24c450d5c9573cbacc9ecb862be4f28c3daaec26e5d1ad5d1f9b9c187077c675_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

24c450d5c9573cbacc9ecb862be4f28c3daaec26e5d1ad5d1f9b9c187077c675_NeikiAnalytics.exe
Size

1001KB
MD5

7ed40d62c856bc206e74f19218c28510
SHA1

1205f767fa8d0da214447b8b4fff0e3f00191cc3
SHA256

24c450d5c9573cbacc9ecb862be4f28c3daaec26e5d1ad5d1f9b9c187077c675
SHA512

253460a1174d0b5c8622f0a0642eb4d7ef71536953a93fdef72f0cd3380d65f5e11baf9711995d8293b56f288b138155c54bb3a59b46875d1ccc631dfcabe891
SSDEEP

12288:Ii+OeO+OeNhBBhhBBf+EjJudqmc6TkN5Khe0ncCcEjAvuuAdJmDP2Nbs5US7deuX:IWGJuBkH0lmX5b7dembhu3t430TuV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24c450d5c9573cbacc9ecb862be4f28c3daaec26e5d1ad5d1f9b9c187077c675_NeikiAnalytics.exe

Files

24c450d5c9573cbacc9ecb862be4f28c3daaec26e5d1ad5d1f9b9c187077c675_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

5a3c670c1870410c729bc3b43a56ab80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
send
select
__WSAFDIsSet
WSACleanup
WSAStartup
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
accept

crypt32

CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
GetDateFormatW
FreeLibraryAndExitThread
ExitThread
SetEnvironmentVariableW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
DeleteFileW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
GetCurrentDirectoryW
SetStdHandle
SetEndOfFile
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
SetFilePointerEx
WriteConsoleW
WriteProcessMemory
HeapFree
SetConsoleTitleA
WriteFile
Module32Next
InitializeCriticalSectionEx
Module32First
GetModuleHandleA
OpenProcess
HeapSize
CreateToolhelp32Snapshot
Sleep
GetLastError
CreateFileA
HeapReAlloc
CloseHandle
HeapAlloc
DecodePointer
GetProcAddress
VirtualAllocEx
DeleteCriticalSection
GetProcessHeap
CreateRemoteThread
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
CreateFileW
GetFullPathNameW
GetDriveTypeW
GetModuleHandleExW
ExitProcess
GetCommandLineA
LoadLibraryExW
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentThreadId
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

GetWindowTextW
FindWindowW
EnumWindows
MessageBoxA
GetWindowThreadProcessId
GetClassNameA

shell32

ShellExecuteA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

Exports

Exports

MainFunction

Sections

.text
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a3c670c1870410c729bc3b43a56ab80

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

advapi32

kernel32

user32

shell32

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 779KB - Virtual size: 778KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 779KB - Virtual size: 778KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 37KB - Virtual size: 36KB