6abc14fbcbc19289f7dad80f6f8b56b0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

6abc14fbcbc19289f7dad80f6f8b56b0_NeikiAnalytics
Size

529KB
MD5

6abc14fbcbc19289f7dad80f6f8b56b0
SHA1

fc09cb98de1eb0ea76ddfa2797e53dc1888c5c3c
SHA256

aeae04753d61f468956cb6dccec31b38d3ccb5e926efd234c77dcfaec744ec80
SHA512

7a8d3495171dc9873d331b4564e20ee6b07b55ae8eac1994c1d6cd11601950f0cf6a7a98a04c581c71058004b28039dfb6f5e61f93858f0d027bd7c667e351c0
SSDEEP

12288:h1eRTBbI5tTlpivpB8NlsATUUamggNVL2Ld1rlr:Lwapo8HsAum5NVLI1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6abc14fbcbc19289f7dad80f6f8b56b0_NeikiAnalytics

Files

6abc14fbcbc19289f7dad80f6f8b56b0_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

ee24bcd3f271817ce03bb45b27f9f86d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord114
ord67
ord89
ord145
ord17
ord8
ord121
ord64
ord116
ord118
ord115
ord166
ord159
ord32
ord120
ord204
ord160
ord74
ord171
ord158
ord52
ord33
ord49
ord140
ord147
ord54
ord139
ord58
ord62
ord47
ord125
ord103

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetSystemInfo
VirtualAlloc
VirtualProtect
RaiseException
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
GetSystemTime
CreateFileA
GetFileSize
FindFirstFileA
GetLocaleInfoA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
ReadFile
GetVersion
GetVersionExA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
FindClose
WideCharToMultiByte
InterlockedExchange
GetACP
GetThreadLocale
FormatMessageA
GetTempPathA
GetTempFileNameA
DeleteFileA
FindNextFileA
RemoveDirectoryA
SetLastError
CreateDirectoryA
lstrlenA
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
GetModuleHandleA
GetCurrentProcess
GetExitCodeThread
CreateThread
VirtualQuery
SetEvent
SetFilePointer
MoveFileA
WriteFile
Sleep
FlushFileBuffers
ResetEvent
lstrcmpiA
CreateNamedPipeA
ConnectNamedPipe
MultiByteToWideChar
FindFirstFileW
DeleteFileW
SearchPathA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
GetModuleHandleW
CopyFileW
GetSystemDefaultLangID
GetCurrentProcessId
CreateFileW
GetCurrentThreadId
GetLocalTime
GetStdHandle
GetSystemTimeAsFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LocalAlloc
GetCommandLineA
RtlUnwind
ExitProcess
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetOEMCP
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateEventA

user32

GetDesktopWindow
CharNextA
FindWindowA
IsWindowVisible

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
CloseServiceHandle
OpenSCManagerA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
OpenServiceA
QueryServiceStatus
StartServiceA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetMalloc
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr

shlwapi

PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathFileExistsW

Exports

Exports

CleanPrereq
ConfigurePrereqLauncher
DoAppSearchEx
DownloadPrereq
EstimateExtractFiles
ExtractPrereq
ExtractSourceFiles
InstallPostPrereq
InstallPrereq
VerifyPrereq

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee24bcd3f271817ce03bb45b27f9f86d

Headers

File Characteristics

Imports

msi

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 188KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 188KB - Virtual size: 188KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 28KB - Virtual size: 27KB