43b7b24c300a17c977c9ff948dac8200_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

43b7b24c300a17c977c9ff948dac8200_NeikiAnalytics
Size

245KB
MD5

43b7b24c300a17c977c9ff948dac8200
SHA1

bc43c4365c8be0e55ca5f3ade7d25c71179a8ee7
SHA256

c214075e8ead800d496dd6cd5dc969ba8d4364f01adf63e94e6fe0ca106112ef
SHA512

bc68b7c536b0c41f081cf3422b41861a3fb34952929cbf5e04bf2fec8a7fed7fb4828f4d4ea23373bde4c0c18a5e281772aec7a32f2289ffa1d22c9f3a9eced9
SSDEEP

6144:v7vzkRqPCN/5tdYGFKUnh79DSmZyIXmJOU2:DvzkOU5cWKUnDSUyo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43b7b24c300a17c977c9ff948dac8200_NeikiAnalytics

Files

43b7b24c300a17c977c9ff948dac8200_NeikiAnalytics
.dll regsvr32 windows:4 windows x86 arch:x86

66a95ee9ea2273a0a68a9d1a92562d7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
DeleteCriticalSection
GetCurrentThreadId
FreeResource
LockResource
LoadResource
FindResourceA
FlushInstructionCache
GetCurrentProcess
TlsAlloc
TlsSetValue
TlsFree
TlsGetValue
GetCurrentProcessId
GetCommandLineA
LocalFree
FormatMessageA
lstrcpyW
IsBadReadPtr
VirtualQuery
IsBadWritePtr
GlobalUnlock
GlobalLock
GetProcessHeap
HeapReAlloc
HeapFree
ExitProcess
HeapDestroy
CreateFileMappingA
CreateEventA
ExpandEnvironmentStringsA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapCreate
GetStringTypeW
GetStringTypeA
RtlUnwind
GetFileTime
ReadFile
SetErrorMode
LoadLibraryExA
GlobalReAlloc
GlobalAlloc
TerminateThread
CreateThread
GetLocaleInfoA
ResetEvent
SetEvent
GetFileAttributesA
CreateDirectoryA
GetFullPathNameA
GetSystemInfo
HeapAlloc
lstrcatA
lstrcpyA
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
GetLastError
SetLastError
FreeLibrary
GetThreadLocale
GetStringTypeExA
OutputDebugStringA
DebugBreak
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrcmpA
GetVersionExA
DeleteFileA
RemoveDirectoryA
WritePrivateProfileStringA
lstrcmpiA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
lstrlenA
GetShortPathNameA
GetTickCount
CloseHandle
OpenFileMappingA
MapViewOfFile
CreateFileA
GetFileSize
UnmapViewOfFile
GetModuleHandleA
GetProcAddress
lstrcpynA
WaitForSingleObject

user32

CreateDialogParamA
DestroyIcon
DrawIconEx
IntersectRect
AppendMenuA
CreatePopupMenu
CheckMenuItem
DestroyMenu
GetAsyncKeyState
DrawFocusRect
InvertRect
SetCapture
SetCursor
ShowScrollBar
DestroyWindow
ReleaseCapture
PeekMessageA
OffsetRect
GetSysColorBrush
PtInRect
CreateWindowExA
InvalidateRect
TrackPopupMenu
IsWindow
UpdateWindow
BeginPaint
EndPaint
GetDC
ShowWindow
SetFocus
CallWindowProcA
FillRect
PostMessageA
ModifyMenuA
ClientToScreen
GetMenuItemCount
SetMenuItemInfoA
AdjustWindowRect
LoadIconA
SetWindowPlacement
RedrawWindow
GetTopWindow
GetWindowPlacement
ScreenToClient
LoadBitmapA
EnumWindows
GetLastActivePopup
GetDesktopWindow
InsertMenuA
SetWindowsHookExA
GetFocus
GetWindowThreadProcessId
GetClassNameA
CallNextHookEx
UnhookWindowsHookEx
CharUpperA
SetScrollInfo
InflateRect
SetRect
DrawEdge
GetMenuItemInfoA
GetSystemMetrics
GetWindowDC
DrawTextA
ReleaseDC
GetSysColor
DefWindowProcA
SetWindowTextA
MoveWindow
LoadImageA
GetClassInfoExA
RegisterClassExA
LoadCursorA
DialogBoxParamA
CharLowerA
wsprintfA
CharNextA
wvsprintfA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetWindowLongA
SetWindowLongA
SendMessageA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
GetWindowTextA
EndDialog
MessageBoxA
GetActiveWindow
RegisterClipboardFormatA
GetMenuStringA
CreateMenu
CloseClipboard
OpenClipboard
GetDlgCtrlID
EnableMenuItem
SetClipboardData
EmptyClipboard
AttachThreadInput
SetForegroundWindow
GetForegroundWindow
GetWindowTextLengthA
GetDlgItem
EnableWindow
LoadStringA
RegisterWindowMessageA
ScrollWindowEx

gdi32

GetTextColor
LineTo
MoveToEx
CreatePen
GetTextMetricsA
CreateFontA
GetTextExtentPoint32A
SaveDC
Polygon
GetNearestColor
SetROP2
GetObjectA
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SetBkColor
BitBlt
DeleteDC
CreateSolidBrush
PatBlt
SetBkMode
CreateFontIndirectA
SelectObject
RestoreDC
DeleteObject

advapi32

RegQueryValueExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
ExtractIconExA
SHBrowseForFolderA

ole32

CoCreateInstance
CLSIDFromString
StringFromCLSID
CoInitialize
OleUninitialize
CoInitializeEx
OleInitialize
CoTaskMemFree
CoUninitialize

oleaut32

LoadRegTypeLi
VariantCopy
VariantChangeType
SysAllocStringLen
DispCallFunc
VariantClear
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

urlmon

CoInternetGetSession

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

ChooseProgram
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66a95ee9ea2273a0a68a9d1a92562d7e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

version

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 10KB - Virtual size: 14KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 10KB - Virtual size: 14KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 12KB - Virtual size: 11KB