3ecba5c50fadd6bc4176f4ad1ebc2860_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

3ecba5c50fadd6bc4176f4ad1ebc2860_NeikiAnalytics
Size

2.7MB
MD5

3ecba5c50fadd6bc4176f4ad1ebc2860
SHA1

6a564f0a7b5f205bb77bc98b1810f3d259181486
SHA256

706cf65dcbb08a7f7170ab21070d8d0a3d391706f4954b4709370d98f6e2b5a6
SHA512

5a89519e60c668575ae1b01d3df0663bd969cac03753845524e854d0c55c816a4d394a45067927ea8c12830d01c615834a0a342177382e22350596fa55f028f4
SSDEEP

49152:SLYXiZS5g58jqwmKiFsY76SnExnkbTczMIpzlPiJ1fv61qazDDPwD:SLwigCGjqwEp75FIZ+KgKn2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ecba5c50fadd6bc4176f4ad1ebc2860_NeikiAnalytics

Files

3ecba5c50fadd6bc4176f4ad1ebc2860_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

d16b0cf0b9705b1f2eb25b44cfac13ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext

winspool.drv

DeletePortW

user32

LoadBitmapW
GetDlgItemTextW
EnableScrollBar
AdjustWindowRectEx
DestroyWindow
GetClassNameW
KillTimer
IsDialogMessageW
ScrollWindow
AnyPopup
GetDoubleClickTime
InSendMessageEx
TranslateMessage
SetWindowTextW
IsZoomed
GetMenuState
GetCursor
ReleaseCapture
FillRect
CharPrevW
GetWindowTextLengthW
PeekMessageW
IsRectEmpty
ShowWindow
DeleteMenu
FindWindowW
CheckRadioButton
GetDialogBaseUnits
MapWindowPoints
IntersectRect
GetMenuItemInfoW
IsWindowEnabled
IsIconic

opengl32

glIsEnabled
glTexParameteri
glEnable
glDisable
glColorMask
glDeleteTextures
glViewport
glPixelStorei
glStencilFunc
glBlendFunc
glGetString
glTexSubImage2D
glDrawElements
glGetError
glGenTextures
glGetFloatv
glFlush
glClearDepth
glDepthMask
glStencilMask
glTexImage2D

winscard

SCardGetStatusChangeW

oleaut32

SysAllocStringLen
SafeArrayGetLBound
VarBstrFromBool
SafeArrayCreate
VarBstrFromDate
VariantChangeType
VariantInit
VarDateFromStr
VarR8FromStr
VariantClear
SafeArrayGetElement
SysFreeString
SafeArrayPtrOfIndex
VarBstrFromCy
SafeArrayUnaccessData
CreateErrorInfo
SafeArrayAccessData
SysReAllocStringLen
VarI4FromStr
LoadTypeLi
VarBoolFromStr
SafeArrayGetUBound
VarCyFromStr
VarNot

advapi32

RegDeleteValueW
UnregisterTraceGuids
OpenSCManagerW
RegCreateKeyExW
RegDeleteKeyW
GetTraceLoggerHandle
RegisterTraceGuidsW

kernel32

DeleteCriticalSection
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
LoadLibraryA
HeapReAlloc
HeapAlloc
EnterCriticalSection
InitializeCriticalSection
InterlockedDecrement
GetModuleFileNameA
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
RaiseException
ExitProcess
GetVersion
GetConsoleWindow
FreeConsole
IsValidLocale
OpenJobObjectW
FindFirstChangeNotificationW
lstrcmpW
MapViewOfFile
GetMailslotInfo
IsDebuggerPresent
VirtualAlloc
GetCPInfo
GetCommandLineW
DeleteFileW
LeaveCriticalSection
InterlockedIncrement
WaitForSingleObject
IsValidCodePage
GetOEMCP
GetACP

imm32

ImmAssociateContext
ImmSetCandidateWindow
ImmGetConversionStatus
ImmReleaseContext

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 32.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdarg
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldhyf
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ora4ao
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00ndnh
Size: 913KB - Virtual size: 913KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d16b0cf0b9705b1f2eb25b44cfac13ef

Headers

File Characteristics

Imports

wintrust

winspool.drv

user32

opengl32

winscard

oleaut32

advapi32

kernel32

imm32

Sections

.text Size: 230KB - Virtual size: 229KB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 5KB - Virtual size: 32.3MB

.sdarg Size: 515KB - Virtual size: 515KB

.ldhyf Size: 625KB - Virtual size: 624KB

.ora4ao Size: 133KB - Virtual size: 132KB

.00ndnh Size: 913KB - Virtual size: 913KB

.rsrc Size: 60KB - Virtual size: 60KB

.text
Size: 230KB - Virtual size: 229KB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 5KB - Virtual size: 32.3MB

.sdarg
Size: 515KB - Virtual size: 515KB

.ldhyf
Size: 625KB - Virtual size: 624KB

.ora4ao
Size: 133KB - Virtual size: 132KB

.00ndnh
Size: 913KB - Virtual size: 913KB

.rsrc
Size: 60KB - Virtual size: 60KB