0cde30697a34744c2e000b762927eccf6e68867e1107ba729e556422849987cc_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0cde30697a34744c2e000b762927eccf6e68867e1107ba729e556422849987cc_NeikiAnalytics.exe
Size

41KB
MD5

71828bcd8711ba96f4d8f761ccef7190
SHA1

48c105c5b9e8f0091cf5f2489b831f0958d0a9a5
SHA256

0cde30697a34744c2e000b762927eccf6e68867e1107ba729e556422849987cc
SHA512

7fe5c7963e9739252ec1207a4b9e27fc08408463699e0a15c3dd979428a797ee07971edcb026adb2e8ce525178877feda76c003c79f5208f7185cf623d571c3c
SSDEEP

768:miNa1jIXsLM/6KipkjTL1RErOAdBGtKyJgrX2wxPXlblSJ:u0X76KQkjTBydByJgHBA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cde30697a34744c2e000b762927eccf6e68867e1107ba729e556422849987cc_NeikiAnalytics.exe

Files

0cde30697a34744c2e000b762927eccf6e68867e1107ba729e556422849987cc_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

bfc997852227a91a914a70752729ca29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pngfilt.pdb

Imports

msvcrt

_initterm
_adjust_fdiv
??2@YAPAXI@Z
_purecall
free
_except_handler3
malloc
_CIpow
??3@YAXPAX@Z

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA

user32

GetSysColor
CharNextA
LoadStringA

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
HeapAlloc
GetProcessHeap
GetCurrentProcessId
InterlockedDecrement
lstrcpyA
lstrcmpiA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
HeapFree
GetProcAddress
LoadLibraryA
FreeLibrary
lstrlenA
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DisableThreadLibraryCalls

ole32

CoTaskMemFree
CoCreateInstance
StringFromCLSID

oleaut32

RegisterTypeLi
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfc997852227a91a914a70752729ca29

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

user32

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB