a1c68c8aa2a742e4858eb9536bfc7d20_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

a1c68c8aa2a742e4858eb9536bfc7d20_NeikiAnalytics
Size

508KB
MD5

a1c68c8aa2a742e4858eb9536bfc7d20
SHA1

a83d2ae8ba7440b07ae99d2c45af16f0a05b468d
SHA256

c4525e0839b438fac96806afbdb407e6f47e7e6ffaa54f1e0bbd9c028f434fe4
SHA512

04d0aaf28cf86aecce89991687aea4f4cd11de64686a9132321914810a0455b9fe658dbbcb45623fc69fc6184250b750f2694345394517a8f44ca8de65cbebd2
SSDEEP

12288:w8agBowLnuT014VmVjK1s4HWmfRrvNZRR5:w8aWnuTNmVjK1sOrflT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1c68c8aa2a742e4858eb9536bfc7d20_NeikiAnalytics

Files

a1c68c8aa2a742e4858eb9536bfc7d20_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

8863214a264ecdbbd638120ee6257a3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\09 code\enspconsole\buildall\release\tools\eNSP_MulticastSource_Plugin.pdb

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCPInfo
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetFileTime
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileAttributesW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedIncrement
GetThreadLocale
GlobalFlags
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FormatMessageW
LocalFree
FreeResource
MulDiv
GetModuleHandleA
SetLastError
RaiseException
GlobalFree
GlobalAlloc
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindClose
GlobalUnlock
GetModuleFileNameW
GetVersionExW
GetPrivateProfileStringW
GlobalLock
FindFirstFileW
CloseHandle
CreateEventW
Sleep
GetTickCount
SetEvent
CreateThread
GetCurrentDirectoryW
WritePrivateProfileStringW
TerminateThread
WaitForSingleObject
CreateProcessW
GetLastError
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
LockResource
TerminateProcess
SizeofResource
OutputDebugStringW
LoadResource
GetConsoleMode
FindResourceW

user32

DestroyMenu
LoadCursorW
GetSysColorBrush
UnregisterClassW
WindowFromPoint
RegisterClipboardFormatW
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
SetCursor
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
PostThreadMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetSysColor
EndPaint
BeginPaint
GetDC
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
GetWindow
GetWindowLongW
SetFocus
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
FillRect
CopyRect
SetWindowRgn
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
GetWindowDC
IsZoomed
DrawIconEx
SetRect
MessageBeep
CharUpperW
GetTopWindow
PtInRect
ReleaseDC
GetWindowRect
DrawTextW
TabbedTextOutW
DrawTextExW
GrayStringW
EqualRect
SetTimer
KillTimer
CreateWindowExW
IsWindowVisible
ClientToScreen
GetFocus
GetCaretPos
MessageBoxW
LoadStringW
PostMessageW
IsWindow
IsIconic
DrawIcon
GetClientRect
LoadIconW
OffsetRect
InvalidateRect
LoadBitmapW
GetSystemMetrics
SetActiveWindow
GetParent
SendMessageW
EnableWindow
UnregisterClassA

gdi32

ExtSelectClipRgn
CreatePatternBrush
GetStockObject
GetDeviceCaps
CreatePen
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
GetObjectW
CreateCompatibleBitmap
MoveToEx
LineTo
IntersectClipRect
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetMapMode
SetTextColor
ExcludeClipRect
SetBkMode
CreateFontW
CreateRoundRectRgn
ExtTextOutW
PtVisible
Escape
RectVisible
TextOutW
CreateSolidBrush
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

ws2_32

socket
closesocket
htons
bind
ntohl
inet_addr
htonl
WSAStartup
WSAGetLastError
recvfrom
sendto
ntohs

gdiplus

GdipDeleteStringFormat
GdipCreatePen1
GdipCreateStringFormat
GdipSetPenDashStyle
GdipDrawLineI
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateFont
GdipSetPenWidth
GdipDrawImageI
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetStringFormatAlign
GdipDeleteFont
GdipGetGenericFontFamilySansSerif
GdipCreateBitmapFromStream
GdipMeasureString
GdipSetImageAttributesColorMatrix
GdipCloneBrush
GdipDeletePen
GdipDeleteGraphics
GdipDeleteBrush
GdipGetImageWidth
GdipCloneImage
GdipCreateFromHDC
GdipCreateImageAttributes
GdipDisposeImage
GdipAlloc
GdipDisposeImageAttributes
GdipSetSmoothingMode
GdipGraphicsClear
GdipLoadImageFromFile
GdipSetImageAttributesWrapMode
GdipDrawImageRectRect
GdipFree
GdipGetImageHeight

iphlpapi

GetUdpTable
GetTcpTable

Exports

Exports

ClearPeerInfo
CreateSimTool
DeleteSimTool
GetListeningPort
GetMCSPlayParametar
GetSimToolSettings
MCSourcePlay
ModifyMCSCapPort
ModifyServerPort
SetMCSCurSel
SetMCSLineUp
SetSimPCname
ShowSimTool
StartSimTool
StopSimTool

Sections

.text
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8863214a264ecdbbd638120ee6257a3d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

gdiplus

iphlpapi

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 316KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 44KB - Virtual size: 42KB

.text
Size: 320KB - Virtual size: 316KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 44KB - Virtual size: 42KB