61933832ecac290e39fd3a6996b81d60_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

61933832ecac290e39fd3a6996b81d60_NeikiAnalytics
Size

434KB
MD5

61933832ecac290e39fd3a6996b81d60
SHA1

bc531a8b4e20b3cedb6328186e0afb3bc03e38bd
SHA256

cb5ca2a01349d795a0d8965f1abc0ff1837376721293bdc34e0245a9adc23a52
SHA512

3f2ec4b8bc23d590ef19e77107933bc800c062a73b2e19468729236a0fd28cbdac28ab4e5d7f3deadb573003afb347a0ae85b2acd8c9b21a368a8f8010338302
SSDEEP

6144:TOhOg2TrkwrizEAUJLN53yz4UUUUUUiUUUUUSUUUUUUQI3g9r:ER2TIXzp93g9r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61933832ecac290e39fd3a6996b81d60_NeikiAnalytics

Files

61933832ecac290e39fd3a6996b81d60_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

7005aa2ff305d5def2540ade5b801b46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Travail\Sonometrie\sonoauto\SonoAuto_VS2019_A_PARTIR_AVRIL_2023\Debug\SonoAuto.pdb

Imports

libcurl

curl_easy_setopt
curl_easy_init
curl_global_cleanup
curl_easy_perform
curl_easy_cleanup
curl_global_init

libxml2

xmlDocGetRootElement
xmlInitParser
xmlCleanupParser
xmlReadMemory
xmlFreeDoc

sonokbd

?UnHookKbd@@YAHXZ
?HookKbd@@YAHPAUHWND__@@HHHH@Z

mfc140d

ord4865
ord5559
ord1215
ord15181
ord963
ord1512
ord10946
ord6208
ord9661
ord16437
ord10004
ord10994
ord13513
ord14098
ord3310
ord3024
ord5145
ord16044
ord7508
ord8197
ord1056
ord3839
ord4911
ord1572
ord10870
ord1645
ord1655
ord1855
ord3563
ord5752
ord972
ord1885
ord7893
ord15394
ord16068
ord14611
ord14632
ord9906
ord15035
ord14946
ord15191
ord15182
ord16411
ord15959
ord16509
ord10606
ord16504
ord15101
ord16526
ord16522
ord15104
ord6229
ord14143
ord14472
ord10527
ord10020
ord16777
ord5513
ord16767
ord4966
ord4976
ord9350
ord5442
ord2924
ord5025
ord5814
ord10422
ord4462
ord6068
ord267
ord270
ord316
ord1640
ord1648
ord2581
ord2773
ord2777
ord6105
ord9771
ord10399
ord10465
ord10466
ord15002
ord10008
ord8950
ord14613
ord14828
ord5575
ord6518
ord15659
ord11209
ord7896
ord489
ord14050
ord2031
ord2366
ord14525
ord850
ord1447
ord2512
ord2771
ord8115
ord1470
ord878
ord2975
ord5085
ord5191
ord8389
ord4478
ord5574
ord14965
ord10392
ord532
ord15141
ord3451
ord1250
ord1063
ord17136
ord14400
ord4501
ord13826
ord3466
ord538
ord1253
ord6718
ord6722
ord7097
ord9764
ord5624
ord5646
ord2656
ord269
ord9945
ord5392
ord17062
ord14376
ord17115
ord6479
ord1835
ord1823
ord1065
ord2347
ord6834
ord7447
ord1577
ord601
ord15373
ord3818
ord5789
ord263
ord2514
ord1638
ord13948
ord2607
ord1643
ord4433
ord4325
ord4313
ord5359
ord8569
ord12131
ord9109
ord1257
ord12000
ord6959
ord14097
ord14147
ord9825
ord14129
ord7159
ord4483
ord8222
ord1090
ord16241
ord7685
ord17126
ord7686
ord17127
ord7684
ord17125
ord9535
ord14513
ord16915
ord13837
ord13838
ord2371
ord9476
ord15029
ord4747
ord4808
ord11139
ord17051
ord9454
ord17053
ord5189
ord14524
ord2884
ord6440
ord9960
ord9532
ord5490
ord14942
ord15010
ord12187
ord14137
ord10043
ord1599
ord3021
ord5142
ord10143
ord2679
ord2558
ord1292
ord1036
ord6106
ord10140
ord543
ord3972
ord4214
ord7150
ord8232
ord4884
ord2878
ord4326
ord8234
ord16753
ord15206
ord15760
ord8414
ord9824
ord10535
ord16531
ord9322
ord15111
ord16643
ord15821
ord13474
ord5367
ord12844
ord15429
ord10084
ord11160
ord10186
ord8363
ord7453
ord594
ord6739
ord7475
ord7067
ord15709
ord9609
ord4485
ord9602
ord2610
ord3873
ord481
ord1170
ord3872
ord3854
ord371
ord4240
ord378
ord1520
ord4211
ord974
ord4524
ord1890
ord9110
ord11090
ord2680
ord1942
ord10973
ord14051
ord493
ord7898
ord1220
ord14006
ord7506
ord16040
ord3309
ord10947
ord5026
ord2925
ord1218
ord10769
ord12821
ord13218
ord12225
ord4749
ord4006
ord4007
ord3744
ord3745
ord3893
ord3890
ord12005
ord9816
ord17243
ord12036
ord12038
ord12037
ord12035
ord12039
ord6798
ord13562
ord13563
ord10874
ord13963
ord4467
ord13785
ord17046
ord10692
ord5382
ord3086
ord4729
ord8405
ord12807
ord3848
ord16191
ord14159
ord14155
ord1972
ord1994
ord2020
ord2006
ord2027
ord5876
ord5943
ord5888
ord5906
ord5900
ord5894
ord5953
ord5937
ord5882
ord5959
ord5914
ord5852
ord5867
ord5928
ord5394
ord6986
ord11437
ord5380
ord3628
ord17054
ord9455
ord17052
ord8244
ord15661
ord13554
ord15975
ord7186
ord3217
ord13999
ord4586
ord3966
ord3967
ord3847
ord14046
ord6274
ord6678
ord6956
ord11091
ord6648
ord6277
ord6506
ord6256
ord9208
ord9209
ord9198
ord6504
ord9829
ord1171
ord7163
ord1671
ord306
ord311
ord3582
ord16747
ord7110
ord15253
ord1653
ord8952
ord1646
ord1674
ord1141
ord322
ord1880
ord3111
ord2898
ord15435
ord15177
ord15178
ord14523
ord15180
ord1575
ord1951
ord2801

