af2fb6f332bbc2b04cfe98a9b45d7ee77e36d599b5561f909a15c937a18df89d_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

af2fb6f332bbc2b04cfe98a9b45d7ee77e36d599b5561f909a15c937a18df89d_NeikiAnalytics.exe
Size

1.7MB
MD5

cf37e362dce0e956322eb61db5246740
SHA1

25d0c6f91b7d1f11c784d8ea0cf64036bfdf5ce4
SHA256

af2fb6f332bbc2b04cfe98a9b45d7ee77e36d599b5561f909a15c937a18df89d
SHA512

67ca8520e613de4e22ef883b7efe5f78a99f13d2b8270a3ed839acbef1f6493aac82ba12fb5a1d550971822170b876ce8b8d6badae522d14ed57505bacaf1eec
SSDEEP

24576:TohUMaExsZh6maouGSPGM9ZQ8GYelhwOXGEDgm6:UmNNQdPGM7nmoOl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af2fb6f332bbc2b04cfe98a9b45d7ee77e36d599b5561f909a15c937a18df89d_NeikiAnalytics.exe

Files

af2fb6f332bbc2b04cfe98a9b45d7ee77e36d599b5561f909a15c937a18df89d_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

486f924107195f6d293d7541b56fff5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

betest.pdb

Imports

advapi32

OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValueW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
ReportEventW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
DeregisterEventSource
OpenThreadToken
ConvertSidToStringSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW
RegisterEventSourceW

kernel32

GetTempFileNameW
SetEndOfFile
SetFilePointer
RaiseException
GetFileSizeEx
CopyFileW
MoveFileExW
FindFirstFileW
GetVolumeNameForVolumeMountPointW
GetFileTime
GetFileAttributesW
lstrcmpiW
FindNextFileW
CloseHandle
GetLastError
HeapSetInformation
GetVersionExW
ExpandEnvironmentStringsW
GetFullPathNameW
GetVolumePathNameW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
FindClose
InitializeSRWLock
MultiByteToWideChar
FreeLibrary
GetCurrentThread
FormatMessageW
GetCommandLineW
GetSystemTime
TlsFree
TlsGetValue
GetProcAddress
TlsAlloc
TlsSetValue
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
OutputDebugStringW
CreateDirectoryW
GetCurrentProcess
SetLastError
WriteFile
ReadFile
GetFileSize
CreateFileW
LocalFree
LocalAlloc
ReleaseSRWLockExclusive
CompareFileTime
Sleep
LoadLibraryExW

msvcrt

getchar
memcpy_s
memmove_s
_wcsicmp
wprintf
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
wcstoul
iswalpha
mbstowcs
_wcsdup
_vsnwprintf
time
swprintf
clock
_purecall
malloc
realloc
free
wcsrchr
memset
memcpy
printf
_wcsnicmp
wcsstr
wcschr
towlower
_vsnprintf
__CxxFrameHandler3
_CxxThrowException

atl

ord30

user32

LoadStringW
wsprintfW
CharUpperW

ole32

CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitializeSecurity
CoFileTimeNow
StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
SysAllocStringLen
SysAllocString
GetErrorInfo
SysStringLen
SysFreeString

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

vssapi

GetProviderMgmtInterfaceInternal
CreateWriter
CreateVssBackupComponentsInternal
CreateVssExamineWriterMetadataInternal

resutils

ClusterGetVolumePathName
ClusterIsPathOnSharedVolume
ClusterPrepareSharedVolumeForBackup
ClusterGetVolumeNameForVolumeMountPoint

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

486f924107195f6d293d7541b56fff5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

atl

user32

ole32

oleaut32

rpcrt4

vssapi

resutils

api-ms-win-security-lsalookup-l1-1-0

Sections

.text Size: 215KB - Virtual size: 214KB

.data Size: 1024B - Virtual size: 7KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 215KB - Virtual size: 214KB

.data
Size: 1024B - Virtual size: 7KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB