90503eb6dbf5732ce768f1ea8ee9ece567e5c32016c172e3a39715699ba6dd90_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

90503eb6dbf5732ce768f1ea8ee9ece567e5c32016c172e3a39715699ba6dd90_NeikiAnalytics.exe
Size

236KB
MD5

bb3dc80c7cd891eff9eb8e6cf051a090
SHA1

023b019965e9ca2587ec3a3e990bc41ddf6d8806
SHA256

90503eb6dbf5732ce768f1ea8ee9ece567e5c32016c172e3a39715699ba6dd90
SHA512

e8edb741408522477a19084f9f31dbeec327b58bbd09d83a7ba2de1da6dcf5d5949f9529670ac0a00e9c243e56c5d2637a5fb1ae64a9b18db1ffb838d23b84b2
SSDEEP

3072:Q3ZPEnj8Q+m2Q+4DLiCt75DFk5aY277EIDgfK4qr9jNrRrREHSTQczUD:Q3caQ+65DH77EIDgSRhxXEHSjs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90503eb6dbf5732ce768f1ea8ee9ece567e5c32016c172e3a39715699ba6dd90_NeikiAnalytics.exe

Files

90503eb6dbf5732ce768f1ea8ee9ece567e5c32016c172e3a39715699ba6dd90_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

f36cd52d4a2a7f99b6b1822b41d71f97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\SRINI\SDR\SDR - VS2005\Code\Bin\Release\ADService.pdb

Imports

kernel32

GetCurrentProcess
TlsGetValue
GetCommandLineA
CloseHandle
lstrcmpiA
SystemTimeToTzSpecificLocalTime
FreeLibrary
GetSystemTime
InterlockedExchange
MultiByteToWideChar
SetUnhandledExceptionFilter
FindFirstFileA
GetLocalTime
TlsFree
DeleteFileA
CreateFileMappingA
HeapAlloc
GetComputerNameA
TlsAlloc
MapViewOfFile
GetSystemTimeAsFileTime
UnmapViewOfFile
HeapFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetProcessHeap
TlsSetValue
LoadLibraryExA
GetFileSize
FindResourceA
InterlockedDecrement
CreateFileA
LoadResource
SetFilePointer
DeleteCriticalSection
SizeofResource
GetLastError
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
InterlockedIncrement
QueryPerformanceCounter
WriteFile
GetCurrentProcessId
InitializeCriticalSection
GetTickCount
FormatMessageA
lstrlenW
LeaveCriticalSection
IsDBCSLeadByte
GetCurrentThread
LocalFree
EnterCriticalSection
lstrlenA
WideCharToMultiByte
RaiseException
FindNextFileA
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
LoadLibraryA
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
VirtualFree
HeapCreate
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapReAlloc
VirtualProtect
VirtualAlloc
GetProcAddress
GetSystemInfo
VirtualQuery
GetStartupInfoA
RtlUnwind
SetLastError
Sleep
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
HeapDestroy

user32

LoadStringA
wsprintfA
PostThreadMessageA
MessageBoxA
UnregisterClassA
GetMessageA
DispatchMessageA
CharNextA
wvsprintfA

advapi32

RegQueryValueExA
SetSecurityDescriptorDacl
GetTokenInformation
RegisterServiceCtrlHandlerA
IsValidSid
GetLengthSid
CopySid
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
SetSecurityDescriptorOwner
StartServiceCtrlDispatcherA
SetSecurityDescriptorGroup
DeregisterEventSource
InitializeSecurityDescriptor
ReportEventA
RegisterEventSourceA
DeleteService
ControlService
CreateServiceA
SetServiceStatus
CloseServiceHandle
OpenServiceA
RegEnumKeyExA
OpenSCManagerA
RegDeleteValueA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
OpenThreadToken
RegDeleteKeyA

ole32

CoInitializeSecurity
CoTaskMemAlloc
CoRegisterClassObject
CoCreateInstance
CoInitializeEx
StringFromGUID2
CoRevokeClassObject
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemRealloc

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
VariantClear
GetErrorInfo
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f36cd52d4a2a7f99b6b1822b41d71f97

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 2KB