2341d0a375f455d7011fdc0edea0e650f4d0e511555cc2a8dfdd6185d9d7334e_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2341d0a375f455d7011fdc0edea0e650f4d0e511555cc2a8dfdd6185d9d7334e_NeikiAnalytics.exe
Size

2.1MB
MD5

503c167e4cc5d9ed4befaee2b2a7e380
SHA1

b6d821cbf3d85d281490922f2fce88a70b1ce538
SHA256

2341d0a375f455d7011fdc0edea0e650f4d0e511555cc2a8dfdd6185d9d7334e
SHA512

e3cd032bf14ac5464ed8d0fd1e33e9d02c10b52e472248f691d72da58d3ffcb676bc554e01a89c996957aba5bf2471194bfdd0d79ef8b93459214fef4dccfc98
SSDEEP

49152:cyo01lLgnE7i4WKVif4WxUPVQ+IbOB2FTy2RRgq/5zBOTXfEc3f4b:rLvLgEtWKVifR+IbOB2FTy2RRgq/5zBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2341d0a375f455d7011fdc0edea0e650f4d0e511555cc2a8dfdd6185d9d7334e_NeikiAnalytics.exe

Files

2341d0a375f455d7011fdc0edea0e650f4d0e511555cc2a8dfdd6185d9d7334e_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

8f13cfb336a730b81d72de7a2ddb4064

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\nls15\bin\TropicalFarm.pdb

Imports

kernel32

ExitThread
ResumeThread
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
QueryPerformanceCounter
lstrcmpiA
GetSystemInfo
GetModuleHandleA
QueryPerformanceFrequency
GetVersionExA
lstrcpyA
GetLocalTime
GetModuleFileNameA
CreateFileA
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetFullPathNameA
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileA
MultiByteToWideChar
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapFree
DeleteFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
RemoveDirectoryA
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
GetTickCount
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
ReadFile
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableA
lstrlenA
LocalFree
GetFileAttributesA
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateMutexA
InterlockedCompareExchange
GetLastError
CreateProcessA

user32

GetWindowLongA
TranslateMessage
GetDC
WaitMessage
EnumDisplaySettingsA
LoadIconA
KillTimer
IsIconic
PostQuitMessage
RegisterClassExA
SetActiveWindow
ReleaseDC
DestroyWindow
ChangeDisplaySettingsA
GetSystemMetrics
CreateWindowExA
GetClientRect
ClientToScreen
ScreenToClient
GetCursorPos
SystemParametersInfoA
SetClassLongA
DefWindowProcA
SetWindowPos
ShowWindow
DispatchMessageA
AdjustWindowRectEx
SetWindowTextA
UpdateWindow
EnumDisplayDevicesA
PeekMessageA
SetTimer
LoadCursorA

bass

BASS_SampleGetChannel
BASS_StreamFree
BASS_Apply3D
BASS_Pause
BASS_ChannelSetPosition
BASS_ChannelStop
BASS_GetDevice
BASS_Free
BASS_SampleGetInfo
BASS_GetConfig
BASS_ChannelGetInfo
BASS_GetDeviceInfo
BASS_SetConfig
BASS_ChannelSetAttribute
BASS_SampleFree
BASS_ChannelSlideAttribute
BASS_ChannelPause
BASS_ChannelPlay
BASS_GetInfo
BASS_ChannelFlags
BASS_Init
BASS_Set3DFactors
BASS_ChannelGetPosition
BASS_Get3DFactors
BASS_ChannelIsActive
BASS_ChannelGetLength
BASS_SampleLoad
BASS_StreamCreateFile
BASS_MusicLoad
BASS_ChannelGetData
BASS_MusicFree
BASS_Start
BASS_ChannelSet3DAttributes

wsock32

inet_ntoa
recv
WSACleanup
htons
WSAGetLastError
select
ioctlsocket
WSAStartup
connect
socket
__WSAFDIsSet
closesocket
gethostbyname
send

gdi32

GetDeviceGammaRamp
GetBitmapBits
DeleteDC
CreateBitmap
DeleteObject
SelectObject
CreateCompatibleDC
SetDeviceGammaRamp

advapi32

RegCloseKey
GetUserNameA
SetEntriesInAclA
SetNamedSecurityInfoA
AllocateAndInitializeSid
FreeSid
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f13cfb336a730b81d72de7a2ddb4064

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

bass

wsock32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 227KB - Virtual size: 227KB

.data Size: 92KB - Virtual size: 122KB

.rsrc Size: 126KB - Virtual size: 125KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 227KB - Virtual size: 227KB

.data
Size: 92KB - Virtual size: 122KB

.rsrc
Size: 126KB - Virtual size: 125KB