460d137fe2ee00db4ca36661fdecb836cebf27adb637d4c9c3122c0539fb88f3_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

460d137fe2ee00db4ca36661fdecb836cebf27adb637d4c9c3122c0539fb88f3_NeikiAnalytics.exe
Size

8.3MB
MD5

a1632785bc5090d628f8c74454a737d0
SHA1

cca10bbfbf00a06aeec784371bfcd51844f3d35f
SHA256

460d137fe2ee00db4ca36661fdecb836cebf27adb637d4c9c3122c0539fb88f3
SHA512

ca2acdae20fe0a0ee0b4ad88910018bb2ce37ecce9dae1f5f3cdbb8736b71d37c7964ef0adfdec89ab10cd5e7090d1f8152dfca5e51a8324f461f011f985f6c6
SSDEEP

196608:mMlt8Qo5W37C3jW5XUZcZirRJJu9VloqMYy9Sj3K:/K5W37C3jW5XUZcZirRJJu9VloqMha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
460d137fe2ee00db4ca36661fdecb836cebf27adb637d4c9c3122c0539fb88f3_NeikiAnalytics.exe

Files

460d137fe2ee00db4ca36661fdecb836cebf27adb637d4c9c3122c0539fb88f3_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

d7d391c80885e02386f291bb58ffb1f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymInitialize
SymFromAddr

tcl85

Tcl_CreateInterp
Tcl_FindExecutable
Tcl_EvalFile
Tcl_GetVar
Tcl_Eval
Tcl_GlobalEval
Tcl_SetVar2
Tcl_CreateCommand
Tcl_SetObjResult
Tcl_NewBooleanObj
Tcl_ListObjAppendElement
Tcl_NewStringObj
Tcl_NewListObj
Tcl_GetStringResult
Tcl_SetVar
Tcl_PrintDouble
Tcl_GetInt
Tcl_UnsetVar
Tcl_EvalEx
Tcl_GetDouble
Tcl_SetResult
Tcl_DeleteInterp
Tcl_AppendElement
Tcl_ResetResult

kernel32

ReadConsoleInputA
GetComputerNameA
SetConsoleMode
GetCurrentDirectoryA
GlobalMemoryStatus
GetProcessWorkingSetSize
GetStartupInfoA
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
CompareStringW
GetStringTypeW
HeapSize
SetStdHandle
RtlCaptureStackBackTrace
GetCurrentProcess
GetThreadTimes
GetVersionExA
GetCurrentThread
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
SetLastError
CreateFileA
TerminateProcess
GetProcessTimes
GetProcAddress
GetModuleHandleA
GetSystemInfo
GetLastError
GetConsoleTitleA
CreateDirectoryA
MoveFileA
DeleteFileA
CopyFileA
GetFileAttributesA
FindNextFileA
CreateEventA
SetEvent
GetCurrentThreadId
CreateThread
InitializeCriticalSection
GetCurrentProcessId
Sleep
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
GetStartupInfoW
HeapFree
GetModuleHandleW
ExitProcess
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeZoneInformation
GetDriveTypeW
GetFullPathNameA
GetCurrentDirectoryW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryA
SetFileAttributesA
FreeLibrary
LoadLibraryW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetFileInformationByHandle
PeekNamedPipe
ReadFile
SetFilePointer

user32

GetMessageTime
DispatchMessageA
TranslateMessage
GetActiveWindow
GetCapture
GetClipboardOwner
GetClipboardViewer
GetFocus
GetMessagePos
GetCaretPos
GetCursorPos
GetQueueStatus
PeekMessageA
MessageBoxA

advapi32

GetUserNameA
RegQueryValueExA

ole32

StringFromGUID2
CoCreateGuid

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7d391c80885e02386f291bb58ffb1f2

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

tcl85

kernel32

user32

advapi32

ole32

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 1.7MB - Virtual size: 11.8MB

.pdata Size: 251KB - Virtual size: 250KB

.tls Size: 33KB - Virtual size: 32KB

text Size: 7KB - Virtual size: 6KB

data Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 65KB - Virtual size: 65KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 1.7MB - Virtual size: 11.8MB

.pdata
Size: 251KB - Virtual size: 250KB

.tls
Size: 33KB - Virtual size: 32KB

text
Size: 7KB - Virtual size: 6KB

data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 65KB - Virtual size: 65KB