61bdfa7b00a290b952f3085be5fff860_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

61bdfa7b00a290b952f3085be5fff860_NeikiAnalytics
Size

260KB
MD5

61bdfa7b00a290b952f3085be5fff860
SHA1

eb01ca0d752b217876a7a425d55ae63fbb058b48
SHA256

f18142b678d1fc48c93ecd3d5e8dbe5caa5539b46c487b27f03d9026b074b99e
SHA512

b395e6ccba3c92159c7ad41bc5afa706fe646422a2c72d18da8d4762de5ba4986fbbf74520c22d916f9ccc21ff6b8daec9dc9b89a2cf0a1df3e2447430ab5a27
SSDEEP

3072:K5YjB0MkBb5jXtk7HHYwpjPOXRka2LSmAfd21WrJT/nDnqLWFlf25avDOKpxPluo:mKqjgHEhkLLSmAF2cT7qLIl5DOKPPvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61bdfa7b00a290b952f3085be5fff860_NeikiAnalytics

Files

61bdfa7b00a290b952f3085be5fff860_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

4e52062dbaff869284103bb8c3465ec0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-2.7\Release\shell.pdb

Imports

shell32

SHGetFileInfoA
SHAddToRecentDocs
SHFileOperationA
SHGetDesktopFolder
ord191
SHChangeNotify
SHGetSpecialFolderLocation
DragQueryFileW
DragQueryPoint
SHGetInstanceExplorer
ShellExecuteExA
ord28
SHGetPathFromIDListW
SHGetPathFromIDListA
DragQueryFileA
SHBrowseForFolderA
SHFreeNameMappings

oleaut32

SysFreeString
VariantInit
VariantClear

ole32

CoTaskMemAlloc
CoTaskMemFree

pythoncom27

?ThisAsIID@PyGPersist@@MAEPAXU_GUID@@@Z
??0PyGPersist@@IAE@PAU_object@@@Z
?ThisAsIID@PyGOleWindow@@MAEPAXU_GUID@@@Z
??0PyGOleWindow@@IAE@PAU_object@@@Z
?QueryInterface@PyGatewayBase@@UAGJABU_GUID@@PAPAX@Z
?Release@PyGatewayBase@@UAGKXZ
?AddRef@PyGatewayBase@@UAGKXZ
?ThisAsIID@PyGatewayBase@@UAEPAXU_GUID@@@Z
?Unwrap@PyGatewayBase@@UAGJPAPAU_object@@@Z
?InterfaceSupportsErrorInfo@PyGatewayBase@@UAGJABU_GUID@@@Z
?InvokeViaPolicy@PyGatewayBase@@MAAJPBDPAPAU_object@@0ZZ
?GetNameSpaceParent@PyGatewayBase@@UAGJPAPAUIUnknown@@@Z
?GetNextDispID@PyGatewayBase@@UAGJKJPAJ@Z
?GetMemberName@PyGatewayBase@@UAGJJPAPA_W@Z
?GetMemberProperties@PyGatewayBase@@UAGJJKPAK@Z
?DeleteMemberByDispID@PyGatewayBase@@UAGJJ@Z
?GetDispID@PyGatewayBase@@UAGJPA_WKPAJ@Z
?DeleteMemberByName@PyGatewayBase@@UAGJPA_WK@Z
?InvokeEx@PyGatewayBase@@UAGJJKGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAUIServiceProvider@@@Z
?Invoke@PyGatewayBase@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
??0PyIUnknown@@IAE@PAUIUnknown@@@Z
?getattr@PyIBase@@UAEPAU_object@@PAD@Z
?setattr@PyIBase@@UAEHPADPAU_object@@@Z
?repr@PyIUnknown@@UAEPAU_object@@XZ
?compare@PyIUnknown@@UAEHPAU_object@@@Z
?iter@PyIBase@@UAEPAU_object@@XZ
?iternext@PyIBase@@UAEPAU_object@@XZ
??1PyIUnknown@@MAE@XZ
?GetI@PyIUnknown@@SAPAUIUnknown@@PAU_object@@@Z
?PyCom_BuildPyException@@YAPAU_object@@JPAUIUnknown@@ABU_GUID@@@Z
??0PyComTypeObject@@QAE@PBDPAV0@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
?type@PyIUnknown@@2VPyComTypeObject@@A
??1PyComTypeObject@@QAE@XZ
?PyCom_InterfaceFromPyInstanceOrObject@@YAHPAU_object@@ABU_GUID@@PAPAXH@Z
?PyCom_SetAndLogCOMErrorFromPyExceptionEx@@YAJPAU_object@@PBDABU_GUID@@@Z
PyCom_PyObjectFromIUnknown
PyCom_PyObjectFromVariant
?PyCom_SetCOMErrorFromPyException@@YAJABU_GUID@@@Z
PyCom_VariantFromPyObject
?PyCom_SetAndLogCOMErrorFromPyException@@YAJPBDABU_GUID@@@Z
?GetWindow@PyGOleWindow@@MAGJPAPAUHWND__@@@Z
?ContextSensitiveHelp@PyGOleWindow@@MAGJH@Z
?PyCom_SetCOMErrorFromSimple@@YAJJABU_GUID@@PBD@Z
PyCom_InterfaceFromPyObject
?is_object@PyIBase@@SAHPAU_object@@PAVPyComTypeObject@@@Z
??0PyComEnumTypeObject@@QAE@PBDPAVPyComTypeObject@@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
?GetIDsOfNames@PyGatewayBase@@UAGJABU_GUID@@PAPA_WIKPAJ@Z
?GetTypeInfo@PyGatewayBase@@UAGJIKPAPAUITypeInfo@@@Z
?GetTypeInfoCount@PyGatewayBase@@UAGJPAI@Z
??0PyGatewayBase@@IAE@PAU_object@@@Z
?PyCom_RegisterExtensionSupport@@YAHPAU_object@@PBUPyCom_InterfaceSupportInfo@@H@Z
??1PyGatewayBase@@MAE@XZ
??0PyComEnumProviderTypeObject@@QAE@PBDPAVPyComTypeObject@@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z0@Z
?PyObject_AsOLEMENUGROUPWIDTHS@@YAHPAU_object@@PAUtagOleMenuGroupWidths@@@Z
?PyObject_FromOLEMENUGROUPWIDTHS@@YAPAU_object@@PBUtagOleMenuGroupWidths@@@Z
??1PyIOleWindow@@MAE@XZ
??0PyIOleWindow@@IAE@PAUIUnknown@@@Z
?type@PyIPersist@@2VPyComTypeObject@@A
?GetClassID@PyGPersist@@MAGJPAU_GUID@@@Z
?GetI@PyIPersist@@SAPAUIPersist@@PAU_object@@@Z
??1PyIPersist@@MAE@XZ
??0PyIPersist@@IAE@PAUIUnknown@@@Z
?type@PyIOleWindow@@2VPyComTypeObject@@A
?GetI@PyIOleWindow@@SAPAUIOleWindow@@PAU_object@@@Z
?MakeOLECHARToObj@@YAPAU_object@@PB_W@Z

