92b85bc3e54bb5261c86014b67bd2643baae384075a209130c89b516a54a2bba_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

92b85bc3e54bb5261c86014b67bd2643baae384075a209130c89b516a54a2bba_NeikiAnalytics.exe
Size

2.4MB
MD5

e6a6d561f76d78ee2b15837d93b520a0
SHA1

b036e2293c962ff181a9ad3a08cc1aab7e7f992a
SHA256

92b85bc3e54bb5261c86014b67bd2643baae384075a209130c89b516a54a2bba
SHA512

f8d9b9d9fa6820d14f208458abcda298857637172bdf1e0639e15deb659303a341fec00611a910b956715741775950ad9a9bba4192a9c3e1e08afba1a92510c5
SSDEEP

24576:tH3Y7H5DIifiFvLXqhasKHRqdhBZfJMJmYGn5nXaAqZTzNZ6aviWyXP0ygBksRGS:q7JIiajjH4fJiGng1ZxbKJYg5TuQs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92b85bc3e54bb5261c86014b67bd2643baae384075a209130c89b516a54a2bba_NeikiAnalytics.exe

Files

92b85bc3e54bb5261c86014b67bd2643baae384075a209130c89b516a54a2bba_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

4c2ec05a221d0ced5b8700ecb7170833

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2W
WNetGetLastErrorW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
WNetCancelConnection2W

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

kernel32

GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetQueuedCompletionStatus
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadLocale
GetThreadPriority
GetThreadTimes
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
GetModuleHandleA
LockFile
LockFileEx
LockResource
lstrcatW
lstrcpyW
lstrlenW
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
GetOEMCP
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
GetStartupInfoA
SetFileTime
SetLastError
SetProcessPriorityBoost
SetProcessWorkingSetSize
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
SleepEx
SystemTimeToFileTime
TerminateProcess
TerminateThread
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
GetModuleFileNameW
GetModuleFileNameA
GetLocalTime
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileType
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesA
PeekNamedPipe
GetModuleHandleW
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryW
GetCPInfo
GetConsoleMode
GetConsoleCP
GetComputerNameW
GetComputerNameA
GetCommandLineW
GetACP
FreeLibraryAndExitThread
FreeEnvironmentStringsW
FormatMessageW
FormatMessageA
FlushViewOfFile
FlushFileBuffers
FindResourceW
FindResourceExW
FindResourceA
FindNextFileW
FindNextFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
ExitProcess
EnumSystemLocalesW
DuplicateHandle
DisconnectNamedPipe
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateMutexW
CreateMutexA
CreateIoCompletionPort
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CopyFileW
ConnectNamedPipe
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
CancelIo
AreFileApisANSI
GetSystemPowerStatus
GetStartupInfoW
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
LoadLibraryA
LocalFree
SetFilePointer

user32

GetDC
MessageBoxA
GetDesktopWindow
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
MessageBoxExA
MessageBoxW
wsprintfA
wsprintfW
GetAsyncKeyState

gdi32

GetDeviceCaps

rpcrt4

RpcStringFreeW
UuidToStringA
UuidToStringW
RpcStringFreeA

winspool.drv

GetJobW
ClosePrinter
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
OpenPrinterW
SetJobW
StartDocPrinterW

advapi32

OpenServiceW
UnlockServiceDatabase
StartServiceW
StartServiceCtrlDispatcherA
StartServiceA
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetKernelObjectSecurity
RevertToSelf
ReportEventW
ReportEventA
OpenSCManagerA
OpenProcessToken
OpenEventLogW
OpenBackupEventLogW
MakeSelfRelativeSD
MakeAbsoluteSD
LookupPrivilegeValueA
LookupAccountSidW
LookupAccountSidA
LookupAccountNameW
LookupAccountNameA
LogonUserW
LogonUserA
LockServiceDatabase
IsValidSid
IsValidSecurityDescriptor
IsValidAcl
InitializeSid
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidLengthRequired
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetLengthSid
GetKernelObjectSecurity
GetFileSecurityW
GetAclInformation
GetAce
FreeSid
FindFirstFreeAce
EqualSid
EnumServicesStatusW
EnumServicesStatusA
EnumDependentServicesW
DuplicateTokenEx
DestroyPrivateObjectSecurity
DeregisterEventSource
DeleteService
CreateServiceW
CopySid
ControlService
CloseServiceHandle
CloseEventLog
ClearEventLogW
ChangeServiceConfigW
ChangeServiceConfig2W
AreAllAccessesGranted
AllocateAndInitializeSid
AdjustTokenPrivileges
AddAce
AccessCheck
OpenThreadToken
QueryServiceConfigA
QueryServiceConfigW
QueryServiceLockStatusW
ReadEventLogW
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExA
RegEnumValueA
RegEnumValueW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
RegNotifyChangeKeyValue
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
OpenSCManagerW

ole32

CoTaskMemFree
CoUninitialize
PropVariantClear
StringFromGUID2
CoCreateInstance

msvcrt

_adjust_fdiv
__setusermatherr
_exit
__p__commode
exit
_acmdln
__getmainargs
_initterm
__p__fmode
__set_app_type
_controlfp
_XcptFilter
_except_handler3

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_ccore_7
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c2ec05a221d0ced5b8700ecb7170833

Headers

File Characteristics

Imports

mpr

version

kernel32

user32

gdi32

rpcrt4

winspool.drv

advapi32

ole32

msvcrt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 4.0MB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

_ccore_7 Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 4.0MB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

_ccore_7
Size: 1.3MB - Virtual size: 1.3MB