b5c8d98e3bc8d2adb217e6a8870ab5bc6f3ff01e09dc2a7cc0b0c82ece396570_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b5c8d98e3bc8d2adb217e6a8870ab5bc6f3ff01e09dc2a7cc0b0c82ece396570_NeikiAnalytics.exe
Size

3.4MB
MD5

4aeb3f4a8b232c0d2e6aa17840b01860
SHA1

5f8a7650b158770921827c3380ea636a888f967e
SHA256

b5c8d98e3bc8d2adb217e6a8870ab5bc6f3ff01e09dc2a7cc0b0c82ece396570
SHA512

bd594a2deb971409aa961866e803e4806f769deb8063d174130fcab1d69f4c8a65c961261adc26c0425a89c6e5169a3eeb357e1c3be9252229cec8a515c92b95
SSDEEP

49152:H6eVYrrxzX3FBLlq/A2ypUQ+whbtwQbXUS/7ijRMIzqcgI9mMPt8lGOAeBUI:HM9r37ijRMqOAeBUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5c8d98e3bc8d2adb217e6a8870ab5bc6f3ff01e09dc2a7cc0b0c82ece396570_NeikiAnalytics.exe

Files

b5c8d98e3bc8d2adb217e6a8870ab5bc6f3ff01e09dc2a7cc0b0c82ece396570_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

18c4f68b28ff0de78fa16d08d0f16cd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

msys-2.0

__cxa_atexit
__errno
__getreent
__locale_mb_cur_max
__main
__wrap__ZdaPv
__wrap__ZdlPv
__wrap__Znam
__wrap__ZnamRKSt9nothrow_t
__wrap__Znwm
_ctype_
_dll_crt0
_impure_ptr
abort
arc4random
btowc
calloc
close
cygwin_conv_path
cygwin_internal
dll_dllcrt0
fclose
fdopen
fflush
fileno
fopen
fputc
fputs
fread
free
fseek
fstat
ftell
fwrite
getc
getentropy
getenv
getwc
iswctype
localtime
lseek
malloc
mbrtowc
memchr
memcmp
memcpy
memmove
memset
msys_detach_dll
open
poll
posix_memalign
pthread_cond_broadcast
pthread_cond_wait
pthread_getspecific
pthread_key_create
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific
putc
putwc
read
realloc
secure_getenv
setlocale
setvbuf
sprintf
strchr
strcmp
strcoll
strcspn
strerror
strftime
strlen
strncmp
strrchr
strspn
strtod
strtof
strtold
strtoul
strxfrm
towlower
towupper
ungetc
ungetwc
vsnprintf
wcrtomb
wcscoll
wcsftime
wcslen
wcsxfrm
wctob
wctype
wmemchr
wmemcmp
wmemcpy
wmemmove
wmemset
write
writev

bcrypt

BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptSetProperty

crypt32

CryptStringToBinaryA
CryptUnprotectData

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

shell32

SHGetFolderPathA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 1024B - Virtual size: 542B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18c4f68b28ff0de78fa16d08d0f16cd9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msys-2.0

bcrypt

crypt32

kernel32

shell32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 27KB - Virtual size: 27KB

.rdata Size: 123KB - Virtual size: 122KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 71KB - Virtual size: 71KB

.xdata Size: 87KB - Virtual size: 87KB

.bss Size: - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

/4 Size: 512B - Virtual size: 48B

/19 Size: 5KB - Virtual size: 4KB

/31 Size: 1024B - Virtual size: 542B

/45 Size: 512B - Virtual size: 158B

/57 Size: 512B - Virtual size: 56B

/70 Size: 512B - Virtual size: 14B

/81 Size: 1024B - Virtual size: 528B

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 27KB - Virtual size: 27KB

.rdata
Size: 123KB - Virtual size: 122KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 71KB - Virtual size: 71KB

.xdata
Size: 87KB - Virtual size: 87KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

/4
Size: 512B - Virtual size: 48B

/19
Size: 5KB - Virtual size: 4KB

/31
Size: 1024B - Virtual size: 542B

/45
Size: 512B - Virtual size: 158B

/57
Size: 512B - Virtual size: 56B

/70
Size: 512B - Virtual size: 14B

/81
Size: 1024B - Virtual size: 528B