96fd56ba767c631c1c66b77d71559c4ba51fefbfcea24e27e56617b149cd63ed_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

96fd56ba767c631c1c66b77d71559c4ba51fefbfcea24e27e56617b149cd63ed_NeikiAnalytics.exe
Size

19KB
MD5

2d2e66596d23b1714e83f33a0fd0b360
SHA1

f6343e65e10d7ec1e65f46d85520a6e5b7b51043
SHA256

96fd56ba767c631c1c66b77d71559c4ba51fefbfcea24e27e56617b149cd63ed
SHA512

07de5bbe91d717b8df5e556d613c58b3b596ef9e7b81f630d6a45a30d032b5cffb0853b4a27c10ecd6e3d0e1ff2886bf5296125d1b2157d480968e310533d372
SSDEEP

192:Duv0CC/V/YMF3mSudXpvJZR6iYVvlCWwQAa0y6nZsWZD2X1DYwSuycq3:D7pr33GXpZMCWwI0nCWt2+wSui

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96fd56ba767c631c1c66b77d71559c4ba51fefbfcea24e27e56617b149cd63ed_NeikiAnalytics.exe

Files

96fd56ba767c631c1c66b77d71559c4ba51fefbfcea24e27e56617b149cd63ed_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

0ccca2a7077477d96191bb0279bdba89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

core_rl_magickcore_

ThrowMagickException
ParseAbsoluteGeometry
GetPixelInfo
InterpretLocaleValue
LocaleCompare
LocaleNCompare
FormatLocaleString
SetImageProgress
ConstantString
DestroyString
IsStringTrue
AcquireImage
ResetImagePage
SetImageBackgroundColor
SetImageExtent
CloneDrawInfo
DestroyDrawInfo
CloseBlob
SyncAuthenticPixels
GetAuthenticPixels
AcquireVirtualMemory
RelinquishVirtualMemory
GetVirtualMemoryBlob
IsEventLogging
LogMagickEvent
RegisterMagickInfo
UnregisterMagickInfo
AcquireMagickInfo
DestroyImageList
GetFirstImageInList
GetImageOption
InterpretImageProperties
GetImageProperty
SetImageProperty

core_rl_cairo_

cairo_create
cairo_destroy
cairo_set_operator
cairo_set_source_rgba
cairo_translate
cairo_paint
cairo_font_options_create
cairo_font_options_destroy
cairo_font_options_set_antialias
cairo_font_options_set_hint_style
cairo_surface_destroy
cairo_format_stride_for_width
cairo_image_surface_create_for_data

core_rl_glib_

g_object_unref
g_type_check_instance_cast

core_rl_pango_

pango_language_from_string
pango_font_description_new
pango_font_description_free
pango_font_description_set_size
pango_font_description_from_string
pango_parse_markup
pango_font_map_create_context
pango_context_set_language
pango_context_set_base_dir
pango_context_set_base_gravity
pango_context_set_gravity_hint
pango_layout_new
pango_layout_set_text
pango_layout_set_markup
pango_layout_set_font_description
pango_layout_set_width
pango_layout_set_height
pango_layout_set_wrap
pango_layout_set_indent
pango_layout_set_spacing
pango_layout_set_justify
pango_layout_set_auto_dir
pango_layout_set_alignment
pango_layout_set_single_paragraph_mode
pango_layout_set_ellipsize
pango_layout_context_changed
pango_layout_get_extents
pango_cairo_font_map_get_type
pango_cairo_font_map_new
pango_cairo_font_map_set_resolution
pango_cairo_context_set_font_options
pango_cairo_show_layout

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

kernel32

UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter

Exports

Exports

RegisterPANGOImage
UnregisterPANGOImage

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ccca2a7077477d96191bb0279bdba89

Headers

DLL Characteristics

File Characteristics

Imports

core_rl_magickcore_

core_rl_cairo_

core_rl_glib_

core_rl_pango_

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 540B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 44B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 540B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 44B