a123e577ffb76e3217f18b2c20668350_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

a123e577ffb76e3217f18b2c20668350_NeikiAnalytics
Size

888KB
MD5

a123e577ffb76e3217f18b2c20668350
SHA1

998b7bf65b4f7c23025d718105c0783f38f73149
SHA256

3f82e04f1ca2d27455bc20422a734cc22406acd52dd6d6f17f9b8afe132b02b3
SHA512

5472169595b334aadd6bde83ffbe937e92e59808c1d6d4bf40a3f16cb90ae89da6f40c0262530216896866c156a0afa2b5195971ad6527e4a44936863399eaf1
SSDEEP

12288:vVzKxDk25CXVYvtFWaV6IVDSPjeAp4jjnQ/leaz:pKxDZ5htcL73pEnQ/lNz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a123e577ffb76e3217f18b2c20668350_NeikiAnalytics

Files

a123e577ffb76e3217f18b2c20668350_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

d2b015bd9e3e078eb34148d8a98fb151

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
LoadResource
LockResource
GetModuleHandleA
GetCommandLineA
FlushFileBuffers
SetEnvironmentVariableA
SetUnhandledExceptionFilter
HeapReAlloc
TerminateThread
CreateThread
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualLock
VirtualProtect
SetEndOfFile
SetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
FreeLibrary
Sleep
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetVersionExA
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
CopyFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindFirstFileA
GetFileAttributesA
FindNextFileA
GetFullPathNameA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
GetVersion
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
ReadFile
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetLocaleInfoW
GetProcAddress
SetFilePointer
ExitProcess
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
LoadLibraryA
CreateFileA
SetStdHandle

user32

EnableWindow
GetDlgItem
GetWindowTextA
SetTimer
EndDialog
UpdateWindow
CreateWindowExA
RegisterClassA
LoadCursorA
UnregisterClassA
DestroyWindow
ShowWindow
ClientToScreen
GetClientRect
SetCursorPos
DefWindowProcA
SetCapture
ReleaseCapture
EndPaint
SendDlgItemMessageA
CloseWindow
SetCursor
SetForegroundWindow
ScreenToClient
DispatchMessageA
PeekMessageA
GetMessageA
GetWindowLongA
GetWindowRect
SetWindowPos
SetWindowLongA
InvalidateRect
MoveWindow
GetSystemMetrics
DrawTextA
SystemParametersInfoA
ShowCursor
ToAscii
MapVirtualKeyA
GetForegroundWindow
MessageBoxA
SetWindowTextA
GetDesktopWindow
DialogBoxParamA
KillTimer
PostMessageA
BeginPaint
GetCursorPos

wsock32

htons
accept
send
recv
setsockopt
ntohl
recvfrom
inet_ntoa
select
sendto
getsockname
htonl
ntohs
connect
closesocket
gethostbyname
bind
socket
ioctlsocket
listen
WSAStartup
WSACleanup

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeEndPeriod
timeGetTime
timeBeginPeriod
mixerGetControlDetailsA
mciGetErrorStringA
mixerClose
mciSendCommandA
mixerGetNumDevs
mixerGetLineControlsA
mixerGetLineInfoA
mixerSetControlDetails
mixerOpen

d3dxof

DirectXFileCreate

dplayx

ord4

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

dinput

DirectInputCreateEx

gdi32

AddFontResourceA
CreateFontA
CreateCompatibleDC
SetMapMode
SetTextCharacterExtra
SelectObject
GetTextMetricsA
DeleteDC
SetBkColor
SetTextColor
DeleteObject
RemoveFontResourceA
GetStockObject

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

msacm32

acmStreamSize
acmStreamConvert
acmStreamPrepareHeader
acmStreamUnprepareHeader
acmStreamClose
acmFormatSuggest
acmStreamOpen

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

_bbWinMain@0
runtimeGetRuntime

Sections

.text
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2b015bd9e3e078eb34148d8a98fb151

Headers

File Characteristics

Imports

kernel32

user32

wsock32

winmm

d3dxof

dplayx

ddraw

dinput

gdi32

shell32

ole32

msacm32

advapi32

Exports

Exports

Sections

.text Size: 712KB - Virtual size: 711KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 72KB - Virtual size: 413KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 712KB - Virtual size: 711KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 72KB - Virtual size: 413KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 44KB - Virtual size: 41KB