3a7bfb2a5ac37f65b8a0a0686af8d12a88c7c0a088e4bfa0ca1d0c08cdc14b5e_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3a7bfb2a5ac37f65b8a0a0686af8d12a88c7c0a088e4bfa0ca1d0c08cdc14b5e_NeikiAnalytics.exe
Size

3.4MB
MD5

d6a0183c2b0eca36da90f422a75b5d70
SHA1

ecaebe04e37f381b69f01c78ed13641d0a02dce5
SHA256

3a7bfb2a5ac37f65b8a0a0686af8d12a88c7c0a088e4bfa0ca1d0c08cdc14b5e
SHA512

cea3b3e9ee7bb38431692179ab985dbb3464e2692b711a0b7493757df2690df3512dbcc1eea9d9d86531e367caf0f7b59b85caab16ffdf4d1edcdc6badf805eb
SSDEEP

49152:YMi3tENWq4+pSYryLTQ4ullYF5svlRlZPAoTMZmhJv3eEkF/LLisGcnlQHPxi:ByAwvAImAoTMgJvuLPnlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a7bfb2a5ac37f65b8a0a0686af8d12a88c7c0a088e4bfa0ca1d0c08cdc14b5e_NeikiAnalytics.exe

Files

3a7bfb2a5ac37f65b8a0a0686af8d12a88c7c0a088e4bfa0ca1d0c08cdc14b5e_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

eddf29389fa2b9ca07b8b79ce911a8d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AitStatic.pdb

Imports

kernel32

CreateSemaphoreExW
ReleaseSemaphore
LocalAlloc
ReleaseMutex
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
IsDebuggerPresent
GetProcessHeap
HeapAlloc
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
GetModuleFileNameA
VirtualProtect
LocalFree
WideCharToMultiByte
UnmapViewOfFile
GetFileInformationByHandle
VirtualQuery
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
RaiseException
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
MultiByteToWideChar
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
HeapSetInformation
HeapFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetModuleHandleExW
GetProcAddress
FreeLibrary
WaitForSingleObject
CloseHandle
SetLastError
WriteFile
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetLastError
DebugBreak
LoadLibraryExW
HeapReAlloc

msvcrt

__setusermatherr
_cexit
_exit
_vsnprintf
strcpy_s
strchr
sprintf_s
_wcsnicmp
wcschr
_vsnwprintf
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcsncmp
_commode
_strrev
bsearch_s
_lock
_stricmp
__C_specific_handler
qsort_s
strrchr
strncpy_s
_ui64toa_s
_strnicmp
wcstombs_s
swscanf_s
malloc
_callnewh
??1type_info@@UEAA@XZ
iswalpha
memcpy_s
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wfullpath
printf
vprintf
_wcsicmp
__CxxFrameHandler3
_unlock
_initterm
_wcsrev
__dllonexit
_onexit
?terminate@@YAXXZ
memmove
memcpy
memcmp
_fmode
free
_strdup
memset

ntdll

EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlGUIDFromString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQuerySystemInformation
RtlNtStatusToDosError
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlInitUnicodeString
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlCharToInteger
EtwEventWriteNoRegistration
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysFreeString

advapi32

EventRegister
EventUnregister
EventWriteTransfer

shlwapi

PathFindExtensionA
PathStripPathW
PathFindExtensionW
PathRemoveBackslashW

mscoree

CLRCreateInstance

Exports

Exports

CreateDCW
DeleteDC
GetFirmwareType
RtlCheckPortableOperatingSystem

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1002KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 608KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eddf29389fa2b9ca07b8b79ce911a8d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ntdll

ole32

oleaut32

advapi32

shlwapi

mscoree

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 130KB

.rdata Size: 1002KB - Virtual size: 1002KB

.data Size: 1.7MB - Virtual size: 1.7MB

.pdata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 608KB - Virtual size: 612KB

.text
Size: 131KB - Virtual size: 130KB

.rdata
Size: 1002KB - Virtual size: 1002KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.pdata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 608KB - Virtual size: 612KB