6b2096671272fe57aa36cd39363531b2e6500aeb10abe72c8b5b45bd24ff3501_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6b2096671272fe57aa36cd39363531b2e6500aeb10abe72c8b5b45bd24ff3501_NeikiAnalytics.exe
Size

4.8MB
MD5

a6c3cd5d76c7b6fbdc9d1a286333c0c0
SHA1

9a0013a1a5b2feb5b4ec0fbdf353d225d12d5eda
SHA256

6b2096671272fe57aa36cd39363531b2e6500aeb10abe72c8b5b45bd24ff3501
SHA512

27f373feb211f265a64d946f3a09d9545e4b91d2baa14cd16b5f6207fb91ff39baea3876222a9bad1a690fa345ebaec5d76c1461d40d32a6e05c251c043db906
SSDEEP

49152:qZO3kmpLf/R0ZtRUtfikIYS/3q4OWtLx6ySRIkVXaRd6QKEqUzhNv9l7AK3t94c6:qZO3SOVKV9WwtejBoSvUu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b2096671272fe57aa36cd39363531b2e6500aeb10abe72c8b5b45bd24ff3501_NeikiAnalytics.exe

Files

6b2096671272fe57aa36cd39363531b2e6500aeb10abe72c8b5b45bd24ff3501_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

45721fde4a97983be5fba064c20c5375

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Far.pdb

Imports

kernel32

SetLastError
GetConsoleAliasW
GetLastError
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasesLengthW
GetConsoleAliasesW
AddConsoleAliasW
GetConsoleDisplayMode
GetLargestConsoleWindowSize
SetConsoleActiveScreenBuffer
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
ScrollConsoleScreenBufferW
CreateConsoleScreenBuffer
GetCurrentProcessId
SetThreadExecutionState
GetCalendarInfoW
GetTimeZoneInformation
GetDiskFreeSpaceW
GetLogicalDrives
GetCurrentThreadId
DisconnectNamedPipe
CreateNamedPipeW
GetCurrentProcess
CreateJobObjectW
SetInformationJobObject
ConnectNamedPipe
GetOverlappedResult
TerminateProcess
AssignProcessToJobObject
GetExitCodeProcess
WaitNamedPipeW
OpenProcess
DuplicateHandle
WideCharToMultiByte
MultiByteToWideChar
ResumeThread
FileTimeToSystemTime
GetModuleHandleW
GetLocaleInfoW
GetUserDefaultLCID
GlobalMemoryStatusEx
GetCommandLineW
OpenThread
SuspendThread
GetThreadContext
RaiseException
SetUnhandledExceptionFilter
GetCurrentThread
HeapAlloc
GetProcessHeap
HeapFree
CreateProcessW
ReadDirectoryChangesW
SetVolumeMountPointW
DefineDosDeviceW
GetSystemPowerStatus
ExitThread
SetStdHandle
PeekNamedPipe
GetTempFileNameW
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
SetErrorMode
FormatMessageW
GetPrivateProfileStringW
GetComputerNameW
GetComputerNameExW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetSystemTimeAsFileTime
GetSystemTime
GetLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
Sleep
GetProcessTimes
GetTimeFormatW
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
ReleaseMutex
CreateEventW
SetEvent
ResetEvent
CreateTimerQueueTimer
DeleteTimerQueueTimer
IsDebuggerPresent
DebugBreak
OutputDebugStringW
VirtualQuery
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
FindClose
FindVolumeClose
GetDriveTypeW
GetConsoleCursorInfo
FindFirstVolumeW
FindNextVolumeW
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
GetFileInformationByHandle
DeviceIoControl
CreateFileW
CreateDirectoryExW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateHardLinkW
CopyFileExW
MoveFileExW
FlushConsoleInputBuffer
ReplaceFileW
GetDiskFreeSpaceExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
SearchPathW
GetTempPathW
GetModuleFileNameW
LocalFree
GetSystemInfo
GetProcessHeaps
ReadProcessMemory
GetVersionExW
SetFileApisToOEM
SetFileApisToANSI
CompareStringW
FoldStringW
GetStringTypeW
GetNumberFormatW
LCMapStringW
HeapSize
WriteConsoleW
ReadConsoleW
SetConsoleTextAttribute
WriteConsoleOutputW
ReadConsoleOutputW
WriteConsoleInputW
ReadConsoleInputW
PeekConsoleInputW
GetConsoleFontSize
GetCurrentConsoleFont
SetConsoleMode
SetConsoleCtrlHandler
SetConsoleOutputCP
GetConsoleOutputCP
SetConsoleCP
GetConsoleCP
SetConsoleTitleW
SetConsoleScreenBufferSize
SetConsoleCursorPosition
GetConsoleWindow
FreeConsole
AllocConsole
FlushFileBuffers
WriteFile
ReadFile
GetStdHandle
GetConsoleMode
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
GetPrivateProfileIntW
EnumSystemCodePagesW
GetCPInfo
GetCPInfoExW
GetOEMCP
GetACP
VerSetConditionMask
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
EnumSystemLocalesW
RtlUnwind
IsValidLocale
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
CreateThread
GetFileType
VirtualProtect
VirtualAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
DecodePointer
EncodePointer
SwitchToThread
QueryPerformanceFrequency
QueryPerformanceCounter
RtlPcToFileHeader
GetNumberOfConsoleInputEvents
MoveFileW
SetConsoleCursorInfo
GetCompressedFileSizeW
VerifyVersionInfoW

advapi32

EncryptFileW
SetEntriesInAclW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
InitializeAcl
SetFileSecurityW
GetFileSecurityW
DecryptFileW
GetSecurityDescriptorLength
GetUserNameW
IsTextUnicode
SetNamedSecurityInfoW
LookupAccountNameW
ConvertStringSidToSidW
IsValidSid
GetSecurityDescriptorOwner
EqualSid
CopySid
GetLengthSid
ConvertSidToStringSidW
LookupAccountSidW
SetSecurityInfo
GetSecurityInfo
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

user32

GetAsyncKeyState
SendMessageW
GetDoubleClickTime
IsIconic
IsZoomed
GetSystemMetrics
ScreenToClient
GetKeyboardLayout
LoadImageW
GetWindow
GetClassNameW
keybd_event
MapVirtualKeyExW
SystemParametersInfoW
VkKeyScanExW
IsCharUpperW
MessageBeep
PostMessageW
IsWindowVisible
GetKeyState
GetWindowThreadProcessId
GetWindowTextLengthW
DispatchMessageW
GetWindowTextW
GetKeyboardLayoutList
ToUnicodeEx
GetProcessWindowStation
GetUserObjectInformationW
OpenClipboard
GetOpenClipboardWindow
CloseClipboard
EmptyClipboard
SetClipboardData
RegisterClipboardFormatW
IsClipboardFormatAvailable
EnumClipboardFormats
GetClipboardData
GetAncestor
GetLastActivePopup
GetWindowLongPtrW
EnumWindows
SetForegroundWindow
ShowWindowAsync
CharToOemBuffA
GetCursorPos
OemToCharBuffA
CharUpperBuffA
CharLowerBuffA
IsCharAlphaA
IsCharLowerA
IsCharUpperA
IsCharAlphaNumericA
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
CharUpperBuffW
CharLowerBuffW
GetWindowInfo
FlashWindowEx
PostQuitMessage
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
GetMessageW
TranslateMessage

shell32

CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW
SHGetDesktopFolder
ShellExecuteExW

netapi32

NetUserGetInfo
NetApiBufferFree
NetServerGetInfo

winspool.drv

StartDocPrinterW
OpenPrinterW
EnumPrintersW
EndDocPrinter
ClosePrinter
WritePrinter
ord203

mpr

WNetCloseEnum
WNetOpenEnumW
WNetAddConnection2W
WNetGetConnectionW
WNetGetUniversalNameW
WNetCancelConnection2W
WNetEnumResourceW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
GetRunningObjectTable
CreateFileMoniker
CoCreateInstance

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW

secur32

GetUserNameExW

setupapi

CM_Get_Sibling
CM_Request_Device_EjectW
CM_Get_Child
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_Status
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
CM_Get_Device_IDW
CM_Locate_DevNodeW
SetupDiDestroyDeviceInfoList

rpcrt4

UuidCreate
UuidHash

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

comdlg32

ChooseColorW
CommDlgExtendedError

imm32

ImmGetDefaultIMEWnd

sqlite3

sqlite3_bind_int
sqlite3_step
sqlite3_reset
sqlite3_clear_bindings
sqlite3_db_handle
sqlite3_finalize
sqlite3_shutdown
sqlite3_initialize
sqlite3_column_int
sqlite3_free
sqlite3_errmsg
sqlite3_db_filename
sqlite3_bind_text
sqlite3_system_errno
sqlite3_extended_errcode
sqlite3_mutex_leave
sqlite3_db_mutex
sqlite3_mutex_enter
sqlite3_column_int64
sqlite3_column_blob
sqlite3_column_type
sqlite3_extended_result_codes
sqlite3_close
sqlite3_busy_handler
sqlite3_open_v2
sqlite3_backup_finish
sqlite3_bind_int64
sqlite3_bind_blob
sqlite3_error_offset
sqlite3_expanded_sql
sqlite3_sql
sqlite3_column_text
sqlite3_errstr
sqlite3_column_bytes
sqlite3_backup_init
sqlite3_backup_step
sqlite3_prepare_v3
sqlite3_last_insert_rowid
sqlite3_create_collation
sqlite3_config
sqlite3_libversion

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 699KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45721fde4a97983be5fba064c20c5375

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

shell32

netapi32

winspool.drv

mpr

ole32

psapi

secur32

setupapi

rpcrt4

version

userenv

comdlg32

imm32

sqlite3

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 699KB - Virtual size: 699KB

.data Size: 109KB - Virtual size: 548KB

.pdata Size: 123KB - Virtual size: 122KB

.rsrc Size: 247KB - Virtual size: 247KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 699KB - Virtual size: 699KB

.data
Size: 109KB - Virtual size: 548KB

.pdata
Size: 123KB - Virtual size: 122KB

.rsrc
Size: 247KB - Virtual size: 247KB

.reloc
Size: 15KB - Virtual size: 15KB