bac2db3f89637fa8c063a89924ec3790_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

bac2db3f89637fa8c063a89924ec3790_NeikiAnalytics
Size

1.5MB
MD5

bac2db3f89637fa8c063a89924ec3790
SHA1

17f94b93d08b4fc4e3db42be74b5ae5090460054
SHA256

b3323a7c13cd9b29724c96d509b299796feaccea462a81ee7bf063126b32e5f4
SHA512

158b37549cc567a9bc335ecd74a7a07661241d43487a877a922e118c4173b3da916c96a487cec0946092f962a56eaf2ec03f0bf9df771fbecece9980e63ebb08
SSDEEP

24576:WN4E01xwMD8/nV7sh/gpfcw+yWOCClLKy8sqjnhMgeiCl7G0nehbGZpbD:E4E0kMknVo2p3+yWOCCl6Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bac2db3f89637fa8c063a89924ec3790_NeikiAnalytics

Files

bac2db3f89637fa8c063a89924ec3790_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

e6b3b7a27e62b10dfd65c0db931fe660

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sshd.pdb

Imports

libcrypto

ECDSA_SIG_free
ECDSA_do_verify
ECDSA_SIG_new
AES_encrypt
AES_set_encrypt_key
EVP_CIPHER_CTX_get_app_data
ECDSA_do_sign
DH_size
DH_compute_key
DSA_do_sign
DSA_do_verify
DSA_SIG_new
DSA_SIG_free
EC_POINT_oct2point
BN_bn2bin
EC_POINT_point2oct
DH_free
BN_init
BN_bin2bn
RSA_public_decrypt
RSA_sign
BN_clear_free
BN_div
RSA_size
RAND_status
SSLeay
EVP_sha384
EVP_MD_CTX_copy_ex
EVP_MD_CTX_cleanup
EVP_md5
EVP_sha256
EVP_DigestUpdate
EVP_Digest
EVP_CIPHER_CTX_set_app_data
EVP_DigestInit_ex
EVP_MD_CTX_md
EVP_sha1
EVP_MD_block_size
EVP_sha512
EVP_MD_CTX_init
EVP_DigestFinal_ex
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_aes_256_cbc
EVP_CIPHER_CTX_iv_length
EVP_CipherInit
EVP_des_ede3_cbc
EVP_aes_192_cbc
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_set_key_length
EVP_Cipher
EVP_aes_256_gcm
EVP_aes_128_gcm
EVP_CIPHER_CTX_free
BN_is_bit_set
BN_hex2bn
DH_new
DH_generate_key
RSA_blinding_on
BN_dup
EC_GROUP_get_order
DSA_free
BIO_new
EC_POINT_cmp
ERR_peek_error
EC_KEY_set_private_key
BN_value_one
EVP_PKEY_get1_EC_KEY
EC_METHOD_get_field_type
EC_POINT_mul
RSA_new
RSA_free
BN_copy
ERR_get_error
EC_POINT_get_affine_coordinates_GFp
ERR_peek_last_error
EC_KEY_set_public_key
BN_CTX_get
EC_KEY_set_group
EC_POINT_is_at_infinity
BIO_s_mem
PEM_read_bio_PrivateKey
EC_POINT_free
EVP_aes_128_cbc
BN_CTX_start
EVP_PKEY_free
EVP_PKEY_get1_RSA
EC_GROUP_free
DSA_new
BIO_write
BIO_free
EC_GROUP_cmp
EVP_PKEY_get1_DSA
EC_GROUP_set_asn1_flag
EC_GROUP_get_curve_name
EC_KEY_get0_private_key
BN_CTX_new
BN_cmp
BN_sub
EC_GROUP_new_by_curve_name
BN_CTX_free
EC_GROUP_method_of
BN_num_bits
OPENSSL_add_all_algorithms_noconf
RAND_poll
RAND_seed
RAND_bytes
SSLeay_version
ECDH_compute_key
EC_KEY_generate_key
EC_KEY_get0_public_key
EC_KEY_get0_group
EC_KEY_free
EC_KEY_new_by_curve_name
EC_POINT_new
EC_GROUP_get_degree
BN_new