kernel32

GetTickCount
CreateDirectoryA
GetFileAttributesA
WritePrivateProfileStringA
GetFullPathNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetFileAttributesExA
WinExec
CreateFileA
DeleteFileA
CopyFileA
WaitForSingleObject
CreateThread
ReadFile
WriteFile
CloseHandle
SetEvent
CreateEventA
GetCommMask
GetCommState
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
Sleep
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleFileNameA
GetLocalTime
FormatMessageA
LocalFree
MultiByteToWideChar
SetLastError
CreateMutexA
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
WideCharToMultiByte
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetLastError
GetSystemTimeAsFileTime
InitializeSListHead
VirtualQuery
FreeLibrary

user32

LoadImageA
MessageBoxA
PeekMessageA
PostQuitMessage
InflateRect
GetSysColor
CopyRect
EqualRect
GetSystemMetrics
OffsetRect
UnregisterClassA

gdi32

DeleteDC

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueA

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

ws2_32

closesocket
connect
htonl
htons
bind
WSAGetLastError
WSAStartup
inet_addr
send
shutdown
socket
gethostbyname

msvcp140d

?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

vcruntime140d

__std_exception_copy
strrchr
__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
strstr
_CxxThrowException
strchr
__std_exception_destroy
__CxxFrameHandler3
memset
memcpy
memmove

ucrtbased

__stdio_common_vsprintf
__stdio_common_vsnprintf_s
free
malloc
_CrtDbgReport
_CrtDbgReportW
strcat
strcpy
strncpy
fclose
fflush
fopen
fputs
fseek
ftell
rename
exit
_splitpath
atof
atoi
_mktime64
_calloc_dbg
ldiv
_localtime64_s
_time64
_access
_invalid_parameter
_invalid_parameter_noinfo
_errno
strcmp
_strdup
__stdio_common_vswprintf_s
__stdio_common_vfprintf
__stdio_common_vsprintf_s
strcpy_s
strcat_s
_gmtime64_s
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_controlfp_s
_wmakepath_s
_wsplitpath_s
_recalloc
__acrt_iob_func
wcslen
wcscpy_s
_setmbcp
strlen

Sections

.textbss
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7005aa2ff305d5def2540ade5b801b46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcurl

libxml2

sonokbd

mfc140d

kernel32

user32

gdi32

advapi32

comctl32

oleaut32

gdiplus

ws2_32

msvcp140d

version

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 114KB

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 3KB - Virtual size: 15KB

.idata Size: 12KB - Virtual size: 11KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 18KB - Virtual size: 18KB

.textbss
Size: - Virtual size: 114KB

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 15KB

.idata
Size: 12KB - Virtual size: 11KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 18KB - Virtual size: 18KB