02a9bf9a5d6415515002fde2cdd55d50_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

02a9bf9a5d6415515002fde2cdd55d50_NeikiAnalytics
Size

5.1MB
MD5

02a9bf9a5d6415515002fde2cdd55d50
SHA1

055e72d22e0111c1ebf244412c7d6793a5dae9ed
SHA256

476b28619931e78e614906cefcc47b4a0ee78f89a5ffa1e2df7e0dcc62d24da1
SHA512

85e3ecb3df25f00d6790fd27a91be731a19703b0a945940054958eb699f4b5b06bba5de5b3c0fb88153abdecc21515ec1310e405bdde6894e780420e11ef24d5
SSDEEP

49152:AeIgspMwmhrIYRmnFtvzII6Fwd/r1J4x/desTc/66GJWDjesXQJC8dnnuaudlDhq:AIciIESLmLpwyRo0JvhMDhUv/ocKK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02a9bf9a5d6415515002fde2cdd55d50_NeikiAnalytics

Files

02a9bf9a5d6415515002fde2cdd55d50_NeikiAnalytics
.exe windows:10 windows x64 arch:x64

148ab879c4e83a056858a141d9ad436b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sppsvc.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegCloseKey
RegDeleteValueW
FreeSid
ConvertStringSidToSidW
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
SetServiceStatus
EventWriteTransfer
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
ReportEventW
CryptGenRandom
DeregisterEventSource
CryptReleaseContext
CryptAcquireContextW
RegFlushKey
RegOpenKeyW
OpenServiceW
OpenSCManagerW
LsaFreeMemory
StartServiceW
CloseServiceHandle
QueryServiceStatusEx
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
ConvertSidToStringSidW
LookupAccountNameW
NotifyServiceStatusChangeW
GetTokenInformation
EqualSid
OpenProcessToken
RegEnumKeyExW
EventSetInformation
EventRegister
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptGenKey
CryptEncrypt
CryptDecrypt
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGetHashParam
EventUnregister

kernel32

UnmapViewOfFile
DeleteTimerQueueEx
CreateTimerQueue
GetEnvironmentVariableW
SetEnvironmentVariableW
TerminateProcess
HeapSetInformation
RegisterWaitForSingleObject
DeleteTimerQueue
UnregisterWaitEx
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
ReadFile
SystemTimeToFileTime
CompareFileTime
DeleteFileW
QueueUserWorkItem
GetFileAttributesW
GetCurrentProcessId
OpenProcess
SetFileAttributesW
WriteFile
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSizeEx
ChangeTimerQueueTimer
GetSystemDirectoryW
GetVersionExA
CreateDirectoryW
GetSystemTimeAsFileTime
WideCharToMultiByte
K32GetProcessImageFileNameW
SetLastError
VirtualFree
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
RaiseFailFastException
GetModuleHandleW
RtlDeleteFunctionTable
CreateFileW
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
CreateEventW
DeleteCriticalSection
DecodePointer
DeleteTimerQueueTimer
GetSystemInfo
GetVersionExW
LCMapStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TryAcquireSRWLockExclusive
InitializeSRWLock
SetFilePointer
FlushFileBuffers
GetModuleHandleA
CopyFileW
MoveFileExW
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
FileTimeToSystemTime
LocalAlloc
LocalFree
CloseHandle
GetLastError
CreateMutexW
OpenMutexW
WaitForSingleObject
ReleaseMutex
OpenThread
GetCurrentThread
DuplicateHandle
GetCurrentProcess
GetThreadPriority
SetThreadPriority
DeviceIoControl
SleepEx
FormatMessageW
VirtualQuery
SetEvent
ReleaseSemaphore
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
GetLocaleInfoW
GetSystemFirmwareTable
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetNativeSystemInfo
GetFileSize
RaiseException
GetModuleFileNameW
ExpandEnvironmentStringsW
Sleep
LeaveCriticalSection
GetComputerNameW
EnterCriticalSection
GetSystemTime
CreateTimerQueueTimer
GetCurrentThreadId

msvcrt

_ui64tow_s
_itow
_wtoi
malloc
free
__C_specific_handler
swscanf
memchr
memcmp
memcpy
_vsnwprintf
?terminate@@YAXXZ
_onexit
__dllonexit
memmove
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
wcscmp
swscanf_s
wcstoul
_errno
_wtof
wcsstr
memset
_unlock
_XcptFilter
memcpy_s
_wcsnicmp
_purecall
towlower
wcschr
sscanf_s
wcsncmp
_wcsicmp

rpcrt4

RpcServerInterfaceGroupClose
RpcServerInqCallAttributesW
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
UuidToStringW
I_RpcMapWin32Status
UuidFromStringW
RpcRaiseException
RpcStringFreeW
I_RpcBindingInqLocalClientPID
UuidCreate
RpcRevertToSelfEx
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
RpcNetworkIsProtseqValidW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal

bcrypt

BCryptDestroyKey
BCryptGenRandom

crypt32

CryptQueryObject
CryptImportPublicKeyInfoEx2
CertFreeCertificateContext

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

cryptxml

CryptXmlGetReference
CryptXmlVerifySignature
CryptXmlGetDocContext
CryptXmlOpenToDecode
CryptXmlGetStatus
CryptXmlClose
CryptXmlGetSignature

ntdll

NtQueryInformationThread
NtSetInformationThread
RtlQueryPackageClaims
NtQueryObject
RtlInitUnicodeString
RtlEqualUnicodeString
NtQuerySystemInformation
NtLockProductActivationKeys

ole32

CoCreateInstance

oleaut32

SafeArrayDestroy
VariantInit
SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantClear
SysAllocString

xmllite

CreateXmlReader

pkeyhelper

IsDefaultPKey

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

148ab879c4e83a056858a141d9ad436b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rpcrt4

api-ms-win-core-version-l1-1-0

api-ms-win-core-com-l1-1-0

bcrypt

crypt32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

cryptxml

ntdll

ole32

oleaut32

xmllite

pkeyhelper

api-ms-win-eventing-classicprovider-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

?g_Encry Size: 12KB - Virtual size: 11KB

?g_Encry Size: 12KB - Virtual size: 11KB

?g_Encry Size: 12KB - Virtual size: 11KB

?g_Encry Size: 12KB - Virtual size: 11KB

.rdata Size: 620KB - Virtual size: 616KB

.data Size: 48KB - Virtual size: 52KB

.pdata Size: 100KB - Virtual size: 96KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 3.7MB - Virtual size: 3.7MB

?g_Encry
Size: 12KB - Virtual size: 11KB

?g_Encry
Size: 12KB - Virtual size: 11KB

?g_Encry
Size: 12KB - Virtual size: 11KB

?g_Encry
Size: 12KB - Virtual size: 11KB

.rdata
Size: 620KB - Virtual size: 616KB

.data
Size: 48KB - Virtual size: 52KB

.pdata
Size: 100KB - Virtual size: 96KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 596KB - Virtual size: 600KB