python27

Py_InitModule4
PyModule_GetDict
_PyArg_ParseTupleAndKeywords_SizeT
PyMapping_Check
PyMapping_GetItemString
PyDict_New
PyDict_SetItemString
PyCallable_Check
PySys_WriteStderr
PyEval_CallObjectWithKeywords
PyErr_Print
PyExc_RuntimeError
PyString_AsString
_PyArg_ParseTuple_SizeT
_Py_BuildValue_SizeT
PySequence_Size
Py_BuildValue
PyBool_FromLong
PyArg_ParseTupleAndKeywords
PyTuple_New
PyErr_SetString
PyExc_TypeError
_Py_NoneStruct
PyEval_RestoreThread
PyEval_SaveThread
PyArg_ParseTuple
PyErr_Format
PyExc_MemoryError
PyLong_FromUnsignedLong
PyInt_FromLong
PyGILState_Ensure
PyGILState_Release
_Py_ZeroStruct
_Py_TrueStruct
PyInt_AsLong
PyErr_Occurred
PyExc_ValueError
PyList_New
PyString_FromString
PyString_FromStringAndSize
PyErr_Clear
PySequence_GetItem
PyObject_Size
PySequence_Check
PyLong_FromUnsignedLongLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongMask
PyObject_IsTrue
PyLong_FromLongLong
PyArg_Parse
PyLong_FromLong
PyLong_AsUnsignedLong
PySequence_Tuple
PyExc_NotImplementedError
PyDict_GetItemString
PyList_Append
PyErr_NoMemory

pywintypes27

?PyWinGlobals_Ensure@@YAHXZ
?PyWinExc_COMError@@3PAU_object@@A
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z
?PyWinObject_FromULARGE_INTEGER@@YAPAU_object@@AAT_ULARGE_INTEGER@@@Z
?PyWinObject_AsFILETIME@@YAHPAU_object@@PAU_FILETIME@@@Z
?PyObject_FromWIN32_FIND_DATAA@@YAPAU_object@@PAU_WIN32_FIND_DATAA@@@Z
?PyWinObject_FromTCHAR@@YAPAU_object@@PBDH@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinObject_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_AsPfnAllocatedWCHAR@@YAHPAU_object@@P6APAXK@ZPAPA_WHPAK@Z
?PyWinObject_AsRECT@@YAHPAU_object@@PAUtagRECT@@@Z
?PyWinObject_AsULARGE_INTEGER@@YAHPAU_object@@PAT_ULARGE_INTEGER@@@Z
?PyWinObject_FromHKEY@@YAPAU_object@@PAUHKEY__@@@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsHKEY@@YAHPAU_object@@PAPAUHKEY__@@@Z
?PyWinObject_AsPARAM@@YAHPAU_object@@PAI@Z
?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_FreeString@@YAXPAD@Z
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinLong_FromVoidPtr@@YAPAU_object@@PBX@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinSequence_Tuple@@YAPAU_object@@PAU1@PAK@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z

msvcr90

?terminate@@YAXXZ
wcsncpy
free
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
strncpy
_except_handler3
memcpy
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
__CppXcptFilter
_adjust_fdiv

kernel32

LocalFree
IsBadReadPtr
GetProcAddress
GetModuleHandleA
LoadLibraryA
InterlockedExchange
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

Exports

Exports

initshell

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e52062dbaff869284103bb8c3465ec0

Headers

File Characteristics

PDB Paths

Imports

shell32

oleaut32

ole32

pythoncom27

python27

pywintypes27

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 828B

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 828B

.reloc
Size: 23KB - Virtual size: 23KB