0ba7a1a3422bb3d28c675e0ad089f030_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

0ba7a1a3422bb3d28c675e0ad089f030_NeikiAnalytics
Size

860KB
MD5

0ba7a1a3422bb3d28c675e0ad089f030
SHA1

7e294c92b449d6e8a89ef763c6e0528fdb0cabae
SHA256

159c64ddb7b4489fbeab85f4773095cec20534c2655ddc49b44c03f0b1822bdf
SHA512

98d13ead17c0f9d610b635513cebf73fb59bc0c8f7341dd81d96a0abf72387c80661a072c0921e36d59c5fc34f6a947e046ba9056a55e6c9dd95788a2a514491
SSDEEP

24576:xF9PwmrNil0S0QdMDqShlm+s4gp82VCXyeGkGX9u3OVFcnJBCIJCxG:xF9AeGkGX9ueS3tCk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ba7a1a3422bb3d28c675e0ad089f030_NeikiAnalytics

Files

0ba7a1a3422bb3d28c675e0ad089f030_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

ac2a18f943e3fa780363af013228b4d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

hhctrl.ocx

ord14

mfc42

ord5277
ord4627
ord2124
ord4425
ord3597
ord324
ord2302
ord4234
ord2379
ord5289
ord6199
ord3874
ord3092
ord4710
ord755
ord470
ord2864
ord4610
ord2725
ord5923
ord5981
ord4083
ord3481
ord5098
ord4619
ord1825
ord4238
ord3663
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord1746
ord5577
ord3172
ord5653
ord4420
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord922
ord4823
ord4129
ord5710
ord5683
ord4858
ord5740
ord3499
ord2515
ord355
ord6648
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord1776
ord5290
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord4723
ord2535
ord6334
ord5240
ord4277
ord4278
ord2763
ord859
ord3337
ord801
ord6143
ord541
ord6883
ord2614
ord2919
ord3811
ord2358
ord2289
ord2370
ord2301
ord2642
ord319
ord4224
ord2411
ord2023
ord4218
ord2578
ord4398
ord3402
ord3582
ord616
ord567
ord2299
ord6663
ord2764
ord2575
ord4396
ord3574
ord609
ord4047
ord2294
ord536
ord2362
ord2298
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord5287
ord4835
ord768
ord489
ord4258
ord4854
ord4377
ord4976
ord3317
ord3721
ord795
ord2737
ord6197
ord3610
ord656
ord1908
ord4715
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord5850
ord5638
ord1008
ord6176
ord496
ord4259
ord2528
ord3475
ord6007
ord6880
ord6743
ord6515
ord5849
ord3698
ord5271
ord5861
ord2109
ord2086
ord6779
ord2587
ord4406
ord3394
ord3729
ord804
ord6785
ord1146
ord6241
ord3571
ord3573
ord3626
ord640
ord2414
ord5787
ord5785
ord1640
ord323
ord6453
ord3301
ord3286
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord6929
ord6927
ord3619
ord6905
ord4275
ord4402
ord3640
ord693
ord3998
ord3293
ord3996
ord4243
ord3302
ord283
ord3797
ord2859
ord3692
ord802
ord542
ord1085
ord5601
ord613
ord289
ord6172
ord5791
ord5873
ord2754
ord3706
ord5875
ord5789
ord2152
ord3719
ord793
ord3361
ord686
ord384
ord2652
ord1669
ord2634
ord2098
ord4123
ord4394
ord6242
ord3742
ord818
ord4124
ord1270
ord1232
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord5788
ord2860
ord2567
ord6379
ord5503
ord4400
ord682
ord4133
ord4297
ord5307
ord4698
ord6654
ord2862
ord2393
ord5053
ord6605
ord1265
ord6909
ord6720
ord5440
ord6383
ord5450
ord6394
ord809
ord556
ord1088
ord2122
ord5261
ord2446
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord807
ord796
ord794
ord674
ord326
ord6491
ord554
ord529
ord527
ord366
ord620
ord5884
ord2921
ord2012
ord6565
ord6619
ord6000
ord2117
ord6146
ord5885
ord3289
ord2453
ord2097
ord5731
ord4163
ord2120
ord4457
ord2252
ord5252
ord1133
ord6069
ord2011
ord3870
ord4676
ord4671
ord4448
ord6778
ord1083
ord5600
ord5621
ord3702
ord501
ord773
ord2639
ord6442
ord955
ord2582
ord2841
ord2448
ord3496
ord6378
ord6904
ord3910
ord2044
ord2107
ord5834
ord3873
ord6669
ord2574
ord3572
ord1660
ord2817
ord5607
ord3994
ord1834
ord4375
ord4852
ord4229
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord3803
ord1871
ord1567
ord268
ord2080
ord1949
ord5821
ord3662
ord812
ord1205
ord1176
ord414
ord559
ord713
ord2809
ord2970
ord4287
ord6144
ord3693
ord1706
ord430
ord786
ord2461
ord3318
ord6389
ord519
ord6311
ord6283
ord6282
ord2784
ord4171
ord5445
ord703
ord404
ord3216
ord4042
ord2504
ord5903
ord5510
ord1652
ord429
ord1829
ord3754
ord3752
ord6128
ord6141
ord2233
ord4045
ord5610
ord5604
ord2527
ord482
ord4333
ord2814
ord3810
ord798
ord533
ord2096
ord4544
ord3274
ord3579
ord439
ord736
ord5495
ord5685
ord4226
ord2089
ord816
ord562
ord4284
ord2452
ord2801
ord6222
ord4809
ord3876
ord4267
ord5442
ord665
ord5186
ord354
ord6170
ord1797
ord5890
ord2937
ord1905
ord4644
ord4217
ord2576
ord4397
ord3352
ord1658
ord3517
ord4257
ord1904
ord4256
ord4515
ord5228

