dc14694c944c820675e520346d54d0f0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dc14694c944c820675e520346d54d0f0_NeikiAnalytics
Size

1.5MB
MD5

dc14694c944c820675e520346d54d0f0
SHA1

646d433d1149c38dde37275b7d891a0d869ec5f9
SHA256

b15971df33d4124e4c15d6d2f671bef5267b8f37ae0f8b28c4e98107066d3ecc
SHA512

c606d8a0ff00dcacd71ffffc110342bd1f63d6991101c03a46556cdad70f0d215c4368fd935e67dcda6f5a200caba83cfa41126238bfba481da9b379fc8dd1ae
SSDEEP

24576:HchjkKCg09lJCj5GPi59ZASmIdQaAIxq6Y3fN8rbBof:HAjkKCgUClcU6SmIdQMxq6YvurbB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc14694c944c820675e520346d54d0f0_NeikiAnalytics

Files

dc14694c944c820675e520346d54d0f0_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

8ade2110f896ebdf865c44ab3e5917e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\WHPlatForm\DEV\client\WHGameHall\trunk\WHClientHall.pdb

Imports

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

kernel32

LeaveCriticalSection
GetModuleFileNameA
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
ExitProcess
CreateProcessW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
MulDiv
GetLocalTime
InterlockedExchange
Sleep
CreateFileW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
HeapCreate
GetConsoleMode
GetCurrentProcess
WriteFile
ReadFile
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetEndOfFile
GetProcAddress
FlushInstructionCache
RaiseException
GetCurrentThreadId
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
LoadLibraryA
GetCommandLineW
MultiByteToWideChar
lstrlenA
EnterCriticalSection
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
FindResourceExW
WaitForMultipleObjects
GetLastError
CreateDirectoryW
CreateThread
CloseHandle
DeleteFileW
SetEvent
CreateEventW
GetModuleFileNameW
GetFileAttributesW
lstrlenW
WideCharToMultiByte
GetConsoleCP

user32

InvalidateRgn
UnregisterClassA
InvalidateRect
SetCapture
ReleaseCapture
ClientToScreen
SendMessageW
MoveWindow
SetWindowPos
EndDialog
MapWindowPoints
SetRectEmpty
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
GetDlgCtrlID
InflateRect
GetWindowDC
GetCapture
UnionRect
IsZoomed
IsIconic
OffsetRect
DrawTextW
SetCursor
IsMenu
IsWindowEnabled
GetClientRect
TrackPopupMenuEx
PtInRect
SetWindowRgn
GetWindow
GetParent
GetWindowLongW
SetWindowLongW
SetTimer
ShowWindow
MessageBoxW
FindWindowW
CreateDialogParamW
GetDlgItem
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
CharNextW
LoadImageW
GetSystemMetrics
GetActiveWindow
PostQuitMessage
DestroyIcon
KillTimer
RegisterHotKey
SetWindowTextW
GetCursorPos
IsWindowVisible
DialogBoxParamW
RegisterWindowMessageW
GetWindowTextW
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
IsChild
GetFocus
SetFocus
CallWindowProcW
EndPaint
FillRect
BeginPaint
IsWindow
RedrawWindow
ScreenToClient
GetClassNameW
GetDesktopWindow
ReleaseDC
GetDC
CreateAcceleratorTableW
EnableWindow

gdi32

CreateFontIndirectW
GetTextMetricsW
SetBkColor
ExtTextOutW
CreateRectRgn
SelectClipRgn
SetViewportOrgEx
SetBkMode
CreateRoundRectRgn
LineTo
CreateDIBSection
SetDIBColorTable
SetStretchBltMode
SetBrushOrgEx
StretchBlt
SetTextColor
CreateFontW
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
MoveToEx
CreatePen
GetDIBColorTable
EnumFontFamiliesExW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

shell32

ShellExecuteExW
ShellExecuteA
ShellExecuteW

ole32

OleLockRunning
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleInitialize
OleUninitialize

oleaut32

LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantInit
OleCreateFontIndirect
DispCallFunc
VariantClear
SysAllocString
VarUI4FromStr
SysAllocStringLen
SysFreeString

shlwapi

StrCatW
StrCpyW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipAlloc

ws2_32

send
ioctlsocket
inet_addr
connect
select
getsockopt
WSAGetLastError
__WSAFDIsSet
recv
closesocket
WSAStartup
socket
htonl
htons
bind
listen

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ade2110f896ebdf865c44ab3e5917e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 22KB - Virtual size: 33KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 70KB - Virtual size: 69KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 22KB - Virtual size: 33KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 70KB - Virtual size: 69KB