8a0dfd0a9623e1e2bfdab1cc6aaf02d0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

8a0dfd0a9623e1e2bfdab1cc6aaf02d0_NeikiAnalytics
Size

926KB
MD5

8a0dfd0a9623e1e2bfdab1cc6aaf02d0
SHA1

60c38128773829d54b0e0ef3ecaa253d23d443cf
SHA256

65e0cdcb32c36adaab6bed9d7a2b0a73bc038013549d19ea692085f54d87e45b
SHA512

c09d0b7684a58c2d56cd933ee4ebd2b41e5a6babfc1d44d92bac9dcc3276c00e2f2d6cd4b2df1f2b995e561103f72ced7f15cc88d033aaeb8e2c67e583b5198d
SSDEEP

24576:XbIQq1MTgmbjAi0y9dZxXfTbgKMd1KdFb7XLGF12Zpmq:hnPA8bgV1KdFSF1wmq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a0dfd0a9623e1e2bfdab1cc6aaf02d0_NeikiAnalytics

Files

8a0dfd0a9623e1e2bfdab1cc6aaf02d0_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

7d6f9c976d18417ec488004182bb7469

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSAStartup
closesocket
inet_ntoa
setsockopt
bind
recvfrom
recv
inet_addr
ntohs
htons
sendto
socket
ioctlsocket
gethostbyname

ddraw

DirectDrawCreate

kernel32

SetStdHandle
InterlockedExchange
InitializeCriticalSection
CreateFileA
SetUnhandledExceptionFilter
QueryPerformanceCounter
Sleep
LoadLibraryA
FreeLibrary
GetProcAddress
WaitForSingleObject
ReleaseMutex
CreateMutexA
CloseHandle
GetTickCount
GetModuleFileNameA
IsBadCodePtr
OpenProcess
GetLastError
GetCurrentProcess
GetSystemDirectoryA
GetCurrentThread
CopyFileA
VirtualQuery
GetCurrentThreadId
GetVersionExA
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
GetCurrentProcessId
VirtualProtect
GetOEMCP
GetACP
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetDriveTypeA
GetCurrentDirectoryA
IsBadReadPtr
FindNextFileA
CreateDirectoryA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
SetFileAttributesA
GetFileAttributesA
RtlUnwind
DeleteFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetFullPathNameA
MoveFileA
GetCommandLineA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
FlushFileBuffers
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ReadFile
ExitProcess
TerminateProcess
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA

user32

EnumWindows
GetWindowThreadProcessId
GetWindowLongA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyExA

Exports

Exports

ca
cb

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d6f9c976d18417ec488004182bb7469

Headers

File Characteristics

Imports

wsock32

ddraw

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 365KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 300KB - Virtual size: 389KB

.reloc Size: 234KB - Virtual size: 234KB

.text
Size: 368KB - Virtual size: 365KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 300KB - Virtual size: 389KB

.reloc
Size: 234KB - Virtual size: 234KB