dde05098a0b868e41b27dce3bae7fb20_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dde05098a0b868e41b27dce3bae7fb20_NeikiAnalytics
Size

169KB
MD5

dde05098a0b868e41b27dce3bae7fb20
SHA1

4bbab82206278220229c5f65728b1d5b4a37f04c
SHA256

6b9789fa1e05b433c71905ef0c8d4b90d29b3d8e716f4adbf9c6b55dc6aa91aa
SHA512

bed8b07105d4fb2281d28f947519b53112ef356b8c28d149313eadd7e0f83db9d6453b20baa9bb3ccedbf1051d9c5130d9ea241835f66b8f5516bbad59fc1cd2
SSDEEP

3072:M4CSFNKPIIUUoOVk5nEIS0Mr3U8MkP+9OwmqQQ:M4CSFNeIIUsk5nqr7U9/9Ow4Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dde05098a0b868e41b27dce3bae7fb20_NeikiAnalytics

Files

dde05098a0b868e41b27dce3bae7fb20_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

a2829ce2f32a707e2a8d68372960517a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Current Projects\Visual Studio\nGinMediaServer2\_Output\Bin\Release\nGinMediaServer.pdb

Imports

kernel32

SetThreadExecutionState
GetShortPathNameW
DeleteFileW
GetModuleFileNameW
CreateThread
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
WriteFile
GetLastError
ReadFile
CreateEventW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
CloseHandle
CancelIo
CreateProcessA
CreateFileW
CreateNamedPipeW
GetCurrentProcessId
WideCharToMultiByte
Sleep
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
GetFileSizeEx
SetFilePointerEx
GetQueuedCompletionStatus
WaitForMultipleObjects
PostQueuedCompletionStatus
CreateIoCompletionPort
GetProcAddress
GetCurrentThreadId
GetCurrentProcess
LoadLibraryW
SetUnhandledExceptionFilter
GetTickCount
FormatMessageW
MultiByteToWideChar
GetPrivateProfileStringW
WritePrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent

user32

wsprintfW
FindWindowW
PostMessageW
ExitWindowsEx

advapi32

OpenSCManagerW
CloseServiceHandle
OpenServiceW
DeleteService
ControlService
StartServiceW
OpenProcessToken
IsTextUnicode
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CreateItemMoniker
GetRunningObjectTable

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

shlwapi

PathAppendW
PathFileExistsW
StrToInt64ExW
StrToIntW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW

winmm

timeGetTime

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

_lock
_onexit
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
wcsnlen
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_unlock
_wcsicmp
vswprintf_s
_vscwprintf
wmemcpy_s
_wmkdir
wcstok_s
_beginthreadex
??2@YAPAXIHPBDH@Z
_snprintf
_purecall
??_V@YAXPAX@Z
??_U@YAPAXIHPBDH@Z
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
wcscat_s
wcscpy_s
srand
rand
_wcsupr
__CxxFrameHandler3
_CxxThrowException
memcpy
memset
_wcslwr
__dllonexit
_cexit

mpr

WNetAddConnection2W

shell32

ShellExecuteW
SHFileOperationW

ws2_32

WSAIoctl
closesocket
htonl
bind
WSAGetLastError
listen
WSACleanup
WSAStartup
WSASend
WSARecv
htons
shutdown
socket

mswsock

TransmitFile

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2829ce2f32a707e2a8d68372960517a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

winmm

msvcp100

msvcr100

mpr

shell32

ws2_32

mswsock

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB