3ee48f44abf1febde2f3310f3eb579e58107b5850d45d2a81588aa220abc46c4_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3ee48f44abf1febde2f3310f3eb579e58107b5850d45d2a81588aa220abc46c4_NeikiAnalytics.exe
Size

2.0MB
MD5

fde32f7f5055c87fb8a51dc26b9746c0
SHA1

235b7fd9d1d51275b2c9364c1fb4973af05e106f
SHA256

3ee48f44abf1febde2f3310f3eb579e58107b5850d45d2a81588aa220abc46c4
SHA512

a6e0852d9a612e6c82230882f38842c8128d3a17abd8e01a10f80376cb3ffeb0839fd82c39de5a39c7c3c668fa7dc0c9ccc448dcebc1015be7ad8507ef57e068
SSDEEP

24576:NexPCD9VePVL43r5hUu9O5oW4oHCLWb+ERcs3JUhah7lGTnkqhd:2PqA43r5hJbWh3JUhalsTnkqhd

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ee48f44abf1febde2f3310f3eb579e58107b5850d45d2a81588aa220abc46c4_NeikiAnalytics.exe

Files

3ee48f44abf1febde2f3310f3eb579e58107b5850d45d2a81588aa220abc46c4_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

443dfd49d452179f12739b20c37ccfbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\hera\Bin\nbvm.pdb

Imports

kernel32

CreateProcessA
GetLastError
GetModuleHandleW
DeleteFileA
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcpynW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalMemoryStatusEx
GetSystemInfo
GetLocalTime
GetPrivateProfileSectionA
Module32FirstW
Module32NextW
OpenProcess
VirtualQueryEx
ReadProcessMemory
GetCurrentProcess
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetModuleFileNameA
CreateFileA
WriteFile
GetCurrentThread
ExitProcess
Sleep
OutputDebugStringW
SetEvent
DeleteFileW
TerminateProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetTickCount
ResumeThread
GetThreadPriority
SetThreadPriority
lstrlenA
CloseHandle
CreateEventW
WaitForSingleObject
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetLastError
IsBadReadPtr
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GlobalFree
GlobalAlloc
GetNativeSystemInfo
GetComputerNameA
GetWindowsDirectoryW
FindNextFileW
GetTempPathW
GetFileAttributesW
GetSystemDirectoryW
CreateDirectoryW
SetErrorMode
InterlockedCompareExchange
DeleteTimerQueueEx
DeviceIoControl
CreateFileW
ReadConsoleW
ReadFile
SetEnvironmentVariableA
SetStdHandle
GetExitCodeProcess
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
FreeEnvironmentStringsW
InterlockedExchange
FreeLibrary
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileAttributesExW
LoadLibraryW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
SetEndOfFile
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetOEMCP
WideCharToMultiByte
DuplicateHandle
GetCurrentThreadId
GetExitCodeThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MultiByteToWideChar
GetStringTypeW
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapReAlloc
CreateThread
ExitThread
LoadLibraryExW
RaiseException
CreateTimerQueue
IsProcessorFeaturePresent
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
IsDebuggerPresent
MoveFileExW
GetCommandLineA
GetCPInfo
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP

user32

WindowFromPoint
FindWindowA
wsprintfW
GetCursorPos
GetSystemMetrics
wsprintfA

advapi32

LookupPrivilegeValueA
OpenServiceA
CloseServiceHandle
DeleteService
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
ControlService
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CreateServiceA
StartServiceA
OpenSCManagerA

shell32

ShellExecuteW
SHGetFolderPathA

shlwapi

StrStrIA
PathFindExtensionA

ws2_32

inet_addr
recv
closesocket
send
ntohl
ntohs
gethostbyname
inet_ntoa
gethostname
accept
freeaddrinfo
WSAGetLastError
connect
WSASendTo
WSARecvFrom
WSAIoctl
WSASend
WSARecv
listen
socket
WSAStartup
WSACleanup
shutdown
htons
getaddrinfo
htonl
getpeername
setsockopt
bind

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionA
SetupDiGetDeviceRegistryPropertyA

mswsock

AcceptEx

wininet

InternetOpenA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle

Sections

.text
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

443dfd49d452179f12739b20c37ccfbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

iphlpapi

psapi

version

setupapi

mswsock

wininet

Sections

.text Size: 638KB - Virtual size: 638KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 214KB - Virtual size: 237KB

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 638KB - Virtual size: 638KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 214KB - Virtual size: 237KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 34KB - Virtual size: 34KB