msvcrt

_mbscmp
__CxxFrameHandler
strstr
atoi
_stricmp
_strdup
free
_splitpath
sprintf
_purecall
_setmbcp
strncmp
strncpy
memmove
qsort
div
strchr
strncat
bsearch
_ftol
_controlfp
_mbsstr
_itoa
strtoul
iscntrl
sscanf
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

kernel32

Sleep
GetSystemTime
GetLocalTime
GlobalAlloc
GlobalFree
GetTickCount
MulDiv
GlobalSize
GlobalLock
GlobalUnlock
GlobalReAlloc
OutputDebugStringA
GetVersionExA
GetModuleHandleA
WinExec
GetProcAddress
GetVersion
lstrlenA
lstrcpyA
lstrcatA
GetStartupInfoA
CreateProcessA
GetFileSize
ReadFile
WriteFile
CloseHandle
CreateFileA
GetPrivateProfileStringA
FreeLibrary
GetWindowsDirectoryA
WritePrivateProfileStringA
LoadLibraryA
GetCurrentDirectoryA
lstrcpynA

user32

WindowFromPoint
SystemParametersInfoA
IsWindowVisible
DrawEdge
FrameRect
SetRect
DrawFrameControl
IsRectEmpty
OffsetRect
DispatchMessageA
TranslateMessage
GetKeyState
IntersectRect
IsClipboardFormatAvailable
GetMessagePos
IsWindow
SetWindowLongA
GetNextDlgTabItem
EnableWindow
GetClassNameA
CopyImage
SendMessageA
GetParent
PostQuitMessage
MessageBoxA
UpdateWindow
GetMenu
GetSubMenu
DeleteMenu
GetDC
ReleaseDC
TabbedTextOutA
SetCapture
GetCapture
RedrawWindow
GetClipCursor
CopyIcon
GrayStringA
ScreenToClient
ClientToScreen
InvertRect
SetRectEmpty
SetWindowRgn
InflateRect
GetClassInfoA
DefWindowProcA
LoadCursorA
PtInRect
GetWindowLongA
PostMessageA
LoadImageA
ScrollDC
DrawTextA
CopyRect
GetFocus
FillRect
DrawFocusRect
GetSystemMetrics
GetActiveWindow
LoadMenuA
GetMenuItemID
ModifyMenuA
EnableMenuItem
GetCursorPos
LoadBitmapA
GetSysColor
KillTimer
SetTimer
RegisterWindowMessageA
GetWindowRect
LoadIconA
MessageBeep
wsprintfA
SetForegroundWindow
ReleaseCapture
ClipCursor
InvalidateRect
SetParent
GetClientRect
SetCursor
GetDoubleClickTime
RegisterClassA
GetCaretPos

gdi32

CreateFontIndirectA
GetDeviceCaps
BitBlt
GetObjectA
ExtFloodFill
CreateSolidBrush
GetPixel
CreateCompatibleDC
GetTextExtentPoint32A
CreateCompatibleBitmap
StretchBlt
RealizePalette
CreateBitmap
GetBkColor
CreateFontA
CreatePalette
GetDIBColorTable
CreateHalftonePalette
GetCurrentObject
CombineRgn
CreateRectRgn
CreatePolygonRgn
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetStockObject
GetTextMetricsA
CreatePen
PatBlt
DeleteObject
CreateDIBitmap
CreateDIBSection
GetViewportOrgEx
LPtoDP
CreatePenIndirect
GetWindowOrgEx

comdlg32

CommDlgExtendedError

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA

shell32

ShellExecuteA

comctl32

ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

Sections

.text
Size: 716KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac2a18f943e3fa780363af013228b4d4

Headers

File Characteristics

Imports

winmm

hhctrl.ocx

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

msvfw32

Sections

.text Size: 716KB - Virtual size: 714KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 24KB - Virtual size: 30KB

.text
Size: 716KB - Virtual size: 714KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 24KB - Virtual size: 30KB