6a142d856edd673358f738d45896cc02d499a7252f6df1303f68ceb9ff14ff1e_NeikiAnalytics[.]exe

General

Target

6a142d856edd673358f738d45896cc02d499a7252f6df1303f68ceb9ff14ff1e_NeikiAnalytics.exe
Size

72KB
MD5

aeac46d28570ad5bdfb067ec485bbaa0
SHA1

b5d7f1a65c272289a664e6b4e09764c6f87f4dd7
SHA256

6a142d856edd673358f738d45896cc02d499a7252f6df1303f68ceb9ff14ff1e
SHA512

3032334296e736465b9622541aa09e0587aa7eda4daee7b6bce1ad9b043455e7d7f01d35adb4ed7016fc38f00326a73c56dd84d2468ed685f11463ecc067771f
SSDEEP

768:SUFvaCp62un+thHMThRjkTXYowNmMKsA7FisItDuyYQb/QJ6KhIDjkbFZWI:SCpxDk4TXYVmds8IttYQLPKh7bjN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a142d856edd673358f738d45896cc02d499a7252f6df1303f68ceb9ff14ff1e_NeikiAnalytics.exe

Files

6a142d856edd673358f738d45896cc02d499a7252f6df1303f68ceb9ff14ff1e_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

b12f3fff8c072d55c549490b621ea0d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
lstrcatA
Sleep
CopyFileA
lstrcpyA
CreateDirectoryA
HeapReAlloc
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
IsBadCodePtr

user32

wsprintfA

Exports

Exports

XWSA_GetErrorCode
XWSA_GetErrorString
XWSA_GetErrorStringSize
XWSA_GetLongDescription
XWSA_GetLongDescriptionSize
XWSA_GetShortDescription
XWSA_GetShortDescriptionSize
formplat

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b12f3fff8c072d55c549490b621ea0d0

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 28KB - Virtual size: 29KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 28KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 3KB