b84184cf9e1a58288f68eb6ac57f8330_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

b84184cf9e1a58288f68eb6ac57f8330_NeikiAnalytics
Size

1.8MB
MD5

b84184cf9e1a58288f68eb6ac57f8330
SHA1

7f38e2450ee2ff97edea169b4488b492aec6edcd
SHA256

70895afda9289588a3d9b01b3ad2c92bf4258c6d417ed67c8c09535410e8085b
SHA512

c8e1725eaa311e556ec094ecd2990dc9178284d6dc0e949b23f61e17b1d5618374f57be506e973dce0f0ad009c4f0b0f4ebdfbf85ab514e0c670759a1372790e
SSDEEP

24576:17HBSQ6LaRFdGJm0Q3WKVSwdr13Ek0VA:N0Q6KFdi2Ga9x3Ek0V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b84184cf9e1a58288f68eb6ac57f8330_NeikiAnalytics

Files

b84184cf9e1a58288f68eb6ac57f8330_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

ce9dd84ce4bfd4e9a4f8e844b5015c92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

U:\develop\global\Release64\bin\common\AcSignApply.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathCanonicalizeW

userdata

??0CERutil@@QEAA@XZ
acudInitProductParams
?getInstalledProductName@CERutil@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?getInstalledProductKey@CERutil@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?getInstalledProductPath@CERutil@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?getInstalledProductSerialNum@CERutil@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?getCADMngrSettingsRegPath@CERutil@@UEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?getVersionNumber@CERutil@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEA_WAEAH111@Z
?makeRegistryVersion@CERutil@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HH@Z
?makeBuildVersion@CERutil@@UEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HHHH@Z
?fullVersion@CERutil@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?getAppCData@CERutil@@UEAA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetContextFileName@@YAIPEA_WK@Z
?GetHelpFileName@@YAIPEA_WK@Z
?setTheCERutil@CERutil@@SA_NPEAV1@@Z
acudGetProductUILanguage
??1CERutil@@UEAA@XZ

acpal

?QueryDWORDValue@AcRegistryAccess@@QEBAJPEB_WAEAK@Z
?SetDWORDValue@AcRegistryWriteAccess@@QEAAJPEB_WK@Z
?SetStringValue@AcRegistryWriteAccess@@QEAAJPEB_W0K@Z
??1AcRegistryWriteAccess@@UEAA@XZ
??0AcRegistryWriteAccess@@QEAA@PEAUHKEY__@@PEB_W@Z
?IsOpen@AcRegistryAccess@@QEBA_NXZ
??1AcRegistryAccess@@UEAA@XZ
??0AcRegistryAccess@@QEAA@PEAUHKEY__@@PEB_W@Z
?loadDll@AcUtResource@@YAPEAUHINSTANCE__@@PEB_WH_J@Z
?freeDll@AcUtResource@@YA_NAEBQEAUHINSTANCE__@@H@Z
?GetString@AcRegistryAccess@@QEBA_NPEB_WAEAPEA_W@Z
?EnumValueNames@AcRegistryAccess@@QEBA_NKPEA_WHPEAK@Z

mfc140u

ord3308
ord11085
ord11813
ord2921
ord285
ord5709
ord281
ord1671
ord2903
ord2909
ord2843
ord12442
ord12600
ord8058
ord12933
ord448
ord3266
ord3144
ord6555
ord1383
ord2686
ord13864
ord1059
ord11718
ord11719
ord365
ord6505
ord4095
ord990
ord6251
ord9946
ord5916
ord5582
ord11850
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord14217
ord7651
ord14211
ord2967
ord4352
ord9384
ord4360
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord8947
ord10691
ord6729
ord11902
ord8656
ord14209
ord11625
ord3718
ord11771
ord8817
ord878
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord2698
ord7913
ord3209
ord3212
ord6361
ord6002
ord3056
ord4078
ord446
ord266
ord265
ord2344
ord4181
ord5674
ord8452
ord12563
ord1670
ord3307
ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord4445
ord7920
ord10124
ord11933
ord11901
ord12606
ord5080
ord5363
ord13767
ord7775
ord4724
ord3089
ord10163
ord7233
ord3579
ord3697
ord3599
ord2187
ord962
ord528
ord5552
ord9041
ord5339
ord5555
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9941
ord8900
ord6614
ord1501
ord4656
ord1149
ord1158
ord1057
ord4086
ord3071
ord6343
ord6000
ord13397
ord3164
ord8901
ord6285
ord5771
ord8823
ord8441
ord10704
ord11854
ord13597
ord5240
ord3713
ord2431
ord13999
ord4084
ord6258
ord8819
ord3058
ord4081
ord12932
ord13299
ord4725
ord2479
ord8439
ord7780
ord4335
ord4726
ord8731
ord2222
ord13309
ord13307
ord4357
ord290
ord5672
ord2514
ord7551
ord9068
ord13199
ord2906
ord3746
ord5604
ord8449
ord6090
ord5978
ord6007
ord3952
ord6006
ord1121
ord489
ord1665
ord6303
ord10727
ord1667
ord8830
ord3803
ord6588
ord13401
ord1369
ord11415
ord1111
ord1424
ord1053
ord1089
ord1428
ord3951
ord2212
ord2270
ord11709
ord1450
ord983
ord7393
ord10070
ord12240
ord1489
ord280
ord8161
ord4946
ord286
ord7893
ord1503
ord296
ord1033
ord1491
ord8826
ord2697
ord2370

kernel32

InitializeCriticalSectionEx
FindNextFileW
GetTimeFormatW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetModuleFileNameW
GetEnvironmentVariableW
GetComputerNameW
GetDateFormatW
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
CloseHandle
SetFilePointer
CreateFileW
FindClose
RaiseException
DeleteCriticalSection
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryExA
GetFileSize
SetEndOfFile
SetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetCurrentProcessId
LocalFree
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
FindFirstFileW
SetFileAttributesW
UnhandledExceptionFilter
GetLastError
GetFileAttributesW
GetCurrentDirectoryW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

user32

LoadMenuW
GetSubMenu
EnableMenuItem
GetKeyState
GetFocus
GetDesktopWindow
PeekMessageW
PostQuitMessage
GetSysColor
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetWindowRect
LoadIconW
EnableWindow
SendMessageW
PtInRect
WinHelpW
MessageBoxW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
DragFinish
DragQueryFileW
ShellExecuteExW
SHGetMalloc

comctl32

ImageList_ReplaceIcon

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__current_exception_context
__current_exception
__C_specific_handler
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
memset
__std_exception_copy
wcschr
wcsstr
__std_terminate
wcsrchr

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_c_exit
_cexit
_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcsncpy_s
wcscat_s
strncmp
_wcslwr_s
_wcsicmp

api-ms-win-crt-convert-l1-1-0

_wtof

api-ms-win-crt-time-l1-1-0

_get_tzname
_tzset

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce9dd84ce4bfd4e9a4f8e844b5015c92

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shlwapi

userdata

acpal

mfc140u

kernel32

user32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 401KB - Virtual size: 400KB

.reloc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 401KB - Virtual size: 400KB

.reloc
Size: 1.3MB - Virtual size: 1.3MB