78361297f53886351c9fc2a4f9ee70c0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

78361297f53886351c9fc2a4f9ee70c0_NeikiAnalytics
Size

460KB
MD5

78361297f53886351c9fc2a4f9ee70c0
SHA1

1ee9b50757fe39781ae72673499bec84310be003
SHA256

651903ea2342b46efdf60e2b2d97e89fdd4c5993cc86b16e3e0208c0adc8c08c
SHA512

82664d12f1b73e68ed433f6b52d7e0fd8d1687d3fab546b81efeae1e90b34b568c2735a4638b830f9bda4df4e20a1b04111dbb31603f3a338086e74be7318418
SSDEEP

12288:/msnkuaF/VvJRUOR8E23zLqyq+foe0+M7v439k:usnk5/5JRpR8E2Ky9z0/b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78361297f53886351c9fc2a4f9ee70c0_NeikiAnalytics

Files

78361297f53886351c9fc2a4f9ee70c0_NeikiAnalytics
.dll regsvr32 windows:4 windows x86 arch:x86

565da0498a3e85f6206a1133c8e892b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetVersionExA
CreateFileA
LocalAlloc
InterlockedExchange
RaiseException
GetFileSize
SetFilePointer
ReadFile
DisableThreadLibraryCalls
FindClose
lstrcpyA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
SizeofResource
SetLastError
WaitForSingleObject
CreateEventA
CreateThread
SetThreadPriority
CloseHandle
SetEvent
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetCurrentThreadId
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
LoadResource
LockResource

gdi32

SelectObject
SaveDC
SetTextColor
GetObjectA
CreateFontIndirectA
RestoreDC
DeleteObject
GetDeviceCaps

user32

CallNextHookEx
GetFocus
IsChild
SetFocus
UnhookWindowsHookEx
SendMessageA
GetDC
UnregisterClassA
SetWindowsHookExA
GetKeyState
PeekMessageA
TranslateMessage
GetWindowTextA
SetWindowTextA
SetRect
GetMessagePos
MoveWindow
MessageBeep
GetParent
CreateWindowExA
GetWindow
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageA
DestroyWindow
CallWindowProcA
DefWindowProcA
WinHelpA
IsIconic
ShowWindow
BringWindowToTop
PostQuitMessage
EnumChildWindows
CreateDialogParamA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
LoadBitmapA
EndDialog
GetWindowLongA
PostMessageA
SetForegroundWindow
IsDialogMessageA
GetDlgItem
GetWindowRect
SetWindowPos
SetWindowLongA
GetSysColor
LoadCursorA
SetCursor
IsWindowUnicode
GetClientRect
ChildWindowFromPoint
DispatchMessageA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SetErrorInfo
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VarBstrCat
SysFreeString

ole32

CLSIDFromString
CoTaskMemFree
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance

wininet

DeleteUrlCacheEntryW
DeleteUrlCacheEntryA

atl70

ord23
ord61
ord15
ord46
ord30
ord49
ord64
ord22
ord18
ord48
ord60
ord38
ord40
ord42
ord44
ord43
ord31
ord58
ord10
ord11
ord32

msvcr70

wcscat
swprintf
wcstoul
wcsncat
_wtoi
malloc
realloc
free
memmove
wcschr
_purecall
_ltow
_itow
_wcsicmp
wcslen
wcsncpy
??2@YAPAXI@Z
??_U@YAPAXI@Z
wcscpy
_wcsnicmp
memset
wcscmp
??_V@YAXPAX@Z
??3@YAXPAX@Z
_wsplitpath
_except_handler3
_wmakepath
mbstowcs
_itoa
strtol
_wtol
_ltoa
wcstombs
wcsncmp
wcsrchr
_initterm
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

565da0498a3e85f6206a1133c8e892b1

Headers

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

oleaut32

ole32

wininet

atl70

msvcr70

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 264KB - Virtual size: 264KB

.text
Size: 172KB - Virtual size: 171KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 264KB - Virtual size: 264KB