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ws2_32

getsockname
getpeername
getsockopt
listen
WSADuplicateSocketW
WSAGetLastError
closesocket
setsockopt
shutdown
socket
gethostname
WSAStartup
WSACleanup
WSASocketW
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
GetAddrInfoW
FreeAddrInfoW
bind
getnameinfo
ntohs
inet_ntoa
htonl
ntohl
htons
inet_ntop

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
ExpandEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetStdHandle

api-ms-win-core-handle-l1-1-0

SetHandleInformation
DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateThread
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
OpenProcessToken
TlsAlloc
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
CreateProcessA
QueueUserAPC
CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
OpenThread
CreateProcessAsUserW
ExitThread

api-ms-win-core-job-l2-1-0

SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW

api-ms-win-security-base-l1-1-0

GetAce
GetSidIdentifierAuthority
GetTokenInformation
FreeSid
EqualSid
DuplicateToken
CreateRestrictedToken
AllocateLocallyUniqueId
AllocateAndInitializeSid
AdjustTokenPrivileges
IsValidSid
IsWellKnownSid
IsValidSecurityDescriptor
IsValidAcl
GetLengthSid
CheckTokenMembership
CreateWellKnownSid
CopySid

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
CreateNamedPipeA

api-ms-win-core-file-l1-1-0

ReadFileEx
WriteFileEx
ReadFile
GetFileInformationByHandle
GetFileAttributesExW
CreateFileA
WriteFile
GetFinalPathNameByHandleW
CreateDirectoryW
GetFullPathNameW
GetFullPathNameA
FlushFileBuffers
GetFileAttributesW
GetDriveTypeW
SetEndOfFile
FindClose
RemoveDirectoryW
FindFirstFileExW
FindNextFileW
SetFilePointerEx
DeleteFileW
CreateFileW
GetFileType

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventA
SleepEx
ResetEvent
SetEvent
LeaveCriticalSection
WaitForSingleObjectEx
SetWaitableTimer
WaitForSingleObject
DeleteCriticalSection
WaitForMultipleObjectsEx
CancelWaitableTimer

api-ms-win-core-file-l2-1-2

CopyFileW

bcrypt

BCryptGenRandom

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

samcli

NetUserGetInfo
NetUserAdd

netutils

NetApiBufferFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibraryAndExitThread
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-console-l2-1-0

FillConsoleOutputAttribute
ScrollConsoleScreenBufferA
SetConsoleTextAttribute
FillConsoleOutputCharacterA
SetConsoleCursorInfo
WriteConsoleOutputA
ReadConsoleOutputA
GetConsoleCursorInfo
FreeConsole
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
CompareStringW
MultiByteToWideChar

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupPrivilegeValueA

userenv

LoadUserProfileW

sspicli

LsaRegisterLogonProcess
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaLogonUser
LsaConnectUntrusted

api-ms-win-security-lsalookup-l2-1-1

LsaManageSidNameMapping

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

crypt32

CryptBinaryToStringA
CryptStringToBinaryA

api-ms-win-core-console-l1-1-0

GetConsoleCP
GetConsoleMode
ReadConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-ansi-l1-1-0

CreateWaitableTimerA

api-ms-win-core-io-l1-1-0

DeviceIoControl
CancelIoEx

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetOEMCP
FormatMessageA
IsValidCodePage
GetACP
GetCPInfo

api-ms-win-security-sddl-ansi-l1-1-0

ConvertSidToStringSidA

user32

FindWindowA
ShowWindow
GetWindowPlacement

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSize
HeapReAlloc

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6b3b7a27e62b10dfd65c0db931fe660

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto

api-ms-win-core-errorhandling-l1-1-0

ws2_32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-job-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-file-l2-1-2

bcrypt

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

samcli

netutils

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-lsalookup-ansi-l2-1-0

userenv

sspicli

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-core-debug-l1-1-0

crypt32

api-ms-win-core-console-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-synch-ansi-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-sddl-ansi-l1-1-0

user32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-eventing-provider-l1-1-0

Sections

.text Size: 622KB - Virtual size: 622KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 77KB - Virtual size: 105KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 622KB - Virtual size: 622KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 77KB - Virtual size: 105KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB