95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics
Size

5.1MB
MD5

95895daf8ca19a671ebeab9d7b254710
SHA1

1e7c6d97bc5dabed02abc4839b5059f4ea2ae909
SHA256

340cb5d5c4cf1b0a755ca0013d069ab7c8c225ff31bd8b56d026a35628fbb66f
SHA512

47a6e1348fc4b28187bfc44d3f914206e2a51dfb3dd293d6299a04226a81ebfd45d33aa8d34e75bc956c1b5f9e9be1c113ae1f7a01eba940f332c78cdde4b005
SSDEEP

98304:1eNboDNNC2vRtOGITQ2V2K93oI7XdoIHGj8kQv+3Ts2BO2np5x4+LBkGXO:oNboD/C2ptOG6Q2V2KpoI7XdoIHGj8k6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics

Files

95895daf8ca19a671ebeab9d7b254710_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

9d355e9855f0a91abd731f5477d9d64f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegisterEventSourceA
ReportEventA
SetSecurityDescriptorDacl

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

iphlpapi

GetBestRoute
GetIpAddrTable

kernel32

AreFileApisANSI
CloseHandle
CopyFileW
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OutputDebugStringA
PostQueuedCompletionStatus
PulseEvent
QueryPerformanceCounter
QueueUserAPC
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SystemTimeToFileTime
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
UnmapViewOfFile
VirtualLock
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_fdopen
_memicmp
_read
_strdup
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_close
_commit
_errno
_exit
_filbuf
_filelengthi64
_flsbuf
_ftime
_getch
_getcwd
_iob
_isctype
_lseeki64
_onexit
_open
_pctype
_setmode
_snprintf
_stat
_stricmp
_strlwr
_strnicmp
_vsnprintf
_wfopen
abort
atexit
atoi
atol
calloc
ctime
exit
fclose
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getenv
getwc
gmtime
isalpha
isprint
isspace
iswctype
localeconv
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
perror
pow
printf
putchar
puts
putwc
qsort
raise
rand
realloc
setbuf
setlocale
setvbuf
signal
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
strxfrm
swprintf
system
time
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
vprintf
wcscoll
wcsftime
wcslen
wcsstr
wcsxfrm

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shell32

SHGetSpecialFolderPathA

shlwapi

PathRemoveFileSpecA

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSARecv
WSASend
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d355e9855f0a91abd731f5477d9d64f

Headers

File Characteristics

Imports

advapi32

gdi32

iphlpapi

kernel32

msvcrt

ole32

shell32

shlwapi

user32

ws2_32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.data Size: 110KB - Virtual size: 109KB

.rdata Size: 447KB - Virtual size: 447KB

.bss Size: - Virtual size: 20KB

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 8B

.text
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 110KB - Virtual size: 109KB

.rdata
Size: 447KB - Virtual size: 447KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 8B