b52887450478f25ac5ab380195827995524b92526525bcd16da6220747e4d6dc_NeikiAnalytics[.]exe

General

Target

b52887450478f25ac5ab380195827995524b92526525bcd16da6220747e4d6dc_NeikiAnalytics.exe
Size

20KB
MD5

622ffb0b8334aef738e7203f6da9d910
SHA1

0d5ddd897bf3bca216d756fffb4f1966eb2ff33d
SHA256

b52887450478f25ac5ab380195827995524b92526525bcd16da6220747e4d6dc
SHA512

42e028d6e360b9fb6897429e3aa717e9386d1431ff35173192c6845f554cc06a26cecffedf3861628a47cd55676076f36981a6e14dd44ef7e7a9ee5775a17052
SSDEEP

96:/KO5G6DxmbEcy0CuXcX/na9p5w2Y5bzCP2s+Dh1f1r2CBM9boo9fPa:CO5LQblCci/anS2oCOdFRT0FZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b52887450478f25ac5ab380195827995524b92526525bcd16da6220747e4d6dc_NeikiAnalytics.exe

Files

b52887450478f25ac5ab380195827995524b92526525bcd16da6220747e4d6dc_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

02ab018ba0fe35c2e9ec54d7d5885294

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iwar2

?SetLocked@icDockPort@@QAE?B_N_N@Z
?m_p_static_class@iiSim@@0PAVFcClass@@A
?Reserve@icDockPort@@QAEXPAV1@@Z
?Dock@icDockPort@@QAE?B_NXZ
?IsFree@icDockPort@@QBE?B_NXZ
?IsDocked@icDockPort@@QBE?B_NXZ
?m_p_static_class@icDockPort@@0PAVFcClass@@A

flux

??0FcPackage@@QAE@XZ
??0FcString@@QAE@PBD@Z
?MakeLowerCase@FcString@@QAEXXZ
??4FcString@@QAEAAV0@ABV0@@Z
??1FcPackage@@UAE@XZ
?FindInstance@FcRegistry@@QAEPAVFcObject@@I@Z
?Instance@FcRegistry@@SAAAV1@XZ
?RegisterNative@FcPackage@@QAEXPBDP6AXAAVFcArgs@@AAVFcScriptTask@@@Z@Z
??1FcString@@QAE@XZ
?IsDerivedFrom@FcRegistry@@QBE?B_NII@Z
?IsEqual@FcScriptSet@@UBE?B_NPBVFiScriptObject@@@Z
?AssignObject@FcScriptSet@@UAEXPBVFiScriptObject@@@Z
??_7FiScriptObject@@6B@
?Arg@FcArgs@@QBE?BTFtPogValue@@I@Z
?IsDerivedFrom@FcClass@@QBE?B_NPBV1@@Z
?Copy@FcScriptSet@@UBEPAVFiScriptObject@@XZ

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
free
_onexit
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

DisableThreadLibraryCalls

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02ab018ba0fe35c2e9ec54d7d5885294

Headers

File Characteristics

Imports

iwar2

flux

msvcrt

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 324B

.reloc Size: 4KB - Virtual size: 468B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 324B

.reloc
Size: 4KB - Virtual size: 468B