a7b3fe6ab5be669c3b24e6cefe4ceec0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

a7b3fe6ab5be669c3b24e6cefe4ceec0_NeikiAnalytics
Size

1011KB
MD5

a7b3fe6ab5be669c3b24e6cefe4ceec0
SHA1

84f107fd4afcc4b45c92e945c0b9a0670ca95d30
SHA256

468001f9cc6b21d7b70adfebc9fabc3a21a33ab9e07325dd92eff4d0d91e67fb
SHA512

0b09b70314ea3816466e30075643b69e8639bb6e12f9dbabc56889623e0122cfc5fe8fd6529bebd8d542d57ba25ba519f3df3fa2112fc087fec4121b5737df32
SSDEEP

24576:M71rfqKQZA4gLhMHLIfdLBgpdsap6VjL7LgGaQn:FYyp56KGaQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7b3fe6ab5be669c3b24e6cefe4ceec0_NeikiAnalytics

Files

a7b3fe6ab5be669c3b24e6cefe4ceec0_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

472d3bc003e132e96480b5a117b3577e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

EnumProcesses
GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

shlwapi

PathFindNextComponentA
PathFileExistsA
SHDeleteKeyA
PathIsDirectoryA
PathAppendA
PathRemoveFileSpecA

kernel32

GetSystemDirectoryA
WritePrivateProfileSectionA
GetShortPathNameA
GetPrivateProfileSectionA
MoveFileExA
GetCurrentProcess
GetCurrentThread
GetSystemInfo
OpenProcess
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
LoadResource
SizeofResource
FindResourceExA
FindResourceA
ReadFile
LocalAlloc
GetStdHandle
GetFileType
GetVersion
OutputDebugStringA
GetACP
FlushConsoleInputBuffer
QueryPerformanceCounter
GlobalMemoryStatus
CloseHandle
SetEndOfFile
WriteFile
GetLastError
CreateFileA
DeleteFileA
GetCurrentThreadId
SetEvent
WaitForSingleObject
CreateEventA
TerminateThread
WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
LocalFree
CreateDirectoryA
CreateProcessA
GetModuleFileNameA
GetExitCodeProcess
TerminateProcess
Sleep
GetTickCount
GetProcAddress
LoadLibraryA
FreeLibrary
InitializeCriticalSection
GetCurrentProcessId
DeleteCriticalSection
lstrlenA
CopyFileA
GetEnvironmentVariableA
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
GetModuleHandleA
SetLastError
FormatMessageA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVersionExA

user32

AppendMenuA
SetWindowPos
GetWindowRect
SetWindowTextA
SendMessageA
ShowCursor
SetCursor
LoadCursorA
DestroyWindow
EnableWindow
ShowWindow
EnableMenuItem
SetFocus
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemTextA
SetWindowLongA
SetClassLongA
GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation
LoadIconA
GetThreadDesktop
GetUserObjectInformationA
LookupIconIdFromDirectory
CreateIconFromResource
IsWindow
GetSystemMetrics
LoadImageA
CreateDialogIndirectParamA
DefWindowProcA
LoadMenuIndirectA
GetSubMenu
GetCursorPos
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
PostQuitMessage
UnregisterClassA
RegisterClassExA
CreateWindowExA
RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
GetForegroundWindow
DestroyIcon
EnumWindows
GetWindowThreadProcessId
GetClassNameA
PostMessageA
LoadStringA
SetForegroundWindow
GetWindowLongA
GetParent
GetSystemMenu
CheckMenuItem

advapi32

SetNamedSecurityInfoA
RegDeleteValueA
RegEnumValueA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RevertToSelf
AccessCheck
MapGenericMask
ImpersonateSelf
GetNamedSecurityInfoA
GetSecurityInfo
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
GetSidSubAuthority
GetSidSubAuthorityCount
DeregisterEventSource
ReportEventA
RegisterEventSourceA
LookupAccountSidW
ConvertStringSidToSidA
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserA
SetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetAce

shell32

SHGetFileInfoA
Shell_NotifyIconA
ord680
SHFileOperationA
ShellExecuteExA

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

wsock32

closesocket
getsockopt
accept
__WSAFDIsSet
WSAStartup
socket
setsockopt
htons
connect
recv
send
inet_ntoa
select
WSAGetLastError
shutdown
ioctlsocket
gethostbyname
WSASetLastError

wininet

HttpEndRequestA
InternetGetConnectedState
InternetOpenA
InternetSetCookieA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetQueryOptionA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
InternetCrackUrlA

sslhelper

uuencode
AEPMessageBoxLang
DestroyPermCache
AEPMessageBox
CloseSecureConnection
FreeParsedProxies
SetUserDefinedProxyConfig
ParseProxyString
GetUserDefinedProxyConfig
ShowAEPStyleDialog
FreeHTTPPacket
GetHeaderValue
SecureConnect
GetStatusCode
DoHTTPRequest
AddHeaderValue
CreateHTTPRequest
MakeSecureConn
uudecode

crypt32

CryptProtectData
CertOpenSystemStoreA
CertOpenStore
CertEnumCertificatesInStore
CertGetValidUsages
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptUnprotectData

msvcrt

strerror
atol
strtol
strtoul
calloc
_mbscmp
_setmode
strrchr
wctomb
gmtime
mktime
getenv
memmove
_iob
_read
_write
_close
_lseek
_mbslwr
_mbsicmp
_mbslen
_strdup
printf
??3@YAXPAX@Z
fwrite
??2@YAPAXI@Z
_stat
realloc
tolower
isspace
qsort
isdigit
wcsstr
vfprintf
abort
_mbsdup
fgets
_mbspbrk
_getmbcp
strncat
mbtowc
memchr
_ftol
isxdigit
_except_handler3
isupper
iswctype
_mbsnextc
_mbsinc
setlocale
fseek
ftell
fread
_mbsnbcpy
srand
rand
remove
_mbsncpy
_mbsnbcmp
__mb_cur_max
_isctype
_pctype
abs
strchr
strcpy
strcmp
memset
strncpy
_snprintf
memcmp
memcpy
fclose
_ftime
ctime
_vsnprintf
fprintf
fflush
fopen
_errno
fputs
malloc
strstr
strncmp
sscanf
time
sprintf
strcat
strlen
free
_getch
signal
_wcsdup
_initterm
_adjust_fdiv
_open

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2

Exports

Exports

CheckConnectivity
DestroyFramework
InitFramework
Logout
RestoreTrayIcon
SFLogin
StartSession
StopSession

Sections

.text
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

472d3bc003e132e96480b5a117b3577e

Headers

File Characteristics

Imports

psapi

version

shlwapi

kernel32

user32

advapi32

shell32

ole32

wsock32

wininet

sslhelper

crypt32

msvcrt

rpcrt4

Exports

Exports

Sections

.text Size: 627KB - Virtual size: 626KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 91KB - Virtual size: 109KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 627KB - Virtual size: 626KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 91KB - Virtual size: 109KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 47KB - Virtual size: 47KB