0cab03f42145bf051b0b3e7e398147c0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

0cab03f42145bf051b0b3e7e398147c0_NeikiAnalytics
Size

5.5MB
MD5

0cab03f42145bf051b0b3e7e398147c0
SHA1

8b7f9c512b5e1a6ebe2d6adbf098aa2fc3e119e3
SHA256

8ed0bdc9de873b3ed24a4f0d9878c7ce7299ea59e978e45e2bdc56d96d803c4b
SHA512

1d4116e7c0b20e1800933096b2aa93179cd88dc339a3201b81d85d748cf1cce8edc6cd86861a1a1e29ab106b4f89a36df70099838c23b7f4d1c528ed6e5d3231
SSDEEP

98304:49H7Yiii3XrIOWyFoyGF+TQurY4xxWMJW:4uiii3XQy4WxTo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cab03f42145bf051b0b3e7e398147c0_NeikiAnalytics

Files

0cab03f42145bf051b0b3e7e398147c0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

d6c83bef18ee6861db1eaca161bbc1a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultLCID
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFileTimeToFileTime
LocalFree
lstrcmpiA
lstrcmpW
lstrlenA
lstrlenW
MapViewOfFile
MoveFileA
MoveFileW
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringW
PeekNamedPipe
PulseEvent
GetTempPathW
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFileTime
SetHandleCount
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessAffinityMask
SetStdHandle
SetSystemTime
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WriteProcessMemory
Process32FirstW
Process32NextW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDirectoryA
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetShortPathNameA
GetProfileStringW
GetProcessHeap
GetProcessAffinityMask
GetProcAddress
GetPriorityClass
GetOverlappedResult
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLogicalDrives
GetLocalTime
GetLocaleInfoW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileType
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesExW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDateFormatW
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrencyFormatW
GetCPInfo
GetCommandLineW
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FormatMessageA
FlushFileBuffers
FindNextFileW
FindNextFileA
FindNextChangeNotification
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FatalAppExitA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitThread
ExitProcess
EnumSystemLocalesA
DuplicateHandle
DisconnectNamedPipe
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
DefineDosDeviceA
CreateThread
CreateSemaphoreW
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreatePipe
CreateNamedPipeA
CreateMutexW
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
ConnectNamedPipe
CompareStringW
CompareStringA
GetStartupInfoW
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
LoadLibraryA
OpenMutexA
QueryPerformanceCounter
CreateMutexA

user32

wsprintfA
WindowFromPoint
ValidateRgn
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TrackPopupMenuEx
ToUnicode
ToAscii
SystemParametersInfoW
ShowWindow
SetWindowTextW
SetWindowTextA
SetWindowsHookExW
SetWindowRgn
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetParent
SetMenuItemInfoW
SetFocus
SetDoubleClickTime
SetCursorPos
SetClipboardViewer
SetClipboardData
SetClassLongW
SetCaretPos
SetCaretBlinkTime
SetCapture
SendMessageW
SendMessageTimeoutW
ScrollWindowEx
ScreenToClient
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterWindowMessageA
RegisterClipboardFormatW
RegisterClassW
RegisterClassExW
PostThreadMessageW
PostMessageW
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MoveWindow
MessageBoxW
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyW
MapDialogRect
LoadImageW
LoadIconW
SetForegroundWindow
SendMessageA
FindWindowA
KillTimer
IsZoomed
IsWindowVisible
IsIconic
IsChild
InvalidateRgn
InvalidateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetUserObjectInformationW
GetUpdateRect
GetSystemMenu
GetSysColorBrush
GetQueueStatus
GetProcessWindowStation
GetParent
GetMessageW
GetMenu
GetKeyState
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetIconInfo
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardFormatNameW
GetClientRect
GetClassNameA
GetClassLongW
GetClassInfoW
GetCaretBlinkTime
GetAsyncKeyState
GetActiveWindow
FindWindowW
FindWindowExW
ExitWindowsEx
EnumWindows
EnumDisplaySettingsW
EnumChildWindows
EndDialog
EnableMenuItem
EmptyClipboard
DrawTextA
DrawIconEx
DispatchMessageW
DialogBoxIndirectParamW
DestroyWindow
DestroyIcon
DestroyCursor
DestroyCaret
DefWindowProcW
CreateWindowExW
CreateIconIndirect
CreateCursor
CreateCaret
CloseClipboard
ClipCursor
ClientToScreen
CharUpperBuffW
CharUpperBuffA
GetSystemMetrics
DrawTextW

gdi32

StretchBlt
StartPage
SetWorldTransform
SetTextColor
SetTextAlign
SetPolyFillMode
SetGraphicsMode
SetBkMode
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RestoreDC
ResetDCW
RealizePalette
PtInRegion
PolyBezierTo
OffsetRgn
MoveToEx
LineTo
GetTextMetricsW
GetTextFaceW
GetTextExtentPoint32W
GetStockObject
GetRegionData
GetPaletteEntries
GetOutlineTextMetricsW
GetObjectW
GetObjectA
GetNearestPaletteIndex
GdiFlush
GetGlyphOutlineW
GetFontData
GetDIBits
GetDeviceCaps
GetCharABCWidthsW
GetCharABCWidthsFloatW
CreateCompatibleDC
FillPath
ExtTextOutW
ExtCreatePen
EnumFontFamiliesExW
EndPage
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreatePalette
CreateFontIndirectW
CreateEllipticRgn
CreateDIBSection
CreateDCW
GetBkMode

winspool.drv

OpenPrinterW
GetPrinterW

advapi32

GetUserNameW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
SetSecurityDescriptorDacl
SetFileSecurityW
RevertToSelf
ReportEventW
ReportEventA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegisterServiceCtrlHandlerW
RegisterEventSourceW
RegisterEventSourceA
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
RegConnectRegistryW
RegConnectRegistryA
RegCloseKey
QueryServiceStatus
QueryServiceConfigW
QueryServiceConfigA
PrivilegeCheck
OpenThreadToken
OpenServiceW
OpenServiceA
OpenSCManagerW
OpenSCManagerA
CreateServiceA
CreateServiceW
DeleteService
DeregisterEventSource
DuplicateToken
EqualSid
FreeSid
GetLengthSid
GetTokenInformation
GetUserNameA
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
InitializeSecurityDescriptor
InitiateSystemShutdownA
LogonUserW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeValueA
OpenProcessToken

msvcrt

_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_mpeg_9
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6c83bef18ee6861db1eaca161bbc1a1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

msvcrt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 4.0MB

.rsrc Size: 484KB - Virtual size: 482KB

_mpeg_9 Size: 2.7MB - Virtual size: 2.7MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 4.0MB

.rsrc
Size: 484KB - Virtual size: 482KB

_mpeg_9
Size: 2.7MB - Virtual size: 2.7MB