18567b1667920341a95e0bd4d967b0f3a96aaba05a0b816c99b9d585d66250a2_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

18567b1667920341a95e0bd4d967b0f3a96aaba05a0b816c99b9d585d66250a2_NeikiAnalytics.exe
Size

83KB
MD5

b6cbf740ab29cf3e2b263660582e0200
SHA1

80e28551f3e31d80bb3e3d2c536af7426441e75e
SHA256

18567b1667920341a95e0bd4d967b0f3a96aaba05a0b816c99b9d585d66250a2
SHA512

a6b7f478f46a9406916d1084b163da87417812de5e8748a8ffa1f4a874d834a268331abecb1e967381b574e850c869a2610a348abe5411d9f21b5f75820a1bf3
SSDEEP

1536:rapMJHPQ40lsXZC2Wu8BaN6PU8SeV5omIbEvFwEHP:JYLyC2WnB9meV5omIKFwE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18567b1667920341a95e0bd4d967b0f3a96aaba05a0b816c99b9d585d66250a2_NeikiAnalytics.exe

Files

18567b1667920341a95e0bd4d967b0f3a96aaba05a0b816c99b9d585d66250a2_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

d7b1671101e5e538c3eb8236a13cd679

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CopyFileW
CreateDirectoryW
CreateFileMappingW
CreateFileW
CreateProcessW
CreateToolhelp32Snapshot
CreateWaitableTimerW
DeleteFileW
DisableThreadLibraryCalls
ExpandEnvironmentStringsW
FlushInstructionCache
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessId
GetSystemDefaultLCID
GetSystemTimeAsFileTime
GetSystemTimes
GetThreadContext
GetTickCount
GlobalAddAtomW
GlobalDeleteAtom
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsWow64Process
LoadLibraryExW
LoadLibraryW
LocalFree
MoveFileExW
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OpenThread
Process32FirstW
Process32NextW
QueryPerformanceCounter
ReadFile
ResumeThread
SetDllDirectoryW
SetFilePointer
SetLastError
SetPriorityClass
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SuspendThread
TerminateProcess
Thread32First
Thread32Next
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
WideCharToMultiByte
WriteProcessMemory

shell32

CommandLineToArgvW
ord28

shlwapi

PathAppendW
PathCombineW
PathFileExistsW
PathFindFileNameW
PathMatchSpecA
PathMatchSpecW
PathRemoveBackslashW
PathRemoveFileSpecW
StrChrW
StrStrIW
wnsprintfA
wnsprintfW

user32

CallNextHookEx
DispatchMessageW
EnumWindows
FindWindowExW
FindWindowW
GetAsyncKeyState
GetClassNameW
GetClientRect
GetDoubleClickTime
GetForegroundWindow
GetMessageW
GetWindowThreadProcessId
IsIconic
IsWindowVisible
PostMessageW
PtInRect
RegisterHotKey
SendInput
SetWindowPos
SetWindowsHookExW
ShowWindow
TrackMouseEvent
TranslateMessage
UnhookWindowsHookEx
UnregisterHotKey
WindowFromPoint

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoUninitialize

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memcpy
memmove
memset
strchr
strrchr
strstr
wcschr
wcsrchr

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
_configure_narrow_argv
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsscanf
_chsize
_fileno
_wfopen
fclose
feof
fgets
fread
fseek
ftell
fwrite

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
_wcsicmp
_wcsnicmp
strcmp
strcpy
strlen
strncat
strncmp
strncpy
tolower
wcscmp
wcscpy
wcslen
wcsncat
wcsncpy

api-ms-win-crt-convert-l1-1-0

_strtoui64
_ui64tow
atoi
strtod
wcstol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wfullpath

api-ms-win-crt-environment-l1-1-0

_wgetenv
_wputenv

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
realloc

Exports

Exports

GetAppDirHash_tt
GetCpuFeature_tt
GetNonTemporalDataSizeMin_tt
_undo_it@0
memset_nontemporal_tt

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7b1671101e5e538c3eb8236a13cd679

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

shlwapi

user32

ole32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 4KB