073b21fc3bd7c71d872c4358dc18784baf60ca659970216794ec301f29594206_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

073b21fc3bd7c71d872c4358dc18784baf60ca659970216794ec301f29594206_NeikiAnalytics.exe
Size

88KB
MD5

ac0bd824c8e6a2d5fcdc258cbf015430
SHA1

4afef8eb3ee9c63d94bedfb825ad89dcbf8d606b
SHA256

073b21fc3bd7c71d872c4358dc18784baf60ca659970216794ec301f29594206
SHA512

8ead10fd1d982f18601d0b438996465515e130dd8dc0b34b1174e712759fda4318024820dd0e6ece1ed1b276acc07aa87e918e92a25a07f9e0615219dd4048a7
SSDEEP

1536:aziR/gh1EjOcMQicXbxq5rXNYlG64csqiwGpcVJwhpFq2cDQiTL:azi2UkIXboiE10NAqDDQqL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073b21fc3bd7c71d872c4358dc18784baf60ca659970216794ec301f29594206_NeikiAnalytics.exe

Files

073b21fc3bd7c71d872c4358dc18784baf60ca659970216794ec301f29594206_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

a291a93a0d584a53ff4ce514dbb91d32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
GetShortPathNameA
LoadLibraryA
FreeLibrary
GetVersionExA
LoadLibraryExA
SetEndOfFile
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CreateFileA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
SetFilePointer
VirtualQuery
InterlockedExchange
InitializeCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
HeapSize
SetUnhandledExceptionFilter
ReadFile
CloseHandle
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCommandLineA
GetStartupInfoA
WideCharToMultiByte
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetCurrentProcess
TerminateProcess
ExitProcess
HeapFree
HeapAlloc

vars

tracelog_D
open_log_file_D
get_edmenv_root_D
get_edmenv_sys_D
close_log_file_D
CloseObject_D
OpenObject_D
Edm_Object_Delete_D
Edm_Heap_Set_D
Edm_Vars_Exit_D
Edm_Heap_Add_From_Ptr_D
Edm_ObjPtr_Save_D
Edm_Find_Pool_D
v_set_D
v_get_D
SynchronizesObjectsFromDisk_D
pooltab_replace_D
pooltab_delete_D
pooltab_build_D
pooltab_add_D
VerifyVarsDLL
OurPathsepTerm
OurStrrchr
OurUpcase
OurStrcpy
OurPaddedStrcpy
OurTrim
OurStrlen
Show_Header_D

zsys

ord90
ord2
ord135
ord110
ord112
ord113
ord114
ord111

Exports

Exports

edmdes_decrypt
edmdes_encrypt
edmdes_initkey

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a291a93a0d584a53ff4ce514dbb91d32

Headers

File Characteristics

Imports

kernel32

vars

zsys

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 5KB