890d1f598bbfcc211b38dc9c318737b0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

890d1f598bbfcc211b38dc9c318737b0_NeikiAnalytics
Size

1.2MB
MD5

890d1f598bbfcc211b38dc9c318737b0
SHA1

a3c86710289c1cb49d7a8a3af58e3ef396f3046d
SHA256

c967966d472bcd24144c3a4e244e192ca597bc863f7890878f7a374b16cb8786
SHA512

c16ddeb43cc19e77b60f1bc308b78516fe98fc366747c13e58fedaa51fbdbb000a877913f3a626c3b569424b554d57015be069392032e608c5c15016aefc0126
SSDEEP

12288:7HkZtSJtttkDMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:78gSkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
890d1f598bbfcc211b38dc9c318737b0_NeikiAnalytics

Files

890d1f598bbfcc211b38dc9c318737b0_NeikiAnalytics
.exe windows:4 windows x64 arch:x64

a908d36b63842f3b2727ea9928adca98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateProcessAsUserW
CreateServiceW
CreateWellKnownSid
DeleteService
GetTokenInformation
InitializeSecurityDescriptor
LookupPrivilegeValueW
LsaAddAccountRights
LsaClose
LsaOpenPolicy
OpenProcessToken
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExA
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetEntriesInAclW
SetSecurityDescriptorDacl
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

comctl32

PropertySheetW

gdi32

CreateSolidBrush
DeleteObject
Ellipse
SelectObject

kernel32

CloseHandle
CreateDirectoryW
CreateEventA
CreateFileW
CreateProcessW
CreateThread
DefineDosDeviceW
DeviceIoControl
ExitProcess
GetCommandLineW
GetCurrentProcess
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetTempPathW
GetVersionExW
GetVolumeInformationW
LoadLibraryA
OpenEventA
ReadFile
SetCurrentDirectoryW
SetEvent
SetVolumeLabelW
Sleep
VirtualAlloc
WTSGetActiveConsoleSessionId
WaitForSingleObject

msvcrt

_snwprintf
_wtoi
wcscat
wcscmp
wcscpy
wcslen
wcsncmp
wcsstr
wcstok

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

shlwapi

PathAddBackslashW
PathFileExistsW
PathIsDirectoryEmptyW
PathQuoteSpacesW
PathRemoveBackslashW
PathRemoveFileSpecW

user32

BeginPaint
CheckDlgButton
CheckRadioButton
CreateWindowExW
DialogBoxParamW
DrawIcon
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
GetComboBoxInfo
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
GetParent
IsDlgButtonChecked
LoadImageW
MapDialogRect
MessageBeep
MessageBoxW
RedrawWindow
SendDlgItemMessageW
SendMessageW
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetWindowLongPtrW

wtsapi32

WTSQueryUserToken
WTSSendMessageW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a908d36b63842f3b2727ea9928adca98

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

shell32

shlwapi

user32

wtsapi32

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 352B

.rdata Size: 4KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 360B

.xdata Size: 512B - Virtual size: 448B

.bss Size: - Virtual size: 6KB

.edata Size: 512B - Virtual size: 56B

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 352B

.rdata
Size: 4KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 360B

.xdata
Size: 512B - Virtual size: 448B

.bss
Size: - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 56B

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB