3ffa91f6c5f56d458e075bd1b9607a22c797d99bd1f4c4c2bc719bd8787535b2_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3ffa91f6c5f56d458e075bd1b9607a22c797d99bd1f4c4c2bc719bd8787535b2_NeikiAnalytics.exe
Size

88KB
MD5

e8da846cbdb7df320a125d3fd9828620
SHA1

80ae11e4b0174b67c98b0316ce0da0cce38c76ad
SHA256

3ffa91f6c5f56d458e075bd1b9607a22c797d99bd1f4c4c2bc719bd8787535b2
SHA512

ece61242c1cdf7f1e2ed4fc215796654ae92219f8f3414afab0918cb9ce90ca0362f66fde3dacca4e23004eddb78e717ac9c065b2b5dc1a025c4490ed86308de
SSDEEP

1536:f3mx5ax68HiEslxrckTl1TfAbMRr01rUGkFlDlcvLsxnl3i:QaxDHXsBfEMcUGkFlpEulS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ffa91f6c5f56d458e075bd1b9607a22c797d99bd1f4c4c2bc719bd8787535b2_NeikiAnalytics.exe

Files

3ffa91f6c5f56d458e075bd1b9607a22c797d99bd1f4c4c2bc719bd8787535b2_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RDPClip.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
wcslen
wcschr
wcscmp
strchr
_XcptFilter
_exit
_c_exit
rand
malloc
realloc
free
_except_handler3
_resetstkoflw
strrchr
wcsrchr
_strnicmp
_wcsnicmp
??2@YAPAXI@Z
wcsncpy
wcscpy
??3@YAXPAX@Z

advapi32

RegCreateKeyExA
IsValidSid
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
RegQueryValueExA
RegSetValueExA

kernel32

GetDiskFreeSpaceA
GetStartupInfoA
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
DeviceIoControl
HeapFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
WaitForSingleObject
CloseHandle
UnmapViewOfFile
GetLocalTime
GetProcAddress
GetModuleHandleW
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
LocalAlloc
GetLastError
GetCurrentProcess
ReleaseMutex
SetLastError
LocalFree
CreateMutexW
LoadLibraryExA
SetEvent
ResetEvent
InterlockedIncrement
GlobalFree
GlobalUnlock
GlobalLock
CreateDirectoryW
DeleteFileW
GetTempFileNameW
WideCharToMultiByte
GlobalAlloc
InterlockedDecrement
MultiByteToWideChar
WaitForMultipleObjects
GlobalSize
CreateThread
CreateEventW
ProcessIdToSessionId
GetOverlappedResult
WriteFile
ExitThread
ReadFile
GetTickCount
CancelIo
PulseEvent
OpenEventW
WaitForMultipleObjectsEx
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter

gdi32

DeleteMetaFile
DeleteObject
GetObjectW
GetPaletteEntries
CreatePalette
SetMetaFileBitsEx
CreateMetaFileW
PlayMetaFile
CloseMetaFile
GetMetaFileBitsEx
GetStockObject

user32

PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardOwner
GetClipboardFormatNameW
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardViewer
DefWindowProcW
SetClipboardViewer
PostQuitMessage
DestroyWindow
ChangeClipboardChain
UnregisterClassW
RegisterWindowMessageW
CreateWindowExW
RegisterClassW
GetClipboardData
SendMessageW

shell32

SHFileOperationA
SHFileOperationW

winsta

WinStationQueryInformationW
WinStationVirtualOpen

wsock32

socket
WSAGetLastError
WSAStartup
WSACleanup
closesocket
getsockopt
ioctlsocket
sendto

ws2_32

WSACloseEvent
WSACreateEvent
WSAGetOverlappedResult
WSARecvFrom

msacm32

acmDriverOpen
acmStreamSize
acmStreamPrepareHeader
acmDriverClose
acmStreamClose
acmFormatSuggest
acmStreamOpen
acmFormatTagDetailsW
acmDriverEnum
acmStreamUnprepareHeader
acmStreamConvert

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ole32

OleIsCurrentClipboard
CoGetMalloc
OleSetClipboard
OleInitialize

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

winsta

wsock32

ws2_32

msacm32

wtsapi32

ole32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 72KB

.rsrc Size: 28KB - Virtual size: 29KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 72KB

.rsrc
Size: 28KB - Virtual size: 29KB