ad37d01b24ea56d45eaf5d9a6158c3e7ec4b405334a29babe59f9ec62e6b3885_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ad37d01b24ea56d45eaf5d9a6158c3e7ec4b405334a29babe59f9ec62e6b3885_NeikiAnalytics.exe
Size

198KB
MD5

cc1672473b4ad0f12d701a6c91f74110
SHA1

750e0f65531f48faac85ab33a532880a0cdff45a
SHA256

ad37d01b24ea56d45eaf5d9a6158c3e7ec4b405334a29babe59f9ec62e6b3885
SHA512

6e40bb853147e7bfdaa3802930123a8a751f6280ccf66ad2a9294f0c5b9937a40d0ca72485c08687476e5090805f955ca9872f24865631e119a71d6ee8158ccf
SSDEEP

3072:p/4uZasR9jCsVKULaUVWp1zHjn+py4fKRvdn+DV7:JzRR9jCs0ULaU29qfKRl+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad37d01b24ea56d45eaf5d9a6158c3e7ec4b405334a29babe59f9ec62e6b3885_NeikiAnalytics.exe

Files

ad37d01b24ea56d45eaf5d9a6158c3e7ec4b405334a29babe59f9ec62e6b3885_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wevtutil.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
ConvertSidToStringSidW
RegOpenKeyExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
GetSecurityInfo
RegDeleteKeyExW
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAce
MapGenericMask
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
RegCloseKey

kernel32

GetStartupInfoW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetCommandLineW
IsWow64Process
lstrcmpW
WideCharToMultiByte
CreateProcessW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WaitForSingleObject
GetFullPathNameW
SetThreadLocale
LocaleNameToLCID
GetThreadLocale
CreateFileW
GetFileSize
ReadFile
GetModuleHandleW
GetFileType
GetConsoleMode
WriteConsoleW
WriteFile
FileTimeToSystemTime
HeapSetInformation
SetThreadUILanguage
FormatMessageW
LocalFree
GetCurrentProcess
CloseHandle
GetLastError
GetStdHandle
lstrcmpiW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
SystemTimeToTzSpecificLocalTime
InitializeCriticalSectionAndSpinCount

msvcrt

_wtoi
_itow_s
towupper
??0exception@@QAE@ABV0@@Z
_vsnwprintf
__CxxFrameHandler3
??0exception@@QAE@XZ
_wcsnicmp
memcpy
setlocale
wcschr
_wcsicmp
memcpy_s
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
memmove_s
_onexit
_purecall
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
fflush
fgetwc
wprintf
swscanf
_iob
memset

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString

ole32

CoCreateInstance
CoInitialize
CoUninitialize

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate

credui

CredUICmdLinePromptForCredentialsW

wevtapi

EvtCreateRenderContext
EvtNext
EvtUpdateBookmark
EvtArchiveExportedLog
EvtExportLog
EvtClearLog
EvtOpenLog
EvtOpenPublisherMetadata
EvtOpenEventMetadataEnum
EvtNextEventMetadata
EvtGetObjectArraySize
EvtOpenPublisherEnum
EvtNextPublisherId
EvtSeek
EvtSetChannelConfigProperty
EvtOpenChannelConfig
EvtOpenChannelEnum
EvtGetExtendedStatus
EvtRender
EvtGetLogInfo
EvtGetObjectArrayProperty
EvtGetChannelConfigProperty
EvtGetEventMetadataProperty
EvtGetPublisherMetadataProperty
EvtNextChannelPath
EvtOpenSession
EvtClose
EvtCreateBookmark
EvtQuery
EvtSaveChannelConfig
EvtFormatMessage

ntdll

EtwTraceMessage
RtlGetVersion

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

oleaut32

ole32

rpcrt4

credui

wevtapi

ntdll

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 34KB - Virtual size: 35KB

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 35KB