9218e2e6f483956711f2b6ec117ca5a0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

9218e2e6f483956711f2b6ec117ca5a0_NeikiAnalytics
Size

5.8MB
MD5

9218e2e6f483956711f2b6ec117ca5a0
SHA1

03a01cadc26c412029fa7046db26f8afd6235487
SHA256

45a380e78d4fe5fc379170974048e6dc810b0a97f8b0eebd963b7b685f22247b
SHA512

bd5ec53e60c9398447ba9735df1ae589b72229ee612127826f347d976713debc47248c8834a38ef6b23828b3d1d5d8b782242b4bfeb167beaa1168827cfaab8e
SSDEEP

98304:KbuzZ6Em2TKezAWDUuZvbe3knmekE6hOGEuIZRe0lRMUeDuncpuWr7wRGpj3:JUEmIKezAWDUMe0ngE0OGEuaTesGF9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9218e2e6f483956711f2b6ec117ca5a0_NeikiAnalytics

Files

9218e2e6f483956711f2b6ec117ca5a0_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

a1d00f5d004df5dc3a3db28021df671e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins-workspace\workspace\token-wallet-pipeline\build\MinSizeRel\helper.pdb

Imports

wininet

HttpSendRequestW
InternetOpenW
InternetQueryDataAvailable
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
InternetReadFile
HttpAddRequestHeadersW
InternetConnectW
InternetCloseHandle

wsock32

recv
send
socket
shutdown
ord1142
ord1141
accept
__WSAFDIsSet
ioctlsocket
WSASetLastError
WSACleanup
WSAStartup
setsockopt
select
ntohs
ntohl
listen
htons
htonl
getsockopt
getsockname
inet_ntoa
connect
closesocket
bind
gethostname
recvfrom
WSAGetLastError
getpeername

ws2_32

freeaddrinfo
getaddrinfo
WSARecv
WSAIoctl
WSASocketW
WSASend
inet_pton
WSARecvFrom
WSAConnect
inet_ntop
WSAGetOverlappedResult

crypt32

CryptProtectData
CertOpenSystemStoreW
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptUnprotectData

kernel32

ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
ExitThread
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
GetTimeZoneInformation
LoadLibraryExW
FreeLibraryAndExitThread
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeSListHead
GetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
InterlockedPopEntrySList
EnumSystemLocalesW
FormatMessageA
FormatMessageW
WideCharToMultiByte
LocalFree
Sleep
VerSetConditionMask
CloseHandle
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
GetCurrentProcessId
GetCurrentThreadId
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
VerifyVersionInfoW
GetDynamicTimeZoneInformation
InitializeCriticalSection
GetSystemTimeAsFileTime
GetFileAttributesA
SwitchToThread
GetCurrentProcess
DuplicateHandle
CreateMutexA
ReleaseMutex
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
OpenFileMappingA
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileA
AreFileApisANSI
SetHandleInformation
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
UnregisterWaitEx
RegisterWaitForSingleObject
MultiByteToWideChar
VirtualLock
FlushFileBuffers
GetFileSizeEx
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
GetSystemTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
GetVersionExW
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
TryEnterCriticalSection
RtlCaptureContext
ReleaseSemaphore
GetProcessId
CreateThread
CreateSemaphoreW
VirtualQueryEx
SetUnhandledExceptionFilter
SetNamedPipeHandleState
ResetEvent
TransactNamedPipe
WaitNamedPipeW
UnregisterWait
CreateNamedPipeW
DisconnectNamedPipe
GetOverlappedResult
ConnectNamedPipe
ReadProcessMemory
OpenProcess
GetProcessTimes
GetCurrentDirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetCurrentProcessorNumber
GetEnvironmentVariableW
SetEnvironmentVariableW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceFrequency
GetModuleHandleW
SetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
MoveFileExW
GetCurrentThread
GetThreadTimes
VirtualAlloc
VirtualFree
VirtualProtect
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
WriteConsoleW
GetTickCount
GetFullPathNameA
GetExitCodeThread
RaiseException
DecodePointer
EncodePointer

shell32

SHGetFileInfoW
SHGetKnownFolderPath

ole32

CoTaskMemFree

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
SystemFunction036
RegGetValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 800KB - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1d00f5d004df5dc3a3db28021df671e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

wsock32

ws2_32

crypt32

kernel32

shell32

ole32

advapi32

bcrypt

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 244KB - Virtual size: 286KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 800KB - Virtual size: 804KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 244KB - Virtual size: 286KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 800KB - Virtual size: 804KB