ad400827e20609eb476d2770b64649a0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

ad400827e20609eb476d2770b64649a0_NeikiAnalytics
Size

72KB
MD5

ad400827e20609eb476d2770b64649a0
SHA1

ac5fff57538eab1a9bf0fd27c51936cf6e65e079
SHA256

2a718b379c921265f945253f5a2c026119ebbd11fbf1cb9e6e355dc3fb3b1875
SHA512

751edc0223cb5f9f345230f18ce313aee69ec2b0bef941b798a030b3343af533436bb1423b79e882ca1ce28d6be5e2edf637783b38b267048b75c0629cef45b9
SSDEEP

1536:u/hAqcwDpz/+GaD4AcL9Sf7hiyl4vMXkH1jQdX:u/hdFpz/+GaD4Ag9k7hiQ4vMXkH1QdX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad400827e20609eb476d2770b64649a0_NeikiAnalytics

Files

ad400827e20609eb476d2770b64649a0_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

0cfda2f98ec00ccbf39d552b1434be71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileA
GetLocalTime
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
WriteFile
LocalAlloc
PeekNamedPipe
MoveFileExA
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
OpenEventA
SetErrorMode
SetUnhandledExceptionFilter
lstrcmpiA
Process32First
GetCurrentThreadId
CreateEventA
GetWindowsDirectoryA
GetTickCount
SleepEx
ExitThread
OpenProcess
FreeLibrary
CreateRemoteThread
GetCurrentProcess
lstrcpyA
CreateProcessA
LocalFree
SetLastError
GetLastError
InitializeCriticalSection
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
lstrlenA
DeleteFileA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
LoadLibraryA
GetProcAddress
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
WaitForMultipleObjects

advapi32

RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
DeleteService
CloseServiceHandle
RegisterServiceCtrlHandlerA

shlwapi

SHDeleteKeyA

msvcrt

_initterm
_strnicmp
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
_except_handler3
strncpy
strrchr
malloc
strtok
strncat
strchr
realloc
atoi
wcstombs
_beginthreadex
calloc
free
??1type_info@@UAE@XZ
_strcmpi
_adjust_fdiv

ws2_32

setsockopt
connect
htons
gethostbyname
socket
select
recv
WSACleanup
send
inet_addr
gethostname
sendto
inet_ntoa
getsockname
WSAStartup
closesocket

Exports

Exports

DLLEntryPoint
QQ490709490
WenZi
createComInstance
gabMsgBuf
showVerifyCodeDialog

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cfda2f98ec00ccbf39d552b1434be71

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB