@@SAXPEAX_KE@Z
?copy@Mem@@SAXPEBXPEAX_K@Z
?free@Heap@@SAXPEAX@Z
?alloc@Heap@@SAPEAX_K@Z
?create@String@@SA?AV?$Ref@VString@@@@PEBE_K1@Z
?create@Con@@SA?AV?$Ref@VCon@@@@_K@Z
?create@OutMsg@@SA?AV?$Ref@VOutMsg@@@@XZ
?create@Chn@@SA?AV?$Ref@VChn@@@@V?$Ref@VConMan@@@@@Z
?cancelled@Thd@@SA_NXZ
?_do_call_once@InitCode@@CAXAEAUOnceFlag@1@P6AXPEAX@Z1@Z
?free@Heap@@SAXPEAX_K0@Z
?free@Heap@@SAXPEAX_K01@Z
?alloc@Heap@@SAPEAX_K0PEAX@Z
?lock@InitCode@@SAXXZ
?unlock@InitCode@@SAXXZ
?setExitCode@Proc@@SAII@Z
?equal@Mem@@SA_NPEBX0_K@Z
?create@Thd@@SA?AV?$Ref@VThd@@@@V?$Ref@VExec@@@@I_K1V?$Ref@VString@@@@@Z
?out@Debug@@SA?AV?$Ref@VStream@Interfaces@@@@XZ
?create@Sem@@SA?AV?$Ref@VSem@@@@_K@Z
??_7type_info@@6B@
?current@Proc@@SA_KXZ
?decRef@Object@@UEAAXXZ
?create@String@@SA?AV?$Ref@VString@@@@PEBD_K1@Z

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17d7fa668e080329c4276af297273ecf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

lib.i18n

svc.filesys

lib.syslog

lib.zlib.1.2

lib.stdc

svc.node

lib.io.char

svc.binary

svc.event

svc.terminal

system

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 1024B - Virtual size: 11KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 872B

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 1024B - Virtual size: 11KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 1024B - Virtual size: 860B