5b5438e771bb5644291cc03d00f2e8662621cbea33db6b6c51899cc2b9f838a8_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5b5438e771bb5644291cc03d00f2e8662621cbea33db6b6c51899cc2b9f838a8_NeikiAnalytics.exe
Size

232KB
MD5

37e7d47ff45fea5dc6a2e943b7bb8e30
SHA1

345eb0bffc36f70932bf5f17c921824e3d29dbdf
SHA256

5b5438e771bb5644291cc03d00f2e8662621cbea33db6b6c51899cc2b9f838a8
SHA512

05563bcf19c49d3fb3508e659f497a18cc4768d278a0e739582b08b3229a6bd19a58232cef96e6fdc2be2d0d1eda1270d21bead2dc0683357393373f75503498
SSDEEP

6144:xa7h5wjMm4t+c/OqvW0UiYslKPeJFegEv+2Vo3cMG:s7TwwmkWzuHKqeg+nqsMG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b5438e771bb5644291cc03d00f2e8662621cbea33db6b6c51899cc2b9f838a8_NeikiAnalytics.exe

Files

5b5438e771bb5644291cc03d00f2e8662621cbea33db6b6c51899cc2b9f838a8_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

eb55c6ba12ed710efb6047cdd2ba4ae4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

recdisc.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CloseTrace
RegOpenKeyExW
OpenProcessToken
RegCreateKeyExW
DuplicateToken
RegSetValueExW
RegQueryValueExW
CreateWellKnownSid
GetTokenInformation
CheckTokenMembership
StartTraceW
EnableTrace
ControlTraceW

kernel32

GetModuleHandleW
CreateThread
FreeLibrary
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetDriveTypeW
MoveFileExW
CreateFileW
DeviceIoControl
WakeAllConditionVariable
GetFileMUIPath
GetLogicalDriveStringsW
GetTempPathW
CreateEventW
DeleteCriticalSection
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
SetErrorMode
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetLastError
GetCommandLineW
LocalFree
CloseHandle
LoadLibraryExW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetVolumeNameForVolumeMountPointW
FormatMessageW
FindClose
FindNextFileW
FindFirstFileW

user32

LoadIconW
EnableWindow
ShowWindow
SetWindowTextW
PostMessageW
SetWindowLongW
GetDlgItem
IsWindow
GetWindowLongW
GetSystemMetrics
SendMessageW
DestroyIcon
DialogBoxParamW
GetLastActivePopup
MessageBoxW
EndDialog
SetFocus
RegisterWindowMessageW
ChangeWindowMessageFilterEx
LoadStringW

msvcrt

??3@YAXPAX@Z
_vsnwprintf
??_V@YAXPAX@Z
memcpy
wcsrchr
memmove
wcsstr
iswspace
_vscwprintf
??_U@YAPAXI@Z
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
_snwscanf_s
_wcsupr
strncmp
wcsnlen
_wcslwr
wcscat_s
swprintf_s
wcscpy_s
_ultow_s
wcstoul
_wcsnicmp
memset
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_wcsicmp
??2@YAPAXI@Z
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
wcschr
_acmdln

shell32

SHGetFileInfoW
SHParseDisplayName
SHGetDesktopFolder
ord155
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

DispCallFunc
LoadRegTypeLi
VariantClear
SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ord345
ord344

spp

SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail

shlwapi

StrRetToBufW
SHCreateStreamOnFileW
SHCreateStreamOnFileEx

ntdll

RtlInitUnicodeString
WinSqmAddToStream
RtlFreeHeap
NtQuerySystemInformation
RtlGetLastNtStatus
RtlNtStatusToDosError
EtwTraceMessage
LdrGetDllHandle
NtQueryInformationFile
NtResetEvent
RtlGetVersion
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtAllocateUuids
NtSetInformationFile
RtlAllocateHeap
NtClose
NtWaitForSingleObject
NtDeviceIoControlFile
NtCreateEvent
NtOpenFile
RtlStringFromGUID
RtlFreeUnicodeString
RtlGUIDFromString
NtOpenKey
NtEnumerateKey
NtQueryKey
NtQueryAttributesFile
NtUnloadKey
NtLoadKey
NtAdjustPrivilegesToken
NtOpenProcessToken
NtOpenThreadToken
RtlFreeSid
RtlSetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetSecurityObject
NtCreateKey
NtDeleteValueKey
NtQueryValueKey
NtSetValueKey
NtDeleteKey
LdrGetProcedureAddress
RtlInitAnsiString

reagent

WinReGetConfig

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb55c6ba12ed710efb6047cdd2ba4ae4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

oleaut32

comctl32

spp

shlwapi

ntdll

reagent

Sections

.text Size: 127KB - Virtual size: 127KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 66KB - Virtual size: 65KB

.reloc Size: 36KB - Virtual size: 37KB

.text
Size: 127KB - Virtual size: 127KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 66KB - Virtual size: 65KB

.reloc
Size: 36KB - Virtual size: 37KB