25939b1cb2eecc2e988e640a46b5ea90_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

25939b1cb2eecc2e988e640a46b5ea90_NeikiAnalytics
Size

913KB
MD5

25939b1cb2eecc2e988e640a46b5ea90
SHA1

d934148145040b14993fa3e0faa0a5e438093ec4
SHA256

11014e0ce7617bd367e238263d19b4e5cb679cf4797d938c1b286e1d8469a604
SHA512

b8712414a1e17889b67e50e05f1506f66bd797e1f56a295db78e151b7e537d9f0b572c5f30c18cdc6b9f2cb897be407326ff11ed123b64e86d4b5042bbc8c2f4
SSDEEP

24576:HmWAsCKixOpTbctdQXamrcp4wml1tcIOvDRkV1Q7v:GWPBmYTbidSgpYaIOvDmQ7v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25939b1cb2eecc2e988e640a46b5ea90_NeikiAnalytics

Files

25939b1cb2eecc2e988e640a46b5ea90_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

55e9abfe08b72f97836edd23c83e6cf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetOpenW

msi

ord113

uxtheme

SetWindowTheme

mfc140u

ord4260
ord6948
ord13442
ord7670
ord9948
ord9949
ord9689
ord9971
ord9980
ord9785
ord10236
ord9640
ord8909
ord9841
ord9851
ord12920
ord4281
ord10248
ord7969
ord8181
ord4347
ord8778
ord6656
ord660
ord13687
ord6987
ord1926
ord8915
ord8008
ord11206
ord9768
ord14787
ord14789
ord10481
ord12202
ord7559
ord6533
ord8892
ord9734
ord9946
ord9633
ord9636
ord9917
ord9707
ord9628
ord9922
ord9924
ord5079
ord6456
ord9837
ord3396
ord4602
ord5090
ord9775
ord8326
ord10413
ord10194
ord4191
ord9626
ord6361
ord6365
ord10246
ord10242
ord9963
ord9931
ord10199
ord10159
ord9585
ord9609
ord9658
ord9676
ord6934
ord6937
ord9788
ord10107
ord9791
ord9874
ord8771
ord7799
ord7309
ord805
ord1338
ord11852
ord10866
ord10958
ord11467
ord6171
ord8262
ord8214
ord6961
ord7667
ord5951
ord5684
ord10178
ord10201
ord9712
ord9591
ord9908
ord9724
ord9780
ord10191
ord6918
ord9914
ord9927
ord9935
ord9653
ord9648
ord9670
ord9974
ord9728
ord9731
ord9736
ord9800
ord10185
ord9616
ord9622
ord10408
ord10417
ord9717
ord9722
ord10207
ord9741
ord9679
ord6995
ord10125
ord10119
ord9953
ord9940
ord10239
ord7014
ord7003
ord9630
ord5151
ord10216
ord11332
ord9762
ord10213
ord9968
ord9958
ord9902
ord9687
ord9643
ord9898
ord9804
ord9820
ord9832
ord9864
ord9827
ord9867
ord9853
ord10223
ord10227
ord9807
ord9860
ord9839
ord9843
ord9814
ord6454
ord9817
ord9812
ord9661
ord9858
ord4185
ord9877
ord10229
ord9856
ord9847
ord9845
ord9824
ord9894
ord9890
ord9882
ord9886
ord9871
ord10234
ord6452
ord9850
ord9835
ord6451
ord6458
ord6448
ord10220
ord9796
ord10105
ord7675
ord6938
ord2814
ord1206
ord581
ord1405
ord3359
ord8062
ord6801
ord9375
ord9128
ord1070
ord3872
ord4187
ord8744
ord4222
ord3147
ord6497
ord9126
ord1066
ord4219
ord3145
ord6490
ord3833
ord11392
ord14507
ord13544
ord4477
ord14234
ord3797
ord4649
ord13293
ord8712
ord4664
ord1693
ord5074
ord2473
ord2246
ord8360
ord12921
ord12763
ord280
ord12559
ord5109
ord266
ord265
ord1511
ord7558
ord9244
ord10480
ord12201
ord1257
ord655
ord7231
ord11000
ord6309
ord11934
ord11933
ord11935
ord11932
ord11169
ord10570
ord9042
ord11021
ord11235
ord8977
ord4886
ord14599
ord14096
ord13065
ord9365
ord9235
ord12173
ord462
ord7109
ord1113
ord13310
ord3194
ord1207
ord582
ord2209
ord2304
ord1133
ord6549
ord9135
ord1446
ord4236
ord3257
ord6834
ord12131
ord6218
ord13752
ord2760
ord9210
ord1111
ord9040
ord11015
ord11396
ord10472
ord4092
ord3403
ord3404
ord3164
ord6129
ord6220
ord13756
ord3305
ord3302
ord10255
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord10231
ord4644
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord5790
ord9693
ord4494
ord9977
ord9595
ord10162
ord9786
ord14242
ord2810
ord12110
ord12157
ord5009
ord4228
ord14131
ord1068
ord362
ord13087
ord4881
ord3957
ord8754
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13028
ord13703
ord5935
ord7820
ord14137
ord5422
ord5419
ord2682
ord12124
ord3941
ord3371
ord3372
ord4188
ord4275
ord4259
ord9225
ord3054
ord9253
ord2594
ord4108
ord13224
ord6248
ord3238
ord2215
ord4466
ord2259
ord11038
ord8776
ord8773
ord4885
ord1391
ord890
ord14657
ord12405
ord14604
ord12348
ord7541
ord5110
ord1237
ord2378
ord12583
ord14308
ord8479
ord9208
ord8974
ord14216
ord12194
ord11893
ord13007
ord2801
ord8461
ord8018
ord4590
ord1473
ord996
ord6861
ord1258
ord8470
ord7653
ord8386
ord12247
ord10433
ord12928
ord12865
ord7997
ord8324
ord5357
ord10379
ord2486
ord12542
ord12541
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11983
ord11982
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord9684
ord14668
ord6349
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord5763
ord10250
ord14244
ord631
ord7209
ord11995
ord13763
ord545
ord1526
ord3849
ord6751
ord13275
ord1433
ord13901
ord3362
ord3246
ord7763
ord6825
ord10428
ord4323
ord14419
ord2993
ord2991
ord3237
ord5731
ord6795
ord898
ord358
ord6812
ord13086
ord13062
ord8811
ord8365
ord4171
ord540
ord4884

kernel32

GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSection
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
FreeLibrary
lstrcpynW
OutputDebugStringW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
GetModuleFileNameW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetFileAttributesExW
GetTempFileNameW
ReadFile
CloseHandle
Sleep
GetVersionExA
GlobalUnlock
GlobalLock
MoveFileExW
SetLastError
InitializeCriticalSectionAndSpinCount
LoadLibraryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
CopyFileW
TerminateProcess
GetTickCount
GetStartupInfoW
CreateProcessW
SetHandleInformation
GenerateConsoleCtrlEvent
WaitForSingleObject
CreatePipe

user32

OffsetRect
SetCursor
RedrawWindow
DrawIcon
AppendMenuW
GetSystemMenu
GetSystemMetrics
GetClipboardData
CloseClipboard
OpenClipboard
IsIconic
MapWindowPoints
GetClientRect
GetDC
InvalidateRect
UpdateWindow
LoadIconW
PostMessageW
MapDialogRect
MessageBoxW
GetWindowRect
EnableWindow
SendMessageW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
SetForegroundWindow
SetRect
ClientToScreen
ShowScrollBar
ReleaseCapture
SetCapture
SystemParametersInfoW
GetDesktopWindow
GetWindowLongW
DrawTextExW
LoadCursorW
GetParent
CopyRect
GetCursorPos
GetClassInfoW
DefWindowProcW
DrawFrameControl
TabbedTextOutW
LoadImageW
IsClipboardFormatAvailable
RegisterWindowMessageW
IsWindow
BringWindowToTop
GetFocus
SetTimer
KillTimer
ReleaseDC
LockWindowUpdate
ScreenToClient
GetSysColor
FillRect
FrameRect
InflateRect
IsRectEmpty
PtInRect
GrayStringW
DrawTextW

gdi32

PtVisible
GetTextExtentPoint32W
GetBkColor
Escape
CreateCompatibleBitmap
BitBlt
GetCurrentObject
CreateRectRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectW
GetObjectW
DeleteDC
DeleteObject
CreateCompatibleDC
SelectObject
StretchBlt
CreateDIBSection
Rectangle
ExtTextOutW
RectVisible
TextOutW

advapi32

RegisterEventSourceA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
ReportEventA
DeregisterEventSource
RegFlushKey
RegSetValueExW

shell32

SHGetFolderLocation
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW

comctl32

ImageList_GetImageInfo
InitCommonControlsEx
ImageList_GetBkColor
ImageList_SetBkColor

shlwapi

PathFileExistsW

ole32

CoTaskMemFree

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdiplusShutdown

msvcp140

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z

ws2_32

shutdown
WSAGetLastError
WSACleanup
WSAStartup
getservbyname
gethostname
gethostbyname
socket
send
select
recv
inet_ntoa
inet_addr
htons
getpeername
ioctlsocket
connect
closesocket
__WSAFDIsSet
WSASetLastError

vcruntime140

wcsstr
memcpy
__std_terminate
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
memchr
memset
strstr
memmove
strchr
__current_exception
__current_exception_context

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wremove
_wmkdir
remove
_stat64i32

api-ms-win-crt-stdio-l1-1-0

_wfopen
__stdio_common_vfprintf
fclose
__p__commode
fread
fseek
ftell
_set_fmode
ferror
fflush
_setmode
_fileno
fgets
fwrite
rewind
__stdio_common_vsscanf
__stdio_common_vswscanf
fputs
feof
fopen
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
realloc
_recalloc
malloc

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
_itoa
atol
_wtol
_itow

api-ms-win-crt-time-l1-1-0

_mktime64
_time64
_localtime64_s
_gmtime64
_localtime64

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_invalid_parameter_noinfo
signal
_errno
_beginthread
_seh_filter_exe
strerror
_set_app_type
exit
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_endthreadex
abort
_initialize_onexit_table
_controlfp_s
_configure_wide_argv
terminate
_crt_atexit
_register_onexit_function

api-ms-win-crt-string-l1-1-0

wcscpy_s
isalpha
_strnicmp
isdigit
isalnum
strncmp
strcmp
tolower
wcstok
isspace
isupper
strncpy
isxdigit

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55e9abfe08b72f97836edd23c83e6cf3

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

msi

uxtheme

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 524KB - Virtual size: 524KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 64KB - Virtual size: 216KB

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 524KB - Virtual size: 524KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 64KB - Virtual size: 216KB

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 47KB - Virtual size: 47KB