risepro | 2c6e11d81a259433b2b702103b3c6100_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2c6e11d81a259433b2b702103b3c6100_NeikiAnalytics
Size

815KB
MD5

2c6e11d81a259433b2b702103b3c6100
SHA1

8e4c746247be9c69dfb14025083dc6991125d347
SHA256

3a6be582e9685540c7cc306345dcd0e6e6acc3796cf5cdb41881d41fab6f2c3c
SHA512

7c4f0c4167fcf0b93883f3ff4d4e61477bd5f9135ad2066075b47ebc2ebb07ff8df1a81f0211be00f05880fdf9d475756eb7862b0bd421c78bf78e4430a4520b
SSDEEP

24576:PiSYlD37Z7cADAi/ENLWat5LkM3weCPklWa6QEEd0lgv+4ddAlJ:xecABsUkLkM3weCPkl5z0lg2OdAlJ

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c6e11d81a259433b2b702103b3c6100_NeikiAnalytics

Files

2c6e11d81a259433b2b702103b3c6100_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

b856357cfa9694e5cbb7d326c969a9ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Remove

winhttp

WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReceiveResponse

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexW
CreateEventW
Sleep
CreateSemaphoreW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
SwitchToThread
CreateThread
GetCurrentThreadId
GetExitCodeThread
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualAllocEx
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalFree
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
RaiseException
GetUserDefaultLCID
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GlobalUnlock
GlobalLock
IsValidCodePage
GetModuleHandleW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFileSize
ReadFile
GetProcessHeap
VirtualQueryEx
WriteFile
ConnectNamedPipe
CreateNamedPipeW
CreateRemoteThread
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
Module32FirstW
Module32NextW
IsDBCSLeadByteEx
GetModuleHandleExW
ExitProcess
RtlUnwind
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VerifyVersionInfoW
GetProcessAffinityMask
VerSetConditionMask
GetModuleHandleA
FreeLibraryAndExitThread
GetCurrentThread
GetThreadGroupAffinity
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
DeleteCriticalSection
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
DuplicateHandle
CloseHandle
AreFileApisANSI
GetCurrentDirectoryW
FormatMessageA
GetLastError
CreateFileW
GetSystemDefaultLCID
GetFileAttributesW

user32

GetWindowLongW
SetWindowLongW
CreateWindowExW
GetMessageW
MoveWindow
CreatePopupMenu
DestroyMenu
AppendMenuW
GetWindowTextLengthW
DestroyIcon
wsprintfW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
MessageBoxW
ShowWindow
TrackPopupMenu
SetForegroundWindow
SetWindowTextW
GetWindowTextW
GetWindowRect
EnumChildWindows
TranslateMessage
DispatchMessageW
RegisterClassW
PostQuitMessage
DefWindowProcW
SendMessageW
GetSystemMetrics

gdi32

CreateFontW

shell32

SHGetFileInfoW

comdlg32

GetOpenFileNameW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

msvcrt

ungetwc
_wcsicmp
_CIexp
_CIsqrt
_callnewh
_initterm
__p__commode
_strtoi64
_strtoui64
_wfopen
strtol
_wcstoi64
?terminate@@YAXXZ
_lock
_unlock
_iob
_lseeki64
_wcstoui64
___lc_handle_func
__lc_collate_cp
_XcptFilter
__getmainargs
_msize
__set_app_type
_ismbblead
_acmdln
_fsopen
?_set_new_mode@@YAHH@Z
_control87
mbtowc
_isatty
_fileno
_CIlog10
_clearfp
strrchr
islower
___mb_cur_max_func
iswspace
_beginthreadex
ungetc
setvbuf
fsetpos
fgetpos
fgetc
fflush
realloc
free
ceil
tolower
wcstol
ftell
fseek
fread
fclose
strtod
_errno
isupper
_amsg_exit
__CxxFrameHandler
__RTDynamicCast
__uncaught_exception
strchr
_CxxThrowException
memset
memmove
memcpy
wcsrchr
__pctype_func
_wcsdup
calloc
malloc
fgetwc
abort
_fmode
___lc_codepage_func

Exports

Exports

OnNewSentence
QtFreeLibrary
QtLoadLibraryBatch
QtStartUp

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 38.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b856357cfa9694e5cbb7d326c969a9ec

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

winhttp

version

kernel32

user32

gdi32

shell32

comdlg32

advapi32

psapi

msvcrt

Exports

Exports

Sections

.text Size: 478KB - Virtual size: 477KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 17KB - Virtual size: 38.5MB

.rsrc Size: 193KB - Virtual size: 193KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 478KB - Virtual size: 477KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 17KB - Virtual size: 38.5MB

.rsrc
Size: 193KB - Virtual size: 193KB

.reloc
Size: 26KB - Virtual size: 26KB