964ad0430e21cad8c7352e9ebcaad740_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

964ad0430e21cad8c7352e9ebcaad740_NeikiAnalytics
Size

64KB
MD5

964ad0430e21cad8c7352e9ebcaad740
SHA1

3124995f60bc90e8023af6fb4e83081c216c0d6b
SHA256

77a7ed72d2b20874f7a3534d8d4a2320eccd2538ca3b162883d1134fc848e423
SHA512

a7b7757a5ced828bb141394fbf3c1bcbf2fb3361d860bc43bff46f3bfa6226ab6774d908735bd59bdb9aaf7095c408b38cb0f0495a63cba93bcc293ca87f610b
SSDEEP

768:FuWXbTp5yhXwcIZmpmrTxBJgVvRnpRzEZTEZ1woeLNluLhOLeWoNgpACT6:vbTd5y2Tx7gVpn7w6UoeiooNgpAy6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
964ad0430e21cad8c7352e9ebcaad740_NeikiAnalytics

Files

964ad0430e21cad8c7352e9ebcaad740_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

01cc25fa5d68f386882946f80d1bf7b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

commscr

CommScr_Active
CommScr_LogMessage

tws_client

TWS_ClientRequestV2

poscmos

CMOS_GetEnterpriseAuthPassword
CMOS_GetTermId

posutility

cUTIL_StrCpyWtoA

posejsend

POSEJ_send

parsexml

NewRootXML
NewIntChildXML
NewChildXML
UnicodeSerializeXML
ParseXML
ChildXML
AttrValueXML
StrValueXML

kernel32

FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetProcAddress
GetOEMCP
GetCurrentThreadId
CloseHandle
InitializeCriticalSection
GetLastError
CreateEventW
DeleteCriticalSection
WaitForSingleObject
Sleep
SetEvent
LeaveCriticalSection
InterlockedExchange
GetFileSize
WriteFile
ReadFile
SetFilePointer
EnterCriticalSection
SetThreadPriority
GetCurrentThread
CreateFileA
DeleteFileA
WideCharToMultiByte
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
TlsAlloc
TlsFree
SetLastError
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetCPInfo
GetACP

Exports

Exports

MGT_IsOfflineStatusCode
MGT_OfflineRequest
MGT_OnlineStatus
MGT_ParseResponse

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01cc25fa5d68f386882946f80d1bf7b8

Headers

File Characteristics

Imports

commscr

tws_client

poscmos

posutility

posejsend

parsexml

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 3KB