2829dc6d3b7f62d48c927c9b4bac99c0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2829dc6d3b7f62d48c927c9b4bac99c0_NeikiAnalytics
Size

1.3MB
MD5

2829dc6d3b7f62d48c927c9b4bac99c0
SHA1

4b940322d8424727fd6bea212287758fdfd56d90
SHA256

5f2375881ae09bae6f8574064b6cf7034e5f16ca7f6b18de5e149043effc7602
SHA512

1b37980ba014b401431909371c052dcd6e2f046331fbfd13b0420b28c0fa58496f6270e7b308e943e527c09eeb4d719fae3f3b2779cd41fe5fa77603876cb23d
SSDEEP

24576:DjkqLNSsU7mdslZZK281V6TZfnqR6AYLm5W67uhoKzoI44g:DHccV6TZfHAh57uiKzov

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2829dc6d3b7f62d48c927c9b4bac99c0_NeikiAnalytics

Files

2829dc6d3b7f62d48c927c9b4bac99c0_NeikiAnalytics
.dll regsvr32 windows:6 windows x86 arch:x86

e97ffd5a1c7c38482961981793d04feb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\Target\x86\ship\clview\x-none\mshelp\hxds.pdb

Imports

kernel32

RaiseException
SetLastError
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcmpW
CreateSemaphoreW
GetTempFileNameA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetWindowsDirectoryA
GetWindowsDirectoryW
MoveFileExW
CreateFileA
GetFileAttributesA
SetFileAttributesA
GetFullPathNameW
GetFileInformationByHandle
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
GetSystemDirectoryA
LocalAlloc
LocalFree
GlobalSize
LockResource
GetCurrentThread
GetUserDefaultLCID
DecodePointer
GetCommandLineA
EncodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTempPathW
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetStringTypeW
InterlockedExchange
LoadLibraryW
LCMapStringW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetProcessHeap
RemoveDirectoryW
RemoveDirectoryA
GetTempFileNameW
GetFileType
GetFileSize
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
CreateDirectoryA
IsValidLocale
CopyFileW
CopyFileA
GetSystemTimeAsFileTime
Sleep
CloseHandle
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
FindNextFileW
FindFirstFileW
FindClose
SetFileAttributesW
GetFileAttributesW
GetTickCount
GetModuleFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
OutputDebugStringA
MultiByteToWideChar
lstrlenW
lstrlenA
FormatMessageW
FormatMessageA
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetLastError
WideCharToMultiByte
SetErrorMode
IsDebuggerPresent
GetDriveTypeA
SetCurrentDirectoryW
SetEnvironmentVariableW
LoadLibraryA
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentDirectoryW
CompareStringA
CompareStringW
GetSystemDefaultLCID
GetVersionExA
GetTempPathA
GetModuleHandleA
FindResourceExW
GetVersion
GetDiskFreeSpaceA

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentExPointW
GetTextExtentExPointA

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

GetNamedSecurityInfoW
RevertToSelf
MapGenericMask
ImpersonateSelf
AccessCheck
OpenThreadToken
OpenProcessToken
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

ole32

OleLockRunning
OleUninitialize
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoTaskMemFree
CoDisconnectObject
CoTaskMemRealloc
CoGetMalloc
CreateBindCtx
CreateItemMoniker
StringFromCLSID
CreatePointerMoniker
OleInitialize

oleaut32

SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
OleCreateFontIndirect
SetErrorInfo
GetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
SysFreeString
SysAllocString
VariantInit
VariantClear

winspool.drv

StartDocPrinterW
StartPagePrinter
OpenPrinterA
OpenPrinterW
WritePrinter
ClosePrinter
EndDocPrinter
StartDocPrinterA
EndPagePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HxGetObjectCA

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e97ffd5a1c7c38482961981793d04feb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

version

advapi32

ole32

oleaut32

winspool.drv

Exports

Exports

Sections

.text Size: 598KB - Virtual size: 597KB

.data Size: 38KB - Virtual size: 47KB

.rsrc Size: 251KB - Virtual size: 250KB

.reloc Size: 395KB - Virtual size: 396KB

.text
Size: 598KB - Virtual size: 597KB

.data
Size: 38KB - Virtual size: 47KB

.rsrc
Size: 251KB - Virtual size: 250KB

.reloc
Size: 395KB - Virtual size: 396KB