f0115971e3e2c1ebfaf3767df328e1e0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

f0115971e3e2c1ebfaf3767df328e1e0_NeikiAnalytics
Size

1.4MB
MD5

f0115971e3e2c1ebfaf3767df328e1e0
SHA1

72063524e3148ac3e7a146bcd4c8753d6dadde6e
SHA256

8f9642a7d05f5ad7ee616fa2fbf5402c090a8842ce54867a4411ce498e42bd31
SHA512

a2ccbc2e60239fde8a6427bdda34c50913fa3c6e7e9daaa502388bcde9b2f2c3d1975928882380b52c2dd59b6e290b00d812e1651c5d11b4b3bdaae9764f051e
SSDEEP

24576:c3hFCxQ3gZWO6xxu9AxkR2/Ncll8550FQ8WO2f5NCSZOeo4jdPeZuJcyQEg1:cw6xxkR2FcnQCQtTNPeZ+tg1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0115971e3e2c1ebfaf3767df328e1e0_NeikiAnalytics

Files

f0115971e3e2c1ebfaf3767df328e1e0_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

acdf1aa50dbff25cf75af1f6a8385eed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Cygwin\home\storm\.src\Release\x86\SWP_API.pdb

Imports

ws2_32

getservbyname
shutdown
WSAStartup
gethostbyname
ioctlsocket
connect
recvfrom
select
ntohs
setsockopt
recv
bind
__WSAFDIsSet
send
getsockopt
accept
gethostname
inet_addr
htons
sendto
socket
closesocket
ntohl
htonl
getaddrinfo
WSAGetLastError
freeaddrinfo

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

HeapSize
GetModuleFileNameW
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
WaitForSingleObject
WaitForMultipleObjects
CreateProcessW
GetLastError
CloseHandle
WideCharToMultiByte
GetCurrentDirectoryW
WriteFile
ReadFile
FindFirstFileW
FindClose
FindNextFileW
ReadConsoleW
SetStdHandle
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetLocalTime
SetEvent
ResetEvent
CreateEventW
LocalFree
RemoveDirectoryW
DeleteFileW
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetTickCount
FreeLibrary
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetConsoleCP
GetExitCodeProcess
CreatePipe
SetFilePointerEx
InitializeCriticalSection
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
WriteConsoleW
SetEndOfFile
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
RaiseException
SetConsoleMode
EncodePointer
DecodePointer
GetStringTypeW
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
CreateThread
ExitThread
LoadLibraryExW
IsDebuggerPresent
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindFirstFileExW
GetFullPathNameW
MoveFileExW
DuplicateHandle
GetCurrentProcess
CreateProcessA
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
ResumeThread
GetDriveTypeW
GetCommandLineA
CreateDirectoryW
GetFileAttributesExW
SetFileAttributesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetTimeZoneInformation
SetConsoleCtrlHandler
HeapReAlloc
GetConsoleMode
ReadConsoleInputA

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetDesktopWindow

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
GetNamedSecurityInfoW
LookupAccountSidA
DuplicateTokenEx
LogonUserW
CreateProcessAsUserW

userenv

LoadUserProfileW
CreateEnvironmentBlock
GetUserProfileDirectoryW
DestroyEnvironmentBlock
UnloadUserProfile

Exports

Exports

ExecuteProc
GetLastRecvTime
SWP_AlternatePort
SWP_Cancel
SWP_CheckDir
SWP_Connect
SWP_Connect2
SWP_DelDirInfo
SWP_Delete
SWP_DirInfoRecv
SWP_DirInfoRecvEnd
SWP_Disconnect
SWP_FileRecv
SWP_FileRecvGetRemoteSize
SWP_FileRecvResume
SWP_FileSend
SWP_FileSendResume
SWP_GetConnectServerAddress
SWP_GetDirInfo
SWP_GetFileCheckType
SWP_GetRTT
SWP_GetRelayResult
SWP_GetStatus
SWP_GetTransferParam
SWP_Get_RecvBitrate
SWP_Get_RecvBitrateHistory
SWP_Get_RecvBitrateJ
SWP_Get_RecvBitrateMax
SWP_Get_RecvCount
SWP_Get_RecvCountD
SWP_Get_RecvFreeBuffer
SWP_Get_RecvMaxPacketNo
SWP_Get_RecvNumOfRecv
SWP_Get_RecvNumOfRerecv
SWP_Get_RecvRingRecvBufStart
SWP_Get_RecvSerialReceivedBytes
SWP_Get_RecvSize
SWP_Get_RecvSuspendSize
SWP_Get_SendBitrate
SWP_Get_SendBitrateHistory
SWP_Get_SendBitrateMax
SWP_Get_SendMinNoRecv
SWP_Get_SendNumOfFreeList
SWP_Get_SendNumOfResend
SWP_Get_SendNumOfSend
SWP_Get_SendNumOfSlip
SWP_Get_SendNumOfSlipDisk
SWP_Get_SendSize
SWP_Get_SendSuspendSize
SWP_Get_Send_FileSize
SWP_Get_ServerVersion
SWP_HashCheck
SWP_Init
SWP_IsTcpConnect
SWP_LogSendStatus
SWP_MakeDir
SWP_MetaSend
SWP_Move
SWP_Proxy
SWP_Quit
SWP_RelayServer
SWP_SetLogFunction
SWP_SetNotifyFunction
SWP_SetParam
SWP_SetProtocol
SWP_SetTcpConnectTimeout
SWP_SetTcpDataSessionCount
SWP_StreamEnd
SWP_StreamResume
SWP_StreamSend
SWP_StreamStart
SWP_Suspend
SWP_TestBitrate
SWP_TransferEnd
SWP_TransferParam

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acdf1aa50dbff25cf75af1f6a8385eed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

rpcrt4

winmm

kernel32

user32

advapi32

userenv

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 320KB - Virtual size: 319KB

.data Size: 13KB - Virtual size: 46KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 320KB - Virtual size: 319KB

.data
Size: 13KB - Virtual size: 46KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 49KB - Virtual size: 48KB