23b20eb03b42e75f2a7982e8367302ce25403d7f4cab3f8dd514018002a2b5d4_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

23b20eb03b42e75f2a7982e8367302ce25403d7f4cab3f8dd514018002a2b5d4_NeikiAnalytics.exe
Size

2.4MB
MD5

f77f1f4626359f9012cc63c313912bf0
SHA1

ae1ac12fe2dd21388f37d8786c1d466dab2a9129
SHA256

23b20eb03b42e75f2a7982e8367302ce25403d7f4cab3f8dd514018002a2b5d4
SHA512

cedce5872a3fdfeb4c6ce8b0a2a07084378080bb3ba3182859122103155e8a58e912e58ead305fb797d416a70635df4f3c54dc14f1eee3ad2a1abce70329f871
SSDEEP

24576:e2FB/asBgThwh8NvenShjRa5kjeyKQcMPNS/zR+uccQqi8HMzD:e2L1StwSNven8RGk6fQcMazcuq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23b20eb03b42e75f2a7982e8367302ce25403d7f4cab3f8dd514018002a2b5d4_NeikiAnalytics.exe

Files

23b20eb03b42e75f2a7982e8367302ce25403d7f4cab3f8dd514018002a2b5d4_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

175730873bf84ac64b2baefc0565a6f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\BuildAgent\work\5cf4966f7153f0e8\src\win-async\build-x64\RelWithDebInfo\libasyncProfiler.pdb

Imports

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlCaptureStackBackTrace
ZwQueryInformationThread
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwind

ws2_32

ntohs
ntohl
htons
htonl

winmm

timeEndPeriod
timeBeginPeriod

kernel32

GetTimeZoneInformation
GetEnvironmentVariableA
GetLastError
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryExA
LoadLibraryA
GetModuleHandleA
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
GetProcessTimes
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimes
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GetModuleFileNameA
K32EnumProcessModules
K32GetModuleInformation
GetCurrentThread
IsValidCodePage
TlsSetValue
GetThreadId
SuspendThread
ResumeThread
GetThreadContext
GetThreadTimes
SetLastError
TlsAlloc
TlsFree
LoadLibraryExW
LoadLibraryW
CloseHandle
OpenThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateFileA
ReadFile
SetThreadContext
FlushInstructionCache
VirtualProtect
VirtualProtectEx
VirtualQueryEx
GetModuleHandleW
SetEndOfFile
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
TlsGetValue
RemoveDirectoryW
SetStdHandle
GetFileSizeEx
FlushFileBuffers
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
HeapReAlloc
SetFileAttributesW
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleFileNameW
GetVersionExW
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
WaitForSingleObject
RaiseException
SetFilePointerEx
WriteFile
GetConsoleCP
GetConsoleMode
GetFileType
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
ReadConsoleW
ExitThread
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
GetStdHandle
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize

advapi32

EventWrite
EventUnregister
EventRegister
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegGetValueA

Exports

Exports

Agent_OnAttach
Agent_OnLoad
JNI_OnLoad
JNI_OnUnload
Java_one_profiler_AsyncProfiler_execute0
Java_one_profiler_AsyncProfiler_filterThread0
Java_one_profiler_AsyncProfiler_getSamples
Java_one_profiler_AsyncProfiler_start0
Java_one_profiler_AsyncProfiler_stop0

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

175730873bf84ac64b2baefc0565a6f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

ws2_32

winmm

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 459KB - Virtual size: 458KB

.data Size: 61KB - Virtual size: 77KB

.pdata Size: 87KB - Virtual size: 87KB

.idata Size: 9KB - Virtual size: 9KB

.detourc Size: 11KB - Virtual size: 10KB

.detourd Size: 512B - Virtual size: 284B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 459KB - Virtual size: 458KB

.data
Size: 61KB - Virtual size: 77KB

.pdata
Size: 87KB - Virtual size: 87KB

.idata
Size: 9KB - Virtual size: 9KB

.detourc
Size: 11KB - Virtual size: 10KB

.detourd
Size: 512B - Virtual size: 284B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB