529517bd252ede651315b2b05f5d365662bacfd873fab455084092424cfd1fdd_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

529517bd252ede651315b2b05f5d365662bacfd873fab455084092424cfd1fdd_NeikiAnalytics.exe
Size

720KB
MD5

09689da81f329f66b68e097d343a1920
SHA1

2a73801addaf97eaae94d10b2a9dacab465a49a0
SHA256

529517bd252ede651315b2b05f5d365662bacfd873fab455084092424cfd1fdd
SHA512

12d5ee100105c0ed84efac906f453591296a68927483aa423f54ea8a51876fa4ee3401239a20fbc5c150e1f64072f308b52fb49bd0dbf02ae97fac304d5639f4
SSDEEP

12288:f7hU1vpoJYV3VfCfHcqNS0zKepmlDlpVfjp8EizX+AuV27snt5odJMs:FU1iUVg9N9JMlDlfjRiVuVsWt5MJMs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
529517bd252ede651315b2b05f5d365662bacfd873fab455084092424cfd1fdd_NeikiAnalytics.exe

Files

529517bd252ede651315b2b05f5d365662bacfd873fab455084092424cfd1fdd_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

3064221fc9208288e0016821c0f93774

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

muirct.pdb

Imports

advapi32

IsTextUnicode

kernel32

CreateDirectoryW
SizeofResource
LocalAlloc
GetFileAttributesW
SetFileAttributesW
GetLastError
LockResource
DeleteFileW
HeapSetInformation
LoadResource
LocalFree
FreeLibrary
CopyFileW
LoadLibraryExW
HeapCreate
HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
FormatMessageW
GetFullPathNameW
EnumResourceTypesW
WriteFile
EnumResourceNamesW
CreateFileW
GetVersionExW
UnmapViewOfFile
CloseHandle
EnumResourceLanguagesW
LoadLibraryW
FindResourceExW
UpdateResourceW
GetProcAddress
GetModuleHandleW
BeginUpdateResourceW
CreateFileMappingW
MapViewOfFile
ReadFile
GetFileSizeEx
MultiByteToWideChar
Sleep
VirtualProtect
GetTempFileNameW
_lread
MoveFileExW
GlobalLock
GlobalFree
_llseek
GetTempPathW
SetLastError
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalUnlock
_lwrite
_lclose

msvcrt

_exit
_cexit
__setusermatherr
_initterm
_errno
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
memcpy
memset
__wgetmainargs
memcmp
exit
_amsg_exit
_XcptFilter
_CxxThrowException
__set_app_type
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
__CxxFrameHandler
??1type_info@@UEAA@XZ
bsearch
wcsncpy
__iob_func
wcsncmp
towupper
_wcsnicmp
wcsstr
strncmp
strtoul
wcschr
toupper
towlower
_vsnwprintf
malloc
free
fwprintf
vfwprintf
wcsrchr
_purecall
wcstoul
_wcsicmp
__C_specific_handler
wcscmp

imagehlp

MapFileAndCheckSumW

bcrypt

BCryptHashData
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptCreateHash

user32

CharLowerW

ntdll

RtlLookupFunctionEntry
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlVirtualUnwind

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3064221fc9208288e0016821c0f93774

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

imagehlp

bcrypt

user32

ntdll

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 568KB - Virtual size: 572KB