5d5ef6e15012770e048d9eef5ddba23e625b1d96c5823df80a67ca31b9802c98_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5d5ef6e15012770e048d9eef5ddba23e625b1d96c5823df80a67ca31b9802c98_NeikiAnalytics.exe
Size

162KB
MD5

93c5c958e8bfdbb2782af14e06253cf0
SHA1

8bd9d66ef395153b41373b5ad96bc75198be61e9
SHA256

5d5ef6e15012770e048d9eef5ddba23e625b1d96c5823df80a67ca31b9802c98
SHA512

356fe03f4f0fee298e6e681b869dcb37a3f41eb5d0bbaa138b6a7aed90b39633618a3af2ddd67b411701fb8f62c6723a4aa0aa10f2dcbf3c035eaee2f8d60027
SSDEEP

3072:G0B1dTtbec2S+ps7aFJmgq93EWy3oaEYSI3xU3NtMfnyFyHGI:jBbtbatSazoZEZttAQfKyb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d5ef6e15012770e048d9eef5ddba23e625b1d96c5823df80a67ca31b9802c98_NeikiAnalytics.exe

Files

5d5ef6e15012770e048d9eef5ddba23e625b1d96c5823df80a67ca31b9802c98_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

492aed0bf230f2fd476cd21f569a3b54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SVN\rczip\bin\win32\release\pdb\HaoZipUpdate.pdb

Imports

kernel32

GetProcAddress
GetModuleFileNameW
FreeLibrary
CloseHandle
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
CreateFileW
DeleteCriticalSection
ExpandEnvironmentStringsW
GetComputerNameW
WriteFile
EnterCriticalSection
ReadFile
SetFilePointer
InitializeCriticalSection
GetFileSizeEx
GetVersionExW
LoadLibraryA
LeaveCriticalSection
GetFileAttributesExW
lstrcmpiW
lstrcatW
lstrcpyW
lstrlenW
GetLocaleInfoA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapReAlloc
VirtualAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

492aed0bf230f2fd476cd21f569a3b54

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 17KB - Virtual size: 16KB

.erdata Size: 68KB - Virtual size: 68KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 17KB - Virtual size: 16KB

.erdata
Size: 68KB - Virtual size: 68KB