2330d3b37f9572571f3792c227081780_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2330d3b37f9572571f3792c227081780_NeikiAnalytics
Size

570KB
MD5

2330d3b37f9572571f3792c227081780
SHA1

1b6055973c27290c1a623c62f7bf7fe60f10899d
SHA256

0c261c21cbf8febed5a3dc14f791ead1ab05c48e12658dc56bd9b1b0cb736bc7
SHA512

fcd4e94533c6739168e1e33b8e94d767c7797eb79e179e89256d02821a304aedf793bd90cb0339314c268a2ae0567dacc09613e5c9d0dc07151c15e063caaf13
SSDEEP

12288:U6H7vwS4JafLc9XE+S9GQEh7+oMNvRfw3sGA5VfaHHJyXkY9BGXhSY6t:U6H7vwlEfLAm95EEoG+LWupyXkY9BYLC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2330d3b37f9572571f3792c227081780_NeikiAnalytics

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

2330d3b37f9572571f3792c227081780_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

eab9f8c930195dfa608984ab694afadf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\davidguan.TENCENT\Downloads\Nsis64-master\Nsis64-master\Release\stubs\stub.pdb

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

MultiByteToWideChar
GetShortPathNameA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
lstrcmpiA
SearchPathA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
MoveFileA
FindNextFileA
GetModuleHandleA
LoadLibraryExA
CloseHandle
DeleteFileA
SetFilePointerEx
GetTickCount
GetFileSizeEx
ReadFile
ExitProcess
SetErrorMode
GetCurrentProcess
GetWindowsDirectoryA
GetCommandLineA
CopyFileA
SetEnvironmentVariableA
GetTempPathA
lstrlenA
lstrcpynA
GlobalLock
GlobalUnlock
LoadLibraryA
GetDiskFreeSpaceA
CreateThread
CreateFileA
GetFileSize
CreateProcessA
GetSystemDirectoryA
lstrcatA
GetProcAddress
RemoveDirectoryA
GetTempFileNameA
GetVersion
lstrcpyA
MulDiv
GetExitCodeProcess
GetFileAttributesA
Sleep
GlobalAlloc
WriteFile
SetFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
CompareFileTime
FreeLibrary
SetFilePointer
lstrcmpA
GetFullPathNameA
IsDebuggerPresent
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA

user32

GetMessagePos
DialogBoxParamA
LoadCursorA
CallWindowProcA
SetClipboardData
IsWindowVisible
GetSystemMetrics
SystemParametersInfoA
OpenClipboard
AppendMenuA
GetClassInfoA
IsDlgButtonChecked
CreatePopupMenu
CheckDlgButton
SetWindowPos
GetSysColor
EndDialog
SetClassLongA
EmptyClipboard
EnableMenuItem
CreateWindowExA
GetWindowLongA
GetAsyncKeyState
IsWindowEnabled
LoadBitmapA
TrackPopupMenu
GetWindowRect
ScreenToClient
RegisterClassA
CloseClipboard
SetCursor
SetDlgItemTextA
GetDlgItemTextA
DispatchMessageA
wvsprintfA
PeekMessageA
CharPrevA
MessageBoxIndirectA
PostQuitMessage
SetForegroundWindow
wsprintfA
FindWindowExA
SendMessageA
SetWindowLongA
InvalidateRect
GetDlgItem
SendMessageTimeoutA
ShowWindow
IsWindow
LoadImageA
EnableWindow
EndPaint
FillRect
DrawTextA
GetClientRect
BeginPaint
DefWindowProcA
CharNextA
ExitWindowsEx
DestroyWindow
SetTimer
CreateDialogParamA
GetSystemMenu
SetWindowTextA
GetDC

gdi32

GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject
SelectObject
SetBkColor
CreateBrushIndirect

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyA
RegEnumValueA
RegDeleteValueA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eab9f8c930195dfa608984ab694afadf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 3.5MB

.CRT Size: 512B - Virtual size: 4B

.ndata Size: - Virtual size: 44KB

.rsrc Size: 21KB - Virtual size: 21KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 3.5MB

.CRT
Size: 512B - Virtual size: 4B

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 21KB - Virtual size: 21KB