ac0f5c3c47896f046e53fa33ece3e5af024a5e022985afb7712c3bd6bc54b5da_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ac0f5c3c47896f046e53fa33ece3e5af024a5e022985afb7712c3bd6bc54b5da_NeikiAnalytics.exe
Size

413KB
MD5

8534809fa8e2bbc7ad352fa17cc96f70
SHA1

ae0a87c6edf523a138e25a9b9d040b22b7bab290
SHA256

ac0f5c3c47896f046e53fa33ece3e5af024a5e022985afb7712c3bd6bc54b5da
SHA512

a4eb10f327120f71857e7d414f47831f14b4c76c52f550e4570705193ab2b224aba93691b31e6846d5580fc8db5bf33059c793a7b4fcc043598c9d63c906c683
SSDEEP

12288:M00j3l3K1A4uKGw/msd9zmkymGH0nhWB9:N0p3OADKGdsd9zamCT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac0f5c3c47896f046e53fa33ece3e5af024a5e022985afb7712c3bd6bc54b5da_NeikiAnalytics.exe

Files

ac0f5c3c47896f046e53fa33ece3e5af024a5e022985afb7712c3bd6bc54b5da_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

b59af26b08aa14ba66272388bc9c2443

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WMIC.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW

kernel32

SetFilePointer
CreateFileW
WriteFile
SetLastError
GetLastError
CopyFileW
GetFileSizeEx
GetLocalTime
GetFileType
GetStdHandle
FormatMessageW
GetConsoleScreenBufferInfo
GetSystemDefaultUILanguage
GetComputerNameW
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
WriteConsoleW
SetConsoleCursorPosition
SetConsoleScreenBufferSize
ReadConsoleW
SetConsoleMode
GetConsoleMode
GetCurrentProcess
GetSystemDirectoryW
GetUserPreferredUILanguages
CloseHandle
GetProcAddress
FreeLibrary
LoadLibraryW
LocalAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetCommandLineW
DeleteFileW
HeapSetInformation
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetConsoleCtrlHandler
InitializeCriticalSection
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenA
LocalFree
lstrlenW
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoW
UnhandledExceptionFilter

msvcrt

?what@exception@@UBEPBDXZ
wcsncmp
fprintf
fflush
fwprintf
wcstombs
fread
fseek
towlower
swscanf
_iob
_exit
wcsstr
fgets
__CxxFrameHandler3
wcstoul
_wfopen
fwrite
fclose
_ftol2_sse
_getch
ceil
_cexit
__wgetmainargs
_callnewh
malloc
free
_wfreopen
fgetws
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
memmove_s
memcpy_s
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
feof
_XcptFilter
_wsystem
_wtoi
_fileno
_filelength
_wremove
wctomb
fputws
_itow
??0exception@@QAE@ABV0@@Z
_wcsnicmp
_wtol
_vsnprintf
wcstok
_wcsicmp
memset
_ltow
??0exception@@QAE@XZ
memcpy
_CxxThrowException
_vsnwprintf
_kbhit

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstanceEx
CoCreateInstance
CoInitializeSecurity

oleaut32

SafeArrayGetLBound
SysStringLen
SysFreeString
SysAllocStringByteLen
SafeArrayGetVartype
SysStringByteLen
VariantCopy
VariantChangeType
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear
SysAllocString

user32

OpenClipboard
LoadStringW
CloseClipboard
SetClipboardData
CharUpperW
EmptyClipboard

framedynos

??0CHString@@QAE@ABV0@@Z
?Find@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z
??H@YG?AVCHString@@ABV0@PBG@Z
??YCHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?TrimLeft@CHString@@QAEXXZ
?TrimRight@CHString@@QAEXXZ
?GetBuffer@CHString@@QAEPAGH@Z
?FindOneOf@CHString@@QBEHPBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Empty@CHString@@QAEXXZ
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@PBD@Z
?Right@CHString@@QBE?AV1@H@Z
??0CHString@@QAE@PBG@Z
??0CHString@@QAE@XZ
?Format@CHString@@QAAXPBGZZ
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@PBG@Z

shlwapi

StrStrIW

ws2_32

WSACleanup
freeaddrinfo
WSAStartup
getaddrinfo

secur32

GetUserNameExW

iphlpapi

Icmp6SendEcho2
Icmp6CreateFile
IcmpSendEcho
IcmpCreateFile
IcmpCloseHandle

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b59af26b08aa14ba66272388bc9c2443

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

user32

framedynos

shlwapi

ws2_32

secur32

iphlpapi

Sections

.text Size: 299KB - Virtual size: 299KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 41KB - Virtual size: 42KB

.text
Size: 299KB - Virtual size: 299KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 41KB - Virtual size: 42KB