8da560bf9bf40a41dc174000dfb1f0c09d7e69ec5433d3320a53c21f015892d5_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8da560bf9bf40a41dc174000dfb1f0c09d7e69ec5433d3320a53c21f015892d5_NeikiAnalytics.exe
Size

6KB
MD5

c6912b019ee780cc5291a13d238d9870
SHA1

a5d6a948a49d8ab69fd2abe9747ae662f8c05ecd
SHA256

8da560bf9bf40a41dc174000dfb1f0c09d7e69ec5433d3320a53c21f015892d5
SHA512

a413a6a0658640e0c33bc5bac825bb32b12a3e54b3a40aa2046d5a114accaeb2c2f687147db9cf8f3032bc3c3aac9ded00e0aad646ffa091a48ae2521e0615c4
SSDEEP

96:oz6LzW/D/MVSXvTE/iuoZoJ0ufov7h1pwlBzY04DrkA:oezW/QkLPuo+JW6zYl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8da560bf9bf40a41dc174000dfb1f0c09d7e69ec5433d3320a53c21f015892d5_NeikiAnalytics.exe

Files

8da560bf9bf40a41dc174000dfb1f0c09d7e69ec5433d3320a53c21f015892d5_NeikiAnalytics.exe
.sys windows:4 windows x86 arch:x86

a774d066c727347595054ce367cfb384

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwSetValueKey
wcslen
RtlInitUnicodeString
ZwOpenKey
ExFreePoolWithTag
RtlQueryRegistryValues
RtlAppendUnicodeStringToString
ZwEnumerateKey
ZwQueryKey
memset
RtlCopyUnicodeString
ExAllocatePoolWithTag
IoCreateFile
ZwWriteFile
memcpy
ZwQueryValueKey
ZwSetInformationFile
wcsncat
ZwCreateKey

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