5899e05d0c0d6cda02762727470ee76a7c566052ca95961aa0a813491f976857_NeikiAnalytics[.]exe

General

Target

5899e05d0c0d6cda02762727470ee76a7c566052ca95961aa0a813491f976857_NeikiAnalytics.exe
Size

327KB
MD5

ff304c1c8435b05b3a727f80d03051e0
SHA1

eee0243f07a17e2ea06e51d64834252f75c4c3d1
SHA256

5899e05d0c0d6cda02762727470ee76a7c566052ca95961aa0a813491f976857
SHA512

dbbfcc50f6ab2f2d9f3ba86c8735d7a78ee2112c6a51c591e13ca3bd9c2c74d2e4bfcc21962b2d3d36ed2492256923ab3421b424141984435b517b23ca1f02f9
SSDEEP

6144:q5An6SP6uKp0RNzsGvHYIthfi2MwMolDpv0:v6r7pseQHu2eElc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5899e05d0c0d6cda02762727470ee76a7c566052ca95961aa0a813491f976857_NeikiAnalytics.exe

Files

5899e05d0c0d6cda02762727470ee76a7c566052ca95961aa0a813491f976857_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

3a88d23ba80646677f8d644831c4d8e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\项目代码_张为防(20141008)\foxwq\client\FoxWQ_QuickStart\Release\FoxWQ_QuickStart.pdb

Imports

kernel32

GetCommandLineW
CreateProcessW
WaitForSingleObject
OpenProcess
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId

shell32

ShellExecuteW

msvcr100

_commode
_fmode
__setusermatherr
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcsstr
wcsncpy
_wtoi
__set_app_type
memset

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a88d23ba80646677f8d644831c4d8e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

msvcr100

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 308KB - Virtual size: 307KB

.reloc Size: 12KB - Virtual size: 33KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 308KB - Virtual size: 307KB

.reloc
Size: 12KB - Virtual size: 33KB