4f6857c8f68dfcf7626f8e38d91c66daafc8bf6c4d35ba649c5be4b4cb325ae7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4f6857c8f68dfcf7626f8e38d91c66daafc8bf6c4d35ba649c5be4b4cb325ae7_NeikiAnalytics.exe
Size

15KB
MD5

0df974216d0daa703af73028d054a720
SHA1

1a0bab59ffa63d2a482fdaa88b60ba0fef414afc
SHA256

4f6857c8f68dfcf7626f8e38d91c66daafc8bf6c4d35ba649c5be4b4cb325ae7
SHA512

22bda46f68d7fced9cd8fc542aae3313539aa39b335e21aa207af729a22f316c0aa72bd5020c29a0645c38d0a2521cff3f712697791a33852327899eade59ec8
SSDEEP

192:UcmBFPDY8wdyA2ACa0v+Da8YGuDDDDDDDDDDDDDDDDDDDeyMs0la3Rz/gByh:U1BH8yXf0dItg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f6857c8f68dfcf7626f8e38d91c66daafc8bf6c4d35ba649c5be4b4cb325ae7_NeikiAnalytics.exe

Files

4f6857c8f68dfcf7626f8e38d91c66daafc8bf6c4d35ba649c5be4b4cb325ae7_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

b8ec022069db52c1166e996c8e906011

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt-ruby330

OnigEncAsciiToLowerCaseTable
Sleep@4
onigenc_always_false_is_allowed_reverse_match
onigenc_unicode_apply_all_case_fold
onigenc_unicode_case_map
onigenc_unicode_get_case_fold_codes_by_str
onigenc_unicode_is_code_ctype
onigenc_unicode_mbc_case_fold
onigenc_unicode_property_name_to_ctype
onigenc_utf16_32_get_ctype_code_range
rb_enc_register

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

Exports

Exports

Init_utf_32le
_nm__OnigEncAsciiToLowerCaseTable

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 140B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8ec022069db52c1166e996c8e906011

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt-ruby330

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 40B

.rdata Size: 1KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 140B

.edata Size: 512B - Virtual size: 120B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 528B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 40B

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 140B

.edata
Size: 512B - Virtual size: 120B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 528B