32a8f383e7fa3741f8eaf9335e7baef5996af3c863dcfcb0678c41a71039f42c_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

32a8f383e7fa3741f8eaf9335e7baef5996af3c863dcfcb0678c41a71039f42c_NeikiAnalytics.exe
Size

245KB
MD5

10d1761117ef438d3f1fa54148c5db10
SHA1

84941060e2869b40cb255969ddc814f72be3b383
SHA256

32a8f383e7fa3741f8eaf9335e7baef5996af3c863dcfcb0678c41a71039f42c
SHA512

6c8c8999946bd0c5a18dde2405135cee24f7f045cd0621bae1cb408cd5899c893576de4a5e60d999d8537b12f86af49605ed8facfe8113ee780b0a21f0d9b4ba
SSDEEP

6144:7x8XCuY1yKPiRoaRbnGWwQFYvR2hCrHIJnDVI:GXR7KooaRLGWnF42hCrHWxI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32a8f383e7fa3741f8eaf9335e7baef5996af3c863dcfcb0678c41a71039f42c_NeikiAnalytics.exe

Files

32a8f383e7fa3741f8eaf9335e7baef5996af3c863dcfcb0678c41a71039f42c_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

58624f0a1be2a70e7e831d7c41c0c4ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\mhneox\bin\dbginfo\utils.pdb

Imports

tinyxpath

??0TiXmlPrinter@@QAE@XZ
?SetIndent@TiXmlPrinter@@QAEXPBD@Z
?SetLineBreak@TiXmlPrinter@@QAEXPBD@Z
??1TiXmlPrinter@@UAE@XZ
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?SetValue@TiXmlNode@@QAEXPBD@Z
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?XNp_xpath_node@TinyXPath@@YAPAVTiXmlNode@@PBV2@PBD@Z
?GetText@TiXmlElement@@QBEPBDXZ
?Value@TiXmlNode@@QBEPBDXZ
??0TiXmlElement@@QAE@PBD@Z
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
??1TiXmlElement@@UAE@XZ
??1TiXmlDocument@@UAE@XZ
?StreamIn@TiXmlDocument@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
??0TiXmlDocument@@QAE@XZ
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
?ErrorDesc@TiXmlDocument@@QBEPBDXZ
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ

kernel32

HeapAlloc
CompareStringW
CreateFileW
WriteConsoleW
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetDriveTypeW
SetStdHandle
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetStringTypeW
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
HeapSize
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
IsProcessorFeaturePresent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringA
GetLastError
GetCurrentProcess
GetLocalTime
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetSystemTime
CloseHandle
ReadFile
GetFileSize
CreateFileA
HeapDestroy
HeapCreate
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
RtlUnwind
GetSystemTimeAsFileTime
SetEnvironmentVariableA
HeapFree
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
RaiseException
GetCurrentThreadId
GetCommandLineA
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
ExitProcess

winmm

timeGetTime

Exports

Exports

GetIntf

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58624f0a1be2a70e7e831d7c41c0c4ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tinyxpath

kernel32

winmm

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB