93e69351bd6d2f644e62961ee3990b6d2d7023a07366898a2115f880680144d9_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

93e69351bd6d2f644e62961ee3990b6d2d7023a07366898a2115f880680144d9_NeikiAnalytics.exe
Size

396KB
MD5

e14dc5f73d53ac4aa47ae5af5916e150
SHA1

46d0360e3ea3242635253bc8efd94fc89371e47b
SHA256

93e69351bd6d2f644e62961ee3990b6d2d7023a07366898a2115f880680144d9
SHA512

75e843be07c661cdab773cc0f9fd548a7bb3c9d5fe856b25bb95e7866f9d6100d412625b5c874aab22ed68b789f90238066292c4f02b150320c895c0cf1fc924
SSDEEP

6144:oIu+oxctLWqF/p/uwONct43j92U2PQFY:oFvxctt9pGHNu4B2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93e69351bd6d2f644e62961ee3990b6d2d7023a07366898a2115f880680144d9_NeikiAnalytics.exe

Files

93e69351bd6d2f644e62961ee3990b6d2d7023a07366898a2115f880680144d9_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

7aae1aa4039de567cf141e21ebb02fac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\123\documents\visual studio 2015\Projects\PureReg\Debug\PureReg.pdb

Imports

mfc140ud

ord3857
ord12887
ord13366
ord8456
ord4739
ord10763
ord17181
ord13868
ord4477
ord10945
ord13645
ord13644
ord6832
ord12115
ord12111
ord12113
ord12114
ord12112
ord17378
ord3313
ord12081
ord3899
ord3902
ord16164
ord7549
ord3763
ord5992
ord5993
ord7426
ord2045
ord7224
ord16090
ord16100
ord7229
ord16098
ord7228
ord3088
ord5392
ord7251
ord11166
ord2942
ord5057
ord9875
ord6486
ord5499
ord14041
ord13398
ord12231
ord1094
ord1605
ord829
ord1438
ord8818
ord15727
ord7004
ord5874
ord5864
ord5928
ord5975
ord5898
ord5951
ord5966
ord5910
ord5916
ord5922
ord5904
ord5959
ord5890
ord2031
ord14240
ord14244
ord13224
ord15942
ord16035
ord16534
ord6513
ord16594
ord9479
ord7657
ord7666
ord16875
ord2007
ord1993
ord1972
ord16252
ord5589
ord5621
ord17136
ord10729
ord14566
ord7703
ord6601
ord6875
ord6792
ord11520
ord7119
ord2367
ord9338
ord10657
ord13684
ord10652
ord14926
ord7072
ord6597
ord719
ord1381
ord16520
ord15749
ord3241
ord11363
ord7815
ord6292
ord7022
ord10824
ord16249
ord3495
ord9210
ord4951
ord10949
ord11996
ord11418
ord11571
ord12546
ord12660
ord13415
ord3677
ord16183
ord5616
ord5610
ord6641
ord6636
ord16254
ord7115
ord10741
ord715
ord3800
ord16664
ord1379
ord8067
ord4897
ord12492
ord12450
ord12373
ord16731
ord5938
ord2016
ord15378
ord787
ord3801
ord2142
ord2144
ord1412
ord788
ord15765
ord2124
ord9969
ord8650
ord551
ord4691
ord2415
ord5231
ord12702
ord14519
ord14142
ord10127
ord17184
ord13334
ord11022
ord11047
ord14064
ord9507
ord1267
ord2405
ord6973
ord13412
ord11012
ord11537
ord13717
ord13406
ord10619
ord4484
ord13722
ord11116
ord6988
ord17251
ord8821
ord8824
ord8819
ord8822
ord8823
ord8820
ord16472
ord8825
ord10273
ord13862
ord9007
ord9165
ord9896
ord2561
ord15270
ord8535
ord385
ord1179
ord618
ord10162
ord8455
ord1313
ord7587
ord14085
ord9221
ord15869
ord7225
ord16093
ord16660
ord10530
ord6914
ord17189
ord9512
ord17096
ord11065
ord3089
ord5393
ord14184
ord14049
ord3027
ord5156
ord9876
ord7996
ord593
ord3778
ord6358
ord15906
ord8520
ord2339
ord4910
ord10519
ord3573
ord4522
ord17164
ord3305
ord1296
ord10937
ord2613
ord9922
ord6393
ord6569
ord6564
ord3264
ord7655
ord10601
ord16658
ord3718
ord12978
ord3943
ord13223
ord5873
ord5863
ord5927
ord5897
ord5949
ord5964
ord5909
ord5903
ord5958
ord5915
ord5921
ord5974
ord5935
ord5888
ord2030
ord2003
ord1989
ord17170
ord4779
ord13439
ord2412
ord6061
ord6066
ord10017
ord14241
ord7624
ord15412
ord14109
ord4698
ord4683
ord5737
ord10590
ord16873
ord3909
ord15771
ord13052
ord10755
ord3820
ord3961
ord14539
ord3156
ord2460
ord3242
ord13387
ord10797
ord14824
ord15779
ord13165
ord8622
ord7943
ord500
ord1228
ord16316
ord3945
ord14139
ord3756
ord13676
ord9821
ord6178
ord10794
ord10737
ord3172
ord9472
ord10179
ord15153
ord9886
ord3223
ord10045
ord16796
ord16931
ord4709
ord9782
ord6566
ord3070
ord4260
ord4714
ord4715
ord4700
ord17020
ord17057
ord16738
ord5284
ord15489
ord3233
ord15314
ord3719
ord10800
ord3645
ord11112
ord4680
ord11484
ord10752
ord5413
ord16851
ord16858
ord13019
ord4860
ord2443
ord13647
ord16836
ord15587
ord3314
ord3340
ord13504
ord805
ord3806
ord1422
ord694
ord8690
ord16743
ord2634
ord10304
ord11970
ord11973
ord11977
ord9164
ord9006
ord1176
ord6994
ord17154
ord16776
ord3752
ord3751
ord4017
ord4016
ord4759
ord12304
ord13299
ord12901
ord10840
ord1223
ord2928
ord5037
ord11018
ord3312
ord16160
ord7547
ord14092
ord14183
ord14233
ord9885
ord14215
ord7198
ord4493
ord391
ord1183
ord10202
ord16367
ord15450
ord7728
ord17261
ord7729
ord17262
ord7727
ord17260
ord9592
ord14599
ord17050
ord2136
ord13920
ord13921
ord2379
ord13968
ord14222
ord9533
ord15117
ord4757
ord4819
ord11212
ord17188
ord9511
ord17182
ord14609
ord14610
ord2887
ord6470
ord10024
ord5352
ord9589
ord15030
ord15098
ord12265
ord14223
ord10108
ord3024
ord5153
ord10210
ord1039
ord2686
ord2693
ord2708
ord2564
ord1225
ord7941
ord493
ord14137
ord11044
ord2185
ord8269
ord1096
ord1607
ord5502
ord9538
ord9591
ord9618
ord6328
ord9202
ord10201
ord3361
ord15177
ord13820
ord16756
ord10773
ord11016
ord10220
ord16863
ord14723
ord8817
ord16587
ord9012
ord1645
ord4490
ord10008
ord8632
ord512
ord16570
ord16260
ord3426
ord9928
ord16119
ord6776
ord7520
ord10884
ord4504
ord12860
ord12910
ord13168
ord11005
ord14944
ord6741
ord14715
ord13153
ord10123
ord9168
ord3410

kernel32

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
RaiseException
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DecodePointer
SetLastError
HeapSize
OutputDebugStringW
DeleteCriticalSection
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
FreeLibrary
VirtualQuery
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
GetLastError

user32

LoadImageW
GetSystemMetrics
UnregisterClassW
PostQuitMessage
SetRectEmpty
IsRectEmpty
PeekMessageW

gdi32

DeleteDC

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

vcruntime140d

memset
_purecall
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
__CxxFrameHandler3

ucrtbased

__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
free
malloc
_CrtDbgReport
_CrtDbgReportW
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
_controlfp_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
wcslen
wcscpy_s
__stdio_common_vswprintf

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7aae1aa4039de567cf141e21ebb02fac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140ud

kernel32

user32

gdi32

comctl32

oleaut32

gdiplus

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 2KB - Virtual size: 13KB

.idata Size: 10KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 409B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 218KB - Virtual size: 218KB

.reloc Size: 10KB - Virtual size: 9KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 2KB - Virtual size: 13KB

.idata
Size: 10KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 409B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 218KB - Virtual size: 218KB

.reloc
Size: 10KB - Virtual size: 9KB