b9aac89098c1caacf5ffc7c09ea65e0c87a079291ea90ddbe4e279571d270d41_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b9aac89098c1caacf5ffc7c09ea65e0c87a079291ea90ddbe4e279571d270d41_NeikiAnalytics.exe
Size

844KB
MD5

91be6bc43b6d70b9bd783e945481ca70
SHA1

43d94359c3a7899a364dc1375f024712f79c9a5d
SHA256

b9aac89098c1caacf5ffc7c09ea65e0c87a079291ea90ddbe4e279571d270d41
SHA512

97ba401b83185209a19f4c7b6eb8d3eac24b743a2c434f956eedf58f8af2c32a88cf98397938cef663428e1ae3892c1d68a0d9be16f37eda37f8b05895d372e0
SSDEEP

24576:73SnnM0W5pZJ5pZxtatr0zAiX90z/F0jsFB3SQk:73WDW5pZJ5pZxtaB0zj0yjoB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9aac89098c1caacf5ffc7c09ea65e0c87a079291ea90ddbe4e279571d270d41_NeikiAnalytics.exe

Files

b9aac89098c1caacf5ffc7c09ea65e0c87a079291ea90ddbe4e279571d270d41_NeikiAnalytics.exe
.exe windows:10 windows x86 arch:x86

5caf5f64a6bfca4e3879dcc7700176a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mftrace.pdb

Imports

msvcrt

printf_s
memcpy
vswprintf_s
?terminate@@YAXXZ
realloc
_vscwprintf
__iob_func
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
_initterm
__setusermatherr
wcschr
fclose
__p__fmode
_wtoi
_cexit
_errno
_exit
exit
fwrite
fprintf_s
__set_app_type
__wgetmainargs
_amsg_exit
_controlfp
__p__commode
_XcptFilter
_callnewh
calloc
_vscprintf
vsprintf_s
free
wcscspn
wcsspn
memmove_s
memcpy_s
malloc
wcstoul
_wcsicmp
_wcstoui64
iswxdigit
iswdigit
vfprintf_s
_wfopen_s
memset

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

oleaut32

SysFreeString
VariantClear
VarBstrCmp
SysAllocString

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
SearchPathW
GetStdHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CoInitializeEx
IIDFromString
CoUninitialize

api-ms-win-eventing-tdh-l1-1-0

TdhEnumerateProviders
TdhGetPropertySize
TdhGetProperty
TdhGetEventInformation

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy
HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
LockResource
GetProcAddress
FindResourceExW
LoadResource
GetModuleHandleW
FreeLibrary
SizeofResource

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

CreateRemoteThread
ResumeThread
GetExitCodeProcess
GetExitCodeThread
SuspendThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
CreateThread
CreateProcessW
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

dbghelp

SymGetModuleBase64
StackWalk64
SymFunctionTableAccess64

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTraceEx

api-ms-win-core-processthreads-l1-1-1

GetThreadContext
FlushInstructionCache

api-ms-win-core-debug-l1-1-1

ContinueDebugEvent
DebugActiveProcessStop
DebugActiveProcess
WaitForDebugEvent

api-ms-win-core-memory-l1-1-0

VirtualProtectEx
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5caf5f64a6bfca4e3879dcc7700176a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

oleaut32

api-ms-win-core-console-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-tdh-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

dbghelp

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 255KB - Virtual size: 254KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 255KB - Virtual size: 254KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 580KB - Virtual size: 584KB