99fbffd8de97b9716e3dd2a86294e2fd752a41f7a420f2ceae0069b512c543f1_NeikiAnalytics[.]exe

General

Target

99fbffd8de97b9716e3dd2a86294e2fd752a41f7a420f2ceae0069b512c543f1_NeikiAnalytics.exe
Size

60KB
MD5

5a36e3e451ec9087cc2d600bcc610050
SHA1

a774bcc749dae202975d96dcf686bfdcde77eee6
SHA256

99fbffd8de97b9716e3dd2a86294e2fd752a41f7a420f2ceae0069b512c543f1
SHA512

43e64ee789dda417d70f2ad1a22936b25029197b882c0701b0f7047c329be04ab7a0ec24048672fb3469478dd7281411bc8db50c7ea79887d2b1aba067c99287
SSDEEP

768:kNGI8LZ8tc7dx7QrF47lpzl49AJp9eqYOdGIGyT6QNku8Mj6EWBV+lD:kAIkGt6cyi9AJLHYOsDyT6s8+1lD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99fbffd8de97b9716e3dd2a86294e2fd752a41f7a420f2ceae0069b512c543f1_NeikiAnalytics.exe

Files

99fbffd8de97b9716e3dd2a86294e2fd752a41f7a420f2ceae0069b512c543f1_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

803a89e1ce8d46b138bcda0aaf6d4169

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\NETBOX\Project\client6.15.1\src\probe\bin\wgprotect.pdb

Imports

kernel32

CreateToolhelp32Snapshot
GetVersionExA
Sleep
GetCurrentProcess
GetProcAddress
GetModuleHandleA
ReadProcessMemory
WriteFile
CreateFileA
WaitNamedPipeA
OutputDebugStringA
Process32First
OpenProcess
Module32Next
Module32First
VirtualFreeEx
VirtualAllocEx
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
Process32Next
CloseHandle
VirtualQuery
WideCharToMultiByte
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LoadLibraryA
InterlockedExchange
SetFilePointer
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers

user32

FindWindowExA
SendMessageA
GetWindowThreadProcessId
FindWindowA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

803a89e1ce8d46b138bcda0aaf6d4169

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB