2ddc99da0b911a73e163b7426d9a9d00_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2ddc99da0b911a73e163b7426d9a9d00_NeikiAnalytics
Size

4.7MB
MD5

2ddc99da0b911a73e163b7426d9a9d00
SHA1

b7d052179397d465069d6adf510fb7e74f29a6a3
SHA256

e68c6fa69035be8de961b5863f2d2c51bdc6c819292d47987c6c53b1695940c9
SHA512

a968528cac25f018b6d8d037f754cb9e5f2ae485cc9bd486a7c9eba5b99f994088b0aa0967b0cc438d5ac2169b6bcd45e5ac410aa69e78c5dbb675bda58daf76
SSDEEP

98304:j8oTaVYqXjUL+kXUr5qjaHsnZgg0j6sJ5yku/KxaDp:j8oqYqzUL+kkNenaXj64Y/yy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ddc99da0b911a73e163b7426d9a9d00_NeikiAnalytics

Files

2ddc99da0b911a73e163b7426d9a9d00_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

7cb3dbbea456258694b946a979d8d936

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetCurrentThreadId
LoadResource
SizeofResource
LoadLibraryA
GetModuleHandleW
FindResourceA
EnumResourceNamesA
GetVersionExW
IsWow64Process
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
OutputDebugStringA
OutputDebugStringW
GetStringTypeW
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
HeapReAlloc
LoadLibraryExW
LCMapStringW
GlobalFree
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileType
GetStdHandle
SetFilePointerEx
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleCP
WriteFile
ReadConsoleW
GetConsoleMode
CloseHandle
SetLastError
HeapSize
GetModuleHandleExW
ExitProcess
GetCommandLineA
SetConsoleCtrlHandler
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetProcAddress
FreeLibrary
LockResource
InterlockedIncrement
InterlockedDecrement
Sleep
FindNextFileA
GetCurrentDirectoryW
FindFirstFileA
SetCurrentDirectoryW
GetEnvironmentVariableA
GetModuleFileNameW
GetTickCount
FindClose
GetModuleHandleExA
GetModuleFileNameA
WideCharToMultiByte
FreeEnvironmentStringsW
MultiByteToWideChar
HeapFree
GetLastError
CreateDirectoryW
HeapAlloc
ReadFile
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
RaiseException
DecodePointer
EncodePointer
SetEndOfFile

user32

GetKeyState
GetAsyncKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetSystemMetrics
CreatePopupMenu
GetFocus
SetFocus
SetWindowPos
DestroyMenu
AppendMenuW
TrackPopupMenu
SetMenuInfo
SetMenuItemInfoW
GetDC
DestroyWindow
IsWindow
EndPaint
GetUpdateRgn
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
SetCursor
GetCursorPos
GetCursor
MapWindowPoints
WindowFromPoint
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadCursorW
GetWindowInfo
CreateWindowExW
BeginPaint
MessageBoxW
DispatchMessageW
RegisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
TrackMouseEvent
wsprintfW
PeekMessageW
UnregisterClassW

gdi32

GetRegionData
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreateFontIndirectW
CreateCompatibleDC
CreateDIBSection

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExA

shell32

SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
SHBrowseForFolderW

ole32

CoCreateInstance
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop
DoDragDrop
GetHGlobalFromStream
CreateStreamOnHGlobal

uad2sdk

?UAD_CreatePluginBar@@YAPAVIUADPluginBar@@PAXPAVIUADPlug@@PAVCUADPlugCallbackHandler@@HW4UADInterfaceVersion@@@Z
?UAD_CreateIUADPlug@@YAPAVIUADPlug@@P6AHPAUAEffect@@HHHPAXM@Z0PAVCUADPlugCallbackHandler@@W4UADInterfaceVersion@@@Z
?UAD_GetPluginBarHeight@@YAIXZ

wininet

HttpSendRequestA
InternetSetOptionA
InternetAttemptConnect
InternetReadFile
InternetConnectA
HttpEndRequestA
HttpOpenRequestA
InternetOpenA
InternetCloseHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

ord12
SHCreateStreamOnFileEx

gdiplus

GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipTranslateWorldTransform
GdipSetPageUnit
GdipGetDpiY
GdipDrawLines
GdipDrawRectangle
GdipDrawEllipse
GdipDrawPolygon
GdipDeletePath
GdipFillRectangle
GdipFillPolygon
GdipFillEllipse
GdipFillPath
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipSetClipRect
GdipSaveGraphics
GdipRestoreGraphics
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCloneFontFamily
GdipGetGenericFontFamilySansSerif
GdipGetFamilyName
GdipGetEmHeight
GdipGetCellAscent
GdipGetCellDescent
GdipGetLineSpacing
GdipCreateFont
GdipDeleteFont
GdipGetFamily
GdipGetFontSize
GdipGetFontHeightGivenDPI
GdipNewInstalledFontCollection
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipMeasureString
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipSetPenDashArray
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenColor
GdipSetPenLineJoin
GdipSetPenLineCap197819
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipSetLineBlend
GdipCreateLineBrush
GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDeleteMatrix
GdipCreateMatrix2
GdipIsVisiblePathPoint
GdipGetPathWorldBounds
GdipTransformPath
GdipAddPathEllipse
GdipAddPathRectangle
GdipAddPathBezier
ord1
GdipAddPathLine
GdipGetPathLastPoint
GdipClosePathFigure
GdipStartPathFigure
GdipSetPathFillMode
GdipClonePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateFromHWND
GdipCreateFromHDC
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipDrawString
GdipCreateBitmapFromStreamICM
GdipDrawLine
GdipDrawPath

Exports

Exports

VSTPluginMain
main

Sections

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cb3dbbea456258694b946a979d8d936

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

uad2sdk

wininet

version

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 681KB - Virtual size: 681KB

.rdata Size: 313KB - Virtual size: 313KB

.data Size: 54KB - Virtual size: 69KB

.shared Size: 512B - Virtual size: 8B

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 681KB - Virtual size: 681KB

.rdata
Size: 313KB - Virtual size: 313KB

.data
Size: 54KB - Virtual size: 69KB

.shared
Size: 512B - Virtual size: 8B

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 54KB - Virtual size: 53KB