97cd63b19522cdcb9e7bf9b2a0064446f3f30cc73c485f16278763756d025d4d_NeikiAnalytics[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97cd63b19522cdcb9e7bf9b2a0064446f3f30cc73c485f16278763756d025d4d_NeikiAnalytics.exe
Size

32KB
MD5

8b423ba0245553247f35992b7263f340
SHA1

bd3998d8776635aa2a3d0b451a4243aeed80acad
SHA256

97cd63b19522cdcb9e7bf9b2a0064446f3f30cc73c485f16278763756d025d4d
SHA512

22b5042a77d0992a8e3cbb119bdc65d370dd9963c9e7d30ee247157437f5da416263bf7722f4fa6f8b047f060a3b7ed5dcb9ac57ecfcd660d11f846f620d6bc3
SSDEEP

384:wsQN3UD0xIPUXFUyuOILN+g3F500MhvivJd0c:EVR+ZtF9MhqYc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97cd63b19522cdcb9e7bf9b2a0064446f3f30cc73c485f16278763756d025d4d_NeikiAnalytics.exe

Files

97cd63b19522cdcb9e7bf9b2a0064446f3f30cc73c485f16278763756d025d4d_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

f4fa3d9513f0c93a1e18ca51c758f460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls

isocsutility

LocaleManager_ApplicationPreference
LocaleManager_POSIX

msvcrt

log
atof
strcmp
fread
strncpy
fseek
fopen
_pctype
_isctype
__mb_cur_max
sprintf
_splitpath
exp
fclose
_strupr
strlen
remove
strcat
strrchr
strcpy
_ftol
fabs
sscanf
??3@YAXPAX@Z
??2@YAPAXI@Z
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
fwrite

socsaccess

?ApexRename@CImpersonate@@SAHPBD0@Z
?ApexRemove@CImpersonate@@SAHPBD@Z
?OpenViaFOpen@CImpersonate@@SAPAU_iobuf@@PAD0@Z

Exports

Exports

??4CImpersonate@@QAEAAV0@ABV0@@Z
MuEdit
MuLocalizedEdit

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