afef41f5697e85faf337fffea4bdb2c0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

afef41f5697e85faf337fffea4bdb2c0_NeikiAnalytics
Size

9.7MB
MD5

afef41f5697e85faf337fffea4bdb2c0
SHA1

24c0304a86487820cea354b0a4b2380a7996cb83
SHA256

b5aad1bf2d608bf1823158c434eb8115f412f7b24d704da03f8bc1583db0c199
SHA512

e2bd6408e34b83db1d66df65433127e18eaae100d874eaed4df282d25d907795bee7be0c6b86f0047d92cd33ebf6b56409c2782f7c329dbec317f11a0211fa1e
SSDEEP

196608:/RvLnbAvt1BDJFvygy0vh7VRu9icsjFrctqxHvF7X2s:/9nMvt1BD7vygy0vh7VRu9icsjFws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afef41f5697e85faf337fffea4bdb2c0_NeikiAnalytics

Files

afef41f5697e85faf337fffea4bdb2c0_NeikiAnalytics
.exe windows:4 windows x64 arch:x64

1fb09d6a01abdc0017757366763d0bb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ChangeServiceConfig2A
CloseEventLog
CloseServiceHandle
ControlService
CreateServiceA
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeleteService
DeregisterEventSource
LookupAccountSidA
NotifyChangeEventLog
OpenEventLogA
OpenSCManagerA
OpenServiceA
ReadEventLogA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegisterEventSourceW
RegisterServiceCtrlHandlerA
ReportEventW
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectW
SelectObject

kernel32

AssignProcessToJobObject
CloseHandle
CopyFileA
CreateEventA
CreateJobObjectA
CreateMutexA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetVersionExW
GetWindowsDirectoryA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadCodePtr
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SystemTimeToFileTime
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcatA
lstrlenW

msvcrt

__C_specific_handler
___lc_codepage_func
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chdir
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst64
_fmode
_fstat64
_fullpath
_getch
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_setmode
_snprintf
_snwprintf
_stat64
_stricmp
_strnicmp
_sys_nerr
_time64
_unlock
_vsnwprintf
_wfopen
_write
abort
atof
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
qsort
raise
rand
realloc
remove
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
system
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vsprintf
wcscat
wcschr
wcscoll
wcscpy
wcsftime
wcslen
wcsncat
wcsstr
wcstombs
wcsxfrm
_findnext64
_write
_stricmp
_strdup
_rmdir
_read
_putenv
_open
_mkdir
_fileno
_fdopen
_close

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoGetObject
CoInitialize
CoUninitialize

oleaut32

GetActiveObject
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantChangeType
VariantClear
VariantInit

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
wsprintfA

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASend
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fb09d6a01abdc0017757366763d0bb9

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

ole32

oleaut32

psapi

user32

ws2_32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 96KB - Virtual size: 95KB

.rdata Size: 374KB - Virtual size: 373KB

.pdata Size: 98KB - Virtual size: 97KB

.xdata Size: 124KB - Virtual size: 123KB

.bss Size: - Virtual size: 22KB

.idata Size: 12KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 820B

/4 Size: 41KB - Virtual size: 41KB

/19 Size: 2.6MB - Virtual size: 2.6MB

/31 Size: 150KB - Virtual size: 150KB

/45 Size: 277KB - Virtual size: 276KB

/57 Size: 179KB - Virtual size: 179KB

/70 Size: 55KB - Virtual size: 54KB

/81 Size: 1.6MB - Virtual size: 1.6MB

/92 Size: 356KB - Virtual size: 355KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 96KB - Virtual size: 95KB

.rdata
Size: 374KB - Virtual size: 373KB

.pdata
Size: 98KB - Virtual size: 97KB

.xdata
Size: 124KB - Virtual size: 123KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 12KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 820B

/4
Size: 41KB - Virtual size: 41KB

/19
Size: 2.6MB - Virtual size: 2.6MB

/31
Size: 150KB - Virtual size: 150KB

/45
Size: 277KB - Virtual size: 276KB

/57
Size: 179KB - Virtual size: 179KB

/70
Size: 55KB - Virtual size: 54KB

/81
Size: 1.6MB - Virtual size: 1.6MB

/92
Size: 356KB - Virtual size: 355KB