913a01b664f02864c17f07a9431e104101a93d13ee38f18164f6b50a545b31af_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

913a01b664f02864c17f07a9431e104101a93d13ee38f18164f6b50a545b31af_NeikiAnalytics.exe
Size

167KB
MD5

dc123c507505a9a3a16d8823b2ef6bf0
SHA1

db3dbdf0524c6f025b2e277a5b49877f332bbd5c
SHA256

913a01b664f02864c17f07a9431e104101a93d13ee38f18164f6b50a545b31af
SHA512

ea213a5ee6616074aeb6d22e5a65b326c536c6881f0764fdcdac023d7c1c6a27e11ee6f25106087c48537836b5fbd8e74a47c41b6915575400e681ef7bd1223c
SSDEEP

3072:vfxdZpX4aAKaNH+AhIzGgJY1muiuax/Va13JO4L18:Hz4rNeAhIqgOUuzaxC5FL18

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
913a01b664f02864c17f07a9431e104101a93d13ee38f18164f6b50a545b31af_NeikiAnalytics.exe

Files

913a01b664f02864c17f07a9431e104101a93d13ee38f18164f6b50a545b31af_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

26bef7fe73d7f204515df262f620964e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TaskEng.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AddAce
InitializeAcl
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetLengthSid
IsValidSid
CopySid
GetAclInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegCloseKey
RegSetValueExW
RegOpenKeyExW
CheckTokenMembership
OpenThreadToken
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext
RegEnumKeyExW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegQueryValueW
EventRegister
EventActivityIdControl
EventEnabled
EventWriteTransfer
EventWrite
EventUnregister
CreateWellKnownSid
StartServiceW

kernel32

DebugBreak
GetCurrentDirectoryW
IsWow64Process
LocalAlloc
InitializeCriticalSectionAndSpinCount
CreateThread
CreateTimerQueueTimer
DeleteTimerQueueTimer
ExpandEnvironmentStringsW
LoadLibraryExW
FileTimeToLocalFileTime
FreeLibrary
SystemTimeToFileTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
LocalFree
ResetEvent
CreateWaitableTimerW
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
WaitForMultipleObjects
DeleteAtom
GetModuleHandleW
WaitForSingleObject
CancelWaitableTimer
SetWaitableTimer
SetEvent
EnterCriticalSection
SetProcessShutdownParameters
CreateEventW
RegisterWaitForSingleObject
GetLastError
Sleep
UnregisterWaitEx
CloseHandle
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
HeapSetInformation
CreateDirectoryW
SetThreadPreferredUILanguages
GetFileSizeEx
ReadFile
CreateFileW
UnregisterWait
OutputDebugStringW
DuplicateHandle
CreateProcessW
lstrlenW
HeapSize
HeapReAlloc
TerminateThread
GetFileAttributesW
SearchPathW
GetThreadPriority
GetExitCodeProcess
ResumeThread

user32

DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
GetMonitorInfoW
AllowSetForegroundWindow
GetAncestor
PostQuitMessage
UnregisterClassW
LoadCursorW
SetCursor
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
EnumWindows
MessageBoxW
IsWindow
GetWindowThreadProcessId
EnumThreadWindows
PostMessageW
RegisterClassW
CreateWindowExW
ShowWindow
UpdateWindow
LoadStringW
ShutdownBlockReasonCreate
EnableWindow
DefWindowProcW

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
__p__fmode
__set_app_type
_purecall
_CxxThrowException
memcpy_s
memmove_s
??1type_info@@UAE@XZ
?what@exception@@UBEPBDXZ
_onexit
_except_handler4_common
?terminate@@YAXXZ
_controlfp
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
_vsnwprintf
_wtol
iswdigit
memcpy
_wcsicmp
fclose
fflush
fputws
fopen_s
_wcsnicmp
wcsrchr
_wsplitpath_s
rand
srand
wcscat_s
_unlock
__dllonexit
_lock
??0exception@@QAE@ABQBD@Z
_XcptFilter
_exit
_cexit
__wgetmainargs
wcschr
wcsncmp
memset
calloc
malloc
free
??0exception@@QAE@XZ

shell32

FindExecutableW

ole32

CoEnableCallCancellation
CoCancelCall
CoDisableCallCancellation
CoCreateInstance
StringFromGUID2
IIDFromString
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoImpersonateClient
CoRevertToSelf
CreateStreamOnHGlobal
CoMarshalInterface
CoDisconnectObject
CoUninitialize
CoInitializeEx
CoInitializeSecurity

oleaut32

SysFreeString
SysReAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString

shlwapi

PathFileExistsW
PathIsPrefixW
PathIsDirectoryW

rpcrt4

NdrAsyncClientCall
RpcAsyncCancelCall
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCreateNil
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFree

ntdll

NtSetInformationProcess

secur32

LsaDeregisterLogonProcess
GetUserNameExW

xmllite

CreateXmlReader
CreateXmlWriterOutputWithEncodingName
CreateXmlWriter

mpr

WNetGetConnectionW

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

26bef7fe73d7f204515df262f620964e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

oleaut32

shlwapi

rpcrt4

ntdll

secur32

xmllite

mpr

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 8KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 8KB