4e3f87074d8f1e156469f6fb32d56e50_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

4e3f87074d8f1e156469f6fb32d56e50_NeikiAnalytics
Size

391KB
MD5

4e3f87074d8f1e156469f6fb32d56e50
SHA1

347346b60d2e3720f5efbc182630c05b7842cea7
SHA256

2b444aaa680059661ff5b157889cdf0e11fa9cbe7ed8891d9891a82e059305fc
SHA512

d7b357094753c387ad0a5d98582501b2b26a702d667ebf31f022f8b812cfcdf43d912473419b129f43cb5556edc3eaf88d5ccad6dbd48292a782d37303611fb0
SSDEEP

6144:VrhKzR9NKaLt5mRC/MqTE2HQOFOyONWCCf0TLy8qp/84KF6Cc:BhKd9NKaLTmQ/XBHiCfqLy84/8FF6Cc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e3f87074d8f1e156469f6fb32d56e50_NeikiAnalytics

Files

4e3f87074d8f1e156469f6fb32d56e50_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

5b6d75c9428b3503e4bd267bbd155a23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imaginaconfig

IMACfg_IsModified
IMACfg_GetValidIdChars
IMACfg_CloseCfg
IMACfg_GetValueInt
IMACfg_SetModified
IMACfg_LoadCfg
IMACfg_SaveCfg
IMACfg_GetErrorStr
IMACfg_DeleteNode
IMACfg_RenameNode
IMACfg_ReorderNode
IMACfg_CreateKey
IMACfg_GetNodeInfo
IMACfg_SetNodeInfo
IMACfg_SetValue
IMACfg_CreateFolder
IMACfg_GetValueStr
IMACfg_GetChildNameByIndex2
IMACfg_GetChildCount
IMACfg_GetChildNameByIndex
IMACfg_CheckNode
IMACfg_GetValueBool

mfc90

ord524
ord1102
ord3159
ord3730
ord3151
ord4157
ord3920
ord3674
ord2141
ord6079
ord6170
ord6527
ord2470
ord4384
ord4529
ord6584
ord2360
ord1611
ord305
ord3213
ord6291
ord4977
ord6474
ord941
ord4026
ord5482
ord4030
ord1727
ord1137
ord3480
ord4638
ord1668
ord2274
ord611
ord1108
ord639
ord374
ord3506
ord4668
ord5636
ord1496
ord6388
ord3344
ord1678
ord1809
ord1810
ord2208
ord5309
ord5152
ord4617
ord5615
ord2057
ord1938
ord6740
ord2899
ord6559
ord3987
ord4993
ord4502
ord6780
ord2896
ord4727
ord3487
ord4640
ord1670
ord2277
ord4496
ord1604
ord2103
ord615
ord4116
ord4760
ord3949
ord4256
ord1607
ord300
ord2082
ord3141
ord4513
ord3519
ord654
ord1937
ord1603
ord1746
ord3940
ord4281
ord1918
ord4029
ord4952
ord793
ord589
ord3659
ord4890
ord3110
ord6001
ord5646
ord5663
ord4981
ord4333
ord2447
ord5659
ord5657
ord3209
ord2087
ord367
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord4646
ord2251
ord4733
ord6781
ord4159
ord6783
ord4409
ord4434
ord1098
ord2672
ord2591
ord6048
ord5167
ord5924
ord4431
ord3553
ord4643
ord1698
ord2279
ord4497
ord1605
ord2105
ord6771
ord1492
ord692
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord3277
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4667
ord3643
ord595
ord796
ord2069
ord2592
ord2587
ord6074
ord1357
ord3477
ord3528
ord2588
ord1358
ord3479
ord2106
ord2097
ord636
ord744
ord436
ord686
ord3931
ord677
ord2278
ord1771
ord1685
ord4642
ord3538
ord6329
ord790
ord3273
ord3654
ord6473
ord767
ord1716
ord4650
ord3632
ord777
ord2283
ord1720
ord3346
ord6391
ord1755
ord1752
ord4331
ord4199
ord1497
ord1183
ord3534
ord798
ord4223
ord942
ord945
ord817
ord899
ord4507
ord820
ord265
ord266
ord6681
ord6675
ord310
ord2074
ord5585
ord2206
ord5497
ord316
ord2539
ord601
ord800
ord1583
ord1276

msvcr90

_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
fopen_s
fprintf
fclose
exit
memset
__argc
__argv
atoi
strtod
strtoul
strtol
sprintf_s
strncpy_s
_snprintf_s
_stricmp
strchr
strcpy_s
__CxxFrameHandler3
_splitpath_s
_setmbcp

kernel32

TerminateProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameA
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
DeleteFileA
CloseHandle
GetTickCount
WaitForSingleObject

user32

GetWindowRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
KillTimer
SetTimer
LoadIconA
GetWindowLongA
GetSystemMetrics
GetSysColor
GetScrollPos
EnableWindow
GetParent
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
SendMessageA
DrawFocusRect
DrawEdge
FillRect
InflateRect
SetRect
PtInRect
IsRectEmpty
CopyRect
MessageBoxA
UpdateWindow

gdi32

BitBlt
SelectObject
GetStockObject
GetTextExtentPoint32A
CreateFontA
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
CreateSolidBrush
CreateCompatibleDC

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b6d75c9428b3503e4bd267bbd155a23

Headers

DLL Characteristics

File Characteristics

Imports

imaginaconfig

mfc90

msvcr90

kernel32

user32

gdi32

advapi32

shell32

msvcp90

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 160KB - Virtual size: 160KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 160KB - Virtual size: 160KB