ccd53e69bde6a6330f8797f8ad3562b0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

ccd53e69bde6a6330f8797f8ad3562b0_NeikiAnalytics
Size

3.5MB
MD5

ccd53e69bde6a6330f8797f8ad3562b0
SHA1

23d30eab755e1a4e14edb7e96c7dbe3f7f3c2f73
SHA256

aca8088f66d9726b41bc0da0e8d3d301fc3cd45aae264a68474fbd955903e95c
SHA512

22c470d73ba6d3f6a491446b0a9679b35bdacd5084d96345dd7a8b2e6e943e60ee5527cf02161a69f0bbc2eaeb12dcdb0ae1430a623e674ce49dd409bebaf07c
SSDEEP

49152:uRxaYT4xICiQM9iArJFccrB+c2CXt8roEml8UaS783MfQ:UkYT46L9iArJxr8wXmrTmlN5g8f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccd53e69bde6a6330f8797f8ad3562b0_NeikiAnalytics

Files

ccd53e69bde6a6330f8797f8ad3562b0_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

cd5445d3436c56950d8cc4ca311e6e97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EncodePointer
GetSystemTimeAsFileTime
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameA
MultiByteToWideChar
CreateProcessA
GetFileAttributesExA
QueryPerformanceCounter
SizeofResource
GetModuleHandleA
Sleep
GetCurrentProcess
K32GetModuleFileNameExA
LoadLibraryA
GetProcAddress
LocalAlloc
CloseHandle
LocalFree
GetLastError
DeleteFileA
FindResourceA
lstrcmpA
LoadResource
GetCurrentProcessId
LockResource
GetCurrentThreadId

user32

EndPaint
BeginPaint
GetDlgItem
LoadIconA
GetWindowRect
GetWindowTextLengthW
SendMessageA
GetDC
TranslateMessage
GetWindowTextA
SetWindowLongA
InvalidateRect
DrawIconEx
RegisterClassExA
SetWindowPos
ShowWindow
GetMessageA
GetWindowThreadProcessId
LoadImageA
GetSystemMetrics
DispatchMessageA
IsWindow
GetSysColorBrush
SetMenu
CheckDlgButton
DefWindowProcA
GetWindowTextW
GetWindowLongA
IsDlgButtonChecked
EnumWindows
RegisterClassA
LoadCursorA
UpdateWindow
CreateMenu

gdi32

SetBkMode
SetTextColor

advapi32

CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
GetTokenInformation
OpenProcessToken
CryptGetHashParam
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ

gdiplus

GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdipDrawImageRect
GdipCloneImage
GdiplusStartup
GdipCreateFromHDC
GdipFree

crypt32

CertCloseStore
CertFreeCertificateContext
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CertFindCertificateInStore
CryptMsgClose

wininet

InternetOpenUrlA
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetCheckConnectionA

shlwapi

PathFileExistsA

comctl32

ord6
InitCommonControlsEx

winmm

timeGetTime

msvcr120

fopen
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
getenv
_vsnprintf
rand
malloc
_time64
_localtime64
memcpy_s
_lock_file
setvbuf
fsetpos
fgetc
_fseeki64
fgetpos
ungetc
_unlock_file
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
memmove
free
strchr
vsprintf_s
_purecall
??3@YAXPAX@Z
_strdup
??2@YAPAXI@Z
memchr
_errno
strtol
strstr
fflush
_except1
fwrite
fclose
??_V@YAXPAX@Z
fputc
??1bad_cast@std@@UAE@XZ

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd5445d3436c56950d8cc4ca311e6e97

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp120

gdiplus

crypt32

wininet

shlwapi

comctl32

winmm

msvcr120

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 16KB - Virtual size: 16KB