90746c23ef9efba25567aaf8df80be1b35c4c0e7979cb1afd6a527cef8e4517b_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

90746c23ef9efba25567aaf8df80be1b35c4c0e7979cb1afd6a527cef8e4517b_NeikiAnalytics.exe
Size

9.1MB
MD5

947cd7fa56fdb5f2e1d465cd4f4cca30
SHA1

71c06a21bfc98b443e5a2fb41738ce92abb0b8e5
SHA256

90746c23ef9efba25567aaf8df80be1b35c4c0e7979cb1afd6a527cef8e4517b
SHA512

5737d3f7923c8e2cd50a06be0574620e2177b6f25b349e762f7ad3a691756e626844f4a0aac56f10657bc0dcdfe3e49a01a0734ecf0d93f429be1de61eaa024d
SSDEEP

98304:FtBop8wWbd0OsO38kXWKK/5DgDumI2R39mzZU:FtBoewWbGOV3FmKKkTz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90746c23ef9efba25567aaf8df80be1b35c4c0e7979cb1afd6a527cef8e4517b_NeikiAnalytics.exe

Files

90746c23ef9efba25567aaf8df80be1b35c4c0e7979cb1afd6a527cef8e4517b_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

69217f94f683c1be39221aecb05d88fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymGetSymFromAddr64
UnDecorateSymbolName
SymGetLineFromAddr64
SymGetModuleInfo64
SymInitialize
SymGetOptions
SymSetOptions
SymGetModuleBase64
SymFunctionTableAccess64
StackWalk64
SymLoadModule64
SymCleanup

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
SetNamedSecurityInfoA
GetNamedSecurityInfoA
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenThreadToken
RevertToSelf
ImpersonateSelf

kernel32

SetHandleInformation
CreateDirectoryA
RemoveDirectoryA
GetModuleFileNameA
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
SetEnvironmentVariableA
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
GetFileAttributesA
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
GetFileSize
UnmapViewOfFile
FindClose
FindFirstFileA
SetFileTime
CreateFileA
LocalFree
FormatMessageA
CreateFileMappingA
OpenFileMappingA
GetStdHandle
SetFileAttributesA
GetFileAttributesExA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetVolumeInformationA
MapViewOfFile
SetEndOfFile
FindNextFileA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
CreateSemaphoreA
SwitchToThread
WaitForMultipleObjects
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
LoadLibraryA
SetErrorMode
FreeLibrary
GetProcAddress
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
GlobalMemoryStatusEx
Sleep
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
RtlCaptureContext
GetCurrentThread
GetExitCodeThread
DuplicateHandle
ResumeThread
SetThreadPriority
CreateThread
TlsFree
TerminateProcess
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetModuleHandleW
GetDriveTypeA
FindFirstFileExA
DeleteFileA
MoveFileA
HeapAlloc
HeapReAlloc
LCMapStringW
GetCPInfo
HeapSize
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
RtlVirtualUnwind
HeapSetInformation
GetVersion
HeapCreate
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetTickCount
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
GetConsoleCP
GetConsoleMode
CreateFileW
SetFilePointer
SetEnvironmentVariableW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
GetStringTypeW
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
WriteConsoleW
SetStdHandle
GetProcessHeap
GetDriveTypeW
LocalAlloc

ws2_32

gethostname
gethostbyname
htonl
inet_addr
ioctlsocket
setsockopt
WSACloseEvent
closesocket
WSASetEvent
WSAEventSelect
WSAResetEvent
htons
ntohl
gethostbyaddr
WSAEnumNetworkEvents
getsockopt
recv
WSACreateEvent
connect
send
socket
getpeername
WSAGetLastError
WSAStartup
getsockname
ntohs

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 49B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69217f94f683c1be39221aecb05d88fd

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

advapi32

kernel32

ws2_32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 159KB - Virtual size: 235KB

.pdata Size: 220KB - Virtual size: 219KB

.tls Size: 512B - Virtual size: 49B

text Size: 4KB - Virtual size: 3KB

data Size: 13KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 129KB - Virtual size: 129KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 159KB - Virtual size: 235KB

.pdata
Size: 220KB - Virtual size: 219KB

.tls
Size: 512B - Virtual size: 49B

text
Size: 4KB - Virtual size: 3KB

data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 129KB - Virtual size: 129KB