3472a780930de93a91673622e5af06c13d076a36af1b376b30957b68581c2238_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3472a780930de93a91673622e5af06c13d076a36af1b376b30957b68581c2238_NeikiAnalytics.exe
Size

170KB
MD5

b48b19d74d9cebe327e16480332c9ce0
SHA1

13a5a89cd0f71c5a11614d5ee660ce18df1dc5c9
SHA256

3472a780930de93a91673622e5af06c13d076a36af1b376b30957b68581c2238
SHA512

36e22f1289c90977860129efec4eec3001e9e98798ee20a69bcbf3ebf69e93127f30fbe61d5dba2c84d97ab1597bac7c7c94b0fe53968d9860d14257fed198cd
SSDEEP

3072:jdK7YFshIxpIFnN2MSPWGdNOCEvIfxmjHHDXCnzF5Qn4/NpWAQJI:jQ7YFtAGhEKsjHL4xlp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3472a780930de93a91673622e5af06c13d076a36af1b376b30957b68581c2238_NeikiAnalytics.exe

Files

3472a780930de93a91673622e5af06c13d076a36af1b376b30957b68581c2238_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

1a16d1b3988c58f85caa16730bac4ae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bcdboot.pdb

Imports

kernel32

SetUnhandledExceptionFilter
OutputDebugStringA
GetModuleHandleA
Sleep
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
GetModuleFileNameW
GetLastError
InterlockedCompareExchange
SetLastError
UnhandledExceptionFilter
LoadLibraryExW
QueryDosDeviceW
LocalFree
GetFileAttributesW
GetVolumeInformationW
GetVolumePathNameW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetCurrentThread
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
GetLocaleInfoW
DeviceIoControl
CopyFileExW
GetFullPathNameW
CreateDirectoryW
GetVersionExW
GetCurrentProcess
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LoadResource
FindResourceExW

msvcrt

bsearch
wcsstr
strncmp
wcsncmp
ungetc
_isatty
_write
_lseeki64
_fileno
_wcsnicmp
__pioinfo
__badioinfo
realloc
wcstombs
ferror
wctomb
_itoa
_snprintf
localeconv
isxdigit
isleadbyte
mbtowc
isdigit
calloc
fwprintf
fflush
_read
wcsrchr
_controlfp
?terminate@@YAXXZ
iswctype
free
malloc
memcpy
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_iob
__mb_cur_max
wcschr
_vsnwprintf
_wcsupr
_wcslwr
_errno
_wsetlocale
_wcsicmp
wcstoul

imagehlp

CheckSumMappedFile

shlwapi

PathRemoveBackslashW

ntdll

NtAllocateUuids
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlGetVersion
NtResetEvent
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
NtDeleteKey
NtCreateFile
NtSaveKey
NtSetValueKey
NtQueryValueKey
NtDeleteValueKey
NtCreateKey
NtSetSecurityObject
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtOpenThreadToken
NtOpenProcessToken
NtAdjustPrivilegesToken
NtLoadKey
NtUnloadKey
NtQueryAttributesFile
NtQueryKey
NtEnumerateKey
NtOpenKey
RtlFreeUnicodeString
RtlStringFromGUID
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
LdrFindResource_U
LdrAccessResource
NtQueryInformationFile
NtOpenProcess
NtQueryInformationProcess
NtSetInformationThread
NtOpenFile
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtQueryInformationThread
NtClose
NtQuerySystemInformation
RtlNtStatusToDosError
RtlCompareMemory
RtlUnwind
RtlInitUnicodeString
RtlGUIDFromString
RtlFreeSid

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

LookupPrivilegeValueW
OpenThreadToken
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
ConvertSidToStringSidW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a16d1b3988c58f85caa16730bac4ae7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

imagehlp

shlwapi

ntdll

version

advapi32

Sections

.text Size: 129KB - Virtual size: 129KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 34KB - Virtual size: 35KB

.text
Size: 129KB - Virtual size: 129KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 34KB - Virtual size: 35KB