38dda0f79eff76f2c3467a213e7f2cd0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

38dda0f79eff76f2c3467a213e7f2cd0_NeikiAnalytics
Size

164KB
MD5

38dda0f79eff76f2c3467a213e7f2cd0
SHA1

46c409f4a72725dd85f52b3827f29443bd3f84d1
SHA256

5a85150f08e7b000bf73f30cc087dd85ceb5d5a87e3e26bcfc3a1ef3b4092943
SHA512

6cb005a2535a9b57dbf59e6279a9f66219a29a470b67a839ebdf64c27ecfbd4cb813e2a151ea6261740e570a96a7fbf4f7c51c25c38aef3b0fc35f3bd3e5ea5e
SSDEEP

3072:xTYm4vwR9iRRhJo2YEAa3JHhooxcXbscd00XfvXyU7Y1Gf/dip:74IRIYZa3JELscdlaU8sf/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38dda0f79eff76f2c3467a213e7f2cd0_NeikiAnalytics

Files

38dda0f79eff76f2c3467a213e7f2cd0_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

de85b92a41a41527fd75d83afcd5a4b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForMultipleObjects
CreateThread
CreateEventA
AllocConsole
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
SetEvent
WritePrivateProfileStringA
WaitForSingleObject
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersion
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
WriteConsoleA
InitializeCriticalSection
DeleteCriticalSection
GetLastError
FlushFileBuffers
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
CreateFileA
CloseHandle
SetStdHandle
SetFilePointer
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

wsock32

closesocket
recv
send
ioctlsocket
htons
socket
connect
setsockopt
WSAStartup
WSACleanup

Exports

Exports

HSM_DianLi_ZhuZhan_EncryptData
HSM_DianLi_ZhuZhan_GanerateRandData
HSM_DianLi_ZhuZhan_GenerateMAC
HSM_GetHSM
IdentityAuthentication
InCreasePurse
KeyUpdate
Maccheck
Parameter1
Parameter2
ParameterElseUpdate
ParameterUpdate
UserControl
selfTest

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de85b92a41a41527fd75d83afcd5a4b7

Headers

File Characteristics

Imports

kernel32

wsock32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 21KB

.reloc Size: 8KB - Virtual size: 4KB

.rmnet Size: 88KB - Virtual size: 88KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 21KB

.reloc
Size: 8KB - Virtual size: 4KB

.rmnet
Size: 88KB - Virtual size: 88KB