72048800591255f503f58a693c91c610_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

72048800591255f503f58a693c91c610_NeikiAnalytics
Size

1.1MB
MD5

72048800591255f503f58a693c91c610
SHA1

91a00298f3e6b1bca5300f9d4fdcd286d4f18ac6
SHA256

4618b30c47316dd3b26093601c2fe29fd953a6d89475e20a127b8444704cae34
SHA512

bbccea4022d08471527ee07eb9b3383658125ea152dc0c76c3553e198a860135512ac6ebf7175c4e79a844ad202af077d83e5d89222bc09477015fd09f1b1551
SSDEEP

24576:d4Go5ihOdYE5DXKXE5dWCNwWJOcw7jXO+ZEWHsdpITWQZoxQ2azpokTPuMHo23x2:dNY9TRacw7MdaTWnPatPTP9HoWxpps8y

Score

1^/10

Malware Config

Signatures

Files

72048800591255f503f58a693c91c610_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

18501ebe3602b51337d4d1f92772a295

Code Sign

27:be:5d:c8:e1:2d:dc:fd:72:95:35:cc:9b:20:dd:4b:86:77:ac:1f
Signer

Actual PE Digest

27:be:5d:c8:e1:2d:dc:fd:72:95:35:cc:9b:20:dd:4b:86:77:ac:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\37WanWork\delphicode\vcLander\landers\04代码\bin\lander.pdb

Imports

kernel32

FindNextFileW
FindClose
InterlockedExchange
CreateEventW
SetEvent
CreateFileW
WriteFile
TerminateThread
ReadFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemInfo
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
FindFirstFileW
GetACP
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitProcess
ExitThread
VirtualQuery
VirtualProtect
GetDateFormatA
GetTimeFormatA
GetFileAttributesA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrlenA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
WideCharToMultiByte
GetVersionExW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTempPathW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReleaseMutex
CreateMutexW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
CreateDirectoryW
WaitForSingleObject
CreateProcessW
lstrcpyA
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MoveFileW
GetTickCount
GetCommandLineW
CreateThread
CloseHandle
DeleteFileW
GlobalAddAtomW
CopyFileW
GetLocalTime
lstrcmpW
MulDiv
GlobalAlloc
InitializeCriticalSection
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
GetLastError
GetModuleFileNameW
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetOEMCP

user32

SetLayeredWindowAttributes
GetWindowLongW
SetWindowLongW
SetWindowPos
SendMessageW
UnregisterClassA
SetFocus
DefWindowProcW
GetKeyState
OffsetRect
ShowWindow
ExitWindowsEx
PtInRect
SetCursor
LoadImageW
DrawTextW
InflateRect
GetParent
IsChild
UpdateWindow
SystemParametersInfoW
PeekMessageW
GetMessageW
MessageBoxW
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
CharNextW
GetSysColor
GetClassNameW
IsWindow
GetDlgItem
GetWindow
GetFocus
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
PostMessageW
SetTimer
KillTimer
IsWindowVisible
LoadIconW
TranslateMessage
DispatchMessageW
LoadStringW
PostQuitMessage
SetWindowRgn
EnableWindow
SetWindowPlacement
GetSystemMetrics
GetWindowPlacement
UnregisterHotKey
RegisterHotKey
CopyRect
TrackPopupMenu
GetCursorPos
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
SetForegroundWindow
IsIconic

gdi32

StretchBlt
RestoreDC
SetTextColor
SetBkMode
SaveDC
SetDIBColorTable
CreateRoundRectRgn
SetBkColor
CreateFontW
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
DeleteDC
CreateDIBSection

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
IsTextUnicode
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize

oleaut32

SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VarUI4FromStr
SysAllocStringLen
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
StrCmpW
StrCpyW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImagePixelFormat

wininet

HttpSendRequestW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW

winmm

waveOutSetVolume
waveOutClose
waveOutGetVolume
waveOutOpen
PlaySoundW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 818KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18501ebe3602b51337d4d1f92772a295

Code Sign

27:be:5d:c8:e1:2d:dc:fd:72:95:35:cc:9b:20:dd:4b:86:77:ac:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wininet

winmm

iphlpapi

Sections

.text Size: 818KB - Virtual size: 817KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 15KB - Virtual size: 33KB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 50KB - Virtual size: 50KB

27:be:5d:c8:e1:2d:dc:fd:72:95:35:cc:9b:20:dd:4b:86:77:ac:1f
Signer

.text
Size: 818KB - Virtual size: 817KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 15KB - Virtual size: 33KB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 50KB - Virtual size: 50KB