7994577209fc03a1a72d3c6d0c2397e0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

7994577209fc03a1a72d3c6d0c2397e0_NeikiAnalytics
Size

203KB
MD5

7994577209fc03a1a72d3c6d0c2397e0
SHA1

4858198ae6ed616f12c7e9c7037ea4240321a362
SHA256

f0c13ba6febf0143a2486db5176fc2d00fe2c1901beaf5ac423050893a1c7b4e
SHA512

d42dc825d3dd613bfd8ff708711be4d47124ee1ecedd521b62b5fac1a09fa64be3cd1a18d1d2dd9e524105c00f7e779303f759975f9aed3537170be2a0968151
SSDEEP

3072:7MqqDLy/IWvSw+UlwSKkTLB0gNFNSLnQ0EV8e3FuzhdJd3ZJzhdJdJdCqtNN7E5p:4qqDLuRS2KP/TU3FWdCql8aaFaBM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7994577209fc03a1a72d3c6d0c2397e0_NeikiAnalytics

Files

7994577209fc03a1a72d3c6d0c2397e0_NeikiAnalytics
.dll regsvr32 windows:5 windows x86 arch:x86

f838d185b4afcf5074e69f871c27c34a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rsaenh.pdb

Imports

msvcrt

_strlwr
free
_initterm
malloc
_adjust_fdiv
_resetstkoflw
memcpy
memset
wcslen
wcscmp
wcscpy
wcscat
_except_handler3

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DelayLoadFailureHook
RtlMoveMemory
LocalAlloc
CloseHandle
GetCurrentThread
HeapReAlloc
Sleep
MultiByteToWideChar
GetVersionExA
GetSystemDirectoryW
CreateFileW
FindFirstFileExW
WriteFile
GetFileSize
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WideCharToMultiByte
FindNextFileW
LoadLibraryExA
SizeofResource
LoadResource
FindResourceA
ReadFile
_lclose
SetFilePointer
OpenFile
InterlockedCompareExchange
lstrcpyW
HeapAlloc
GetProcessHeap
HeapFree
DisableThreadLibraryCalls
GetModuleFileNameA
DeleteCriticalSection
IsBadWritePtr
lstrcmpiA
lstrcmpA
InitializeCriticalSection
LoadLibraryA
GetProcAddress
lstrcpyA
FreeLibrary
LocalFree
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrlenA
FindClose
SetLastError
GetLastError

advapi32

GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetAclInformation
GetAce
FreeSid
SystemFunction041
SystemFunction040
OpenThreadToken
OpenProcessToken
GetTokenInformation
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EqualSid
SetThreadToken
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
PrivilegeCheck
LookupPrivilegeValueA
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyA
AdjustTokenPrivileges
ImpersonateSelf
RegCreateKeyExA
RegSetValueExA
GetUserNameA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegGetKeySecurity
RegCloseKey
RegQueryValueExA
MD5Final
MD5Update
MD5Init
A_SHAFinal
A_SHAUpdate
A_SHAInit
RegDeleteValueA
SystemFunction036
AddAccessAllowedAce

ntdll

NtClose
RtlFreeHeap
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlImageNtHeader
RtlNtStatusToDosError

user32

LoadStringW
wsprintfA
wsprintfW

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f838d185b4afcf5074e69f871c27c34a

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

ntdll

user32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 183KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 183KB - Virtual size: 183KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB