3646106d2885bc581e9e6b0ce56e2defd315bfde64afe7ec6992aa57b10ce1e9_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3646106d2885bc581e9e6b0ce56e2defd315bfde64afe7ec6992aa57b10ce1e9_NeikiAnalytics.exe
Size

184KB
MD5

27ff72a49507c7325fc92b3135c16d30
SHA1

325ac50300087c85209570f8b1af09e25e395201
SHA256

3646106d2885bc581e9e6b0ce56e2defd315bfde64afe7ec6992aa57b10ce1e9
SHA512

2a58efbd26d1ede72844129559c237e843bb2cbe39b343a695efa4504dc8fc41ef4e0fa7a09c65a7ced19eee70ee9db95df824dc6146766c1e9445ae591bda68
SSDEEP

3072:Egh/ONWs2AXM0wm2FUSzSQD3X8fT0PL9LpQrIUi00RUtL:Eg1O4sKEfs3X84VpQr7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3646106d2885bc581e9e6b0ce56e2defd315bfde64afe7ec6992aa57b10ce1e9_NeikiAnalytics.exe

Files

3646106d2885bc581e9e6b0ce56e2defd315bfde64afe7ec6992aa57b10ce1e9_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

9e1c98e8678eedccef56494b8dfa9ce0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetComputerNameA
ReleaseMutex
CreateMutexA
SetCurrentDirectoryA
GetCurrentDirectoryA
SystemTimeToFileTime
GetDriveTypeA
GetWindowsDirectoryA
GetSystemTime
GetFileInformationByHandle
FindClose
FindFirstFileA
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
FindNextFileA
Sleep
GetStringTypeA
GetStdHandle
GetFileType
CreateDirectoryA
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
RtlUnwind
GetCurrentProcess
TerminateProcess
ExitProcess
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
HeapCreate
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapFree
HeapReAlloc
SetFileAttributesA
SetFileTime
ExitThread
GetTickCount
CreateThread
SuspendThread
ResumeThread
GetLastError
GetLocalTime
GetFullPathNameA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
IsDBCSLeadByte
GetFileAttributesA
GetVersion
LoadLibraryA
GetProcAddress
SetHandleCount
FreeLibrary
GetStringTypeW

user32

GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
BringWindowToTop
SendDlgItemMessageA
GetWindowRect
AttachThreadInput
SystemParametersInfoA
GetWindowThreadProcessId
GetForegroundWindow
SetWindowPlacement
SetWindowTextA
SetWindowWord
GetWindowWord
MoveWindow
PeekMessageA
CallWindowProcA
GetClientRect
CreateDialogParamA
DialogBoxParamA
IsDialogMessageA
EndDialog
RegisterWindowMessageA
GetMenuItemID
GetSubMenu
TranslateAcceleratorA
InsertMenuA
MessageBeep
FlashWindow
SetForegroundWindow
PostQuitMessage
IsWindowEnabled
IsWindowVisible
GetMessageA
DispatchMessageA
TranslateMessage
GetParent
GetWindowTextA
ShowWindow
LoadMenuA
CreatePopupMenu
CreateMenu
GetMessagePos
GetMenuItemCount
TrackPopupMenu
DestroyMenu
GetWindowPlacement
GetSystemMetrics
LoadIconA
UpdateWindow
IsWindow
DestroyWindow
CreateWindowExA
RegisterHotKey
UnregisterHotKey
SetCursor
SetClassLongA
DeleteMenu
DefWindowProcA
RegisterClassA
FindWindowA
LoadCursorA
LoadAcceleratorsA
GetWindow
KillTimer
MessageBoxA
SetTimer
SetCapture
SetFocus
SetWindowLongA
GetWindowLongA
EnableWindow
AppendMenuA
GetSystemMenu
PostMessageA
InvalidateRgn
GetAsyncKeyState
IsDlgButtonChecked
SendMessageA
ModifyMenuA
GetMenuStringA
wsprintfA
ReleaseCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ScreenToClient
GetCursorPos
SetActiveWindow

gdi32

GetObjectA
DeleteObject
CreateFontIndirectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseFontA

advapi32

RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

shell32

Shell_NotifyIconA
ExtractIconA
SHGetMalloc
SHBrowseForFolder
SHGetPathFromIDList
ShellExecuteA
DragQueryFileA
DragFinish

ole32

CoInitialize
CoUninitialize

winmm

PlaySoundA

comctl32

ord17
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

wsock32

accept
recvfrom
WSAGetLastError
sendto
WSAAsyncSelect
WSACleanup
WSAStartup
socket
htons
inet_ntoa
setsockopt
listen
gethostbyname
closesocket
recv
select
send
ntohl
inet_addr
ioctlsocket
bind
connect

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yxcedxu
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e1c98e8678eedccef56494b8dfa9ce0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

winmm

comctl32

wsock32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 13KB - Virtual size: 14KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 34KB - Virtual size: 35KB

yxcedxu Size: 4KB - Virtual size: 72KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 13KB - Virtual size: 14KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 34KB - Virtual size: 35KB

yxcedxu
Size: 4KB - Virtual size: 72KB