5ff04d01ede4b839bb0995e07208ad70_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

5ff04d01ede4b839bb0995e07208ad70_NeikiAnalytics
Size

1.6MB
MD5

5ff04d01ede4b839bb0995e07208ad70
SHA1

eea5d72f2833f55f90a49df7ea7c3186ead35390
SHA256

ef0244d6f92ea44f91a8c2b5cee9533ad2546ce3e471e7a1546b1f7e8a52f5a2
SHA512

73693485b686cff4c01a2b3cbe6f9f3cb68ec8811b61df704ed9fadb8f7bebf97f9e458f2f5dc64a98d75edcd9080cc589402e7012bb3e16153ec29e2774aac4
SSDEEP

24576:pkk58OTGgrb2VQPo3npJyvPBhB+tzoWWp7xr9MPmUnNYA7c+bF3Ne9OO4DtatDl0:pkk58OVCVaoq1d7xrBspbcU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ff04d01ede4b839bb0995e07208ad70_NeikiAnalytics

Files

5ff04d01ede4b839bb0995e07208ad70_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

c326c8869ce57c1e7ea0ff752b3a43ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemAlloc
CoInitialize
CoUninitialize

shell32

SHGetFileInfoA

olepro32

OleTranslateColor

kernel32

GetProcAddress
VirtualProtect
RtlMoveMemory
HeapFree
GetModuleHandleA
GetProcessHeap
RtlZeroMemory
LoadLibraryA
lstrcmpA
FreeLibrary
lstrlenA
GetVersion
MulDiv
CloseHandle
lstrlenW
lstrcmpiA
HeapAlloc
MultiByteToWideChar

comctl32

ImageList_DrawEx
ImageList_DragMove
ImageList_GetIcon
ImageList_AddIcon
ImageList_DragLeave
ImageList_DragEnter
ImageList_BeginDrag
InitCommonControlsEx
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Create
DllGetVersion
ImageList_DragShowNolock
ImageList_Draw
ImageList_AddMasked
InitCommonControls
ImageList_Destroy

gdi32

GetObjectA
SelectObject
GetDeviceCaps
CreateFontIndirectA
DeleteDC
CreateCompatibleDC
CreateDCA
CreateDIBSection
GetPixel
SetTextColor
CreateBrushIndirect
CreatePenIndirect
OffsetWindowOrgEx
StretchDIBits
DeleteObject
CreateCompatibleBitmap
GetTextExtentPoint32A
BitBlt
SetBkColor

user32

SetWindowPos
DestroyIcon
LoadImageA
RemovePropA
GetWindowRect
CreateWindowExA
ScreenToClient
SetWindowsHookExA
ReleaseCapture
FillRect
InvalidateRect
DrawStateA
GetKeyState
UnhookWindowsHookEx
IsRectEmpty
UnionRect
VkKeyScanA
FindWindowExA
EnableWindow
MoveWindow
SetActiveWindow
OffsetRect
DestroyWindow
GetSysColor
RedrawWindow
DrawTextA
SetFocus
GetScrollInfo
SetWindowLongA
SystemParametersInfoA
SendMessageA
ReleaseDC
VkKeyScanW
WindowFromPoint
DestroyAcceleratorTable
PostMessageA
CreateAcceleratorTableA
InflateRect
GetFocus
GetDC
CallNextHookEx
GetSystemMetrics
GetAsyncKeyState
SetPropA
SetTimer
DestroyCursor
GetActiveWindow
KillTimer
GetClientRect
GetCursorPos
GetPropA
UpdateWindow
IntersectRect

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaVarMove
__vbaStrI4
__vbaRedimPreserveVar
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord697
__vbaEnd
__vbaFreeVarList
__vbaVargObjAddref
_adj_fdiv_m64
__vbaFpCDblR8
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaNextEachVar
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord626
ord519
__vbaVarSetVarAddref
__vbaI2Abs
__vbaI4Sgn
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaStrCat
ord660
ord553
__vbaLsetFixstr
__vbaBoolErrVar
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord556
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
ord592
ord593
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord594
__vbaI4Abs
ord595
__vbaOnError
__vbaObjSet
__vbaVargObj
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaCyStr
ord520
__vbaStrFixstr
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord709
VarPtr
ord631
__vbaErase
ord632
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
ord525
__vbaChkstk
__vbaFileClose
ord526
__vbaCyVar
EVENT_SINK_AddRef
ord527
__vbaExitEachColl
__vbaStrCmp
__vbaPutOwner3
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
ord561
__vbaObjVar
PutMem1
__vbaI2I4
ord562
PutMem2
DllFunctionCall
__vbaVarOr
ord563
__vbaFpUI1
__vbaCySub
PutMem4
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
ord601
_CIsqrt
__vbaLateIdCallSt
__vbaRedimVar
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaStr2Vec
ord710
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaLateIdStAd
ord714
ord607
GetMem1
__vbaFailedFriend
ord608
GetMem2
ord715
ord716
ord609
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
GetMem4
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaMidStmtBstrB
__vbaI2Var
__vbaFileSeek
__vbaStopExe
ord537
ord644
ord538
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord611
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
ord321
__vbaVerifyVarObj
__vbaFpI2
ord614
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaForEachVar
__vbaI4Cy
ord542
__vbaVarNeg
__vbaLateIdNamedCall
ord543
ord650
_allmul
ord544
__vbaLateIdSt
__vbaAryRecCopy
ord545
_CItan
ord546
__vbaNextEachCollAd
__vbaUI1Var
ord547
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c326c8869ce57c1e7ea0ff752b3a43ea

Headers

File Characteristics

Imports

ole32

shell32

olepro32

kernel32

comctl32

gdi32

user32

msvbvm60

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 4KB - Virtual size: 56KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 4KB - Virtual size: 56KB

.rsrc
Size: 28KB - Virtual size: 26KB