da3f53dd76d6089472f38a03159b3900_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

da3f53dd76d6089472f38a03159b3900_NeikiAnalytics
Size

741KB
MD5

da3f53dd76d6089472f38a03159b3900
SHA1

b37728c8a85cd4033e22deb6afa35fab5bc3122a
SHA256

5bbb68d528c2de710b7d26e2edb93d4e77d8692b7466f824deef5a6fe4e5b270
SHA512

a10f55f0a908edcfe8b7d5a60994f7540102c243c728b51502b5e86c9b1bc973dbe829015df2b7f69558947bf7342f625188ca19584b47b2336878448d701fdb
SSDEEP

12288:C4uYPYT0TRHoqIiJw/9Rrw0R1u4V/0YG3wx6EcJHUEhPUotFZr+1izHGNe8jKk3g:uvoTR+/TwSfVcYG3K/cJHlnFR+IGNe8c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da3f53dd76d6089472f38a03159b3900_NeikiAnalytics

Files

da3f53dd76d6089472f38a03159b3900_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

caebd7d2ee8ddcc16c53df49ec65ba6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\vmware\shared\vs2015\PnHelp_8_30_2010_used_by_android\x64\Release\PnHelp.pdb

Imports

setupapi

SetupDiCreateDeviceInfoList
SetupDiRemoveDevice
SetupDiGetDeviceInterfaceDetailW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiRegisterDeviceInfo
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetSelectedDevice
SetupCopyOEMInfW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces

kernel32

GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetLastError
FreeLibrary
GetModuleFileNameW
GetProcAddress
lstrcatW
lstrlenW
LoadLibraryW
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
GetCommandLineW
DecodePointer
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
Sleep
CreateThread
GetCurrentThreadId
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
SetStdHandle
GetStringTypeW
GetConsoleCP
CreateFileW
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
lstrcmpiW
HeapReAlloc
HeapSize
GetFileType
HeapAlloc
HeapFree
GetACP
WriteFile
GetStdHandle
WideCharToMultiByte
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
EncodePointer
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleExW
ExitProcess
SetLastError
IsDebuggerPresent
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent

user32

PostThreadMessageW
DispatchMessageW
TranslateMessage
CharUpperW
FindWindowW
MessageBoxW
CharNextW
wsprintfW
PostMessageW
GetMessageW

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

ole32

IIDFromString
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
CoInitialize
CoTaskMemAlloc

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

SHDeleteValueW
PathRemoveFileSpecW

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

caebd7d2ee8ddcc16c53df49ec65ba6a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 6KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 212B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 6KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 212B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 568KB - Virtual size: 572KB