82f94489763c11d85bdb79072f668f00_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

82f94489763c11d85bdb79072f668f00_NeikiAnalytics
Size

400KB
MD5

82f94489763c11d85bdb79072f668f00
SHA1

2efa79eff2485482214f1b1388f7c7811b3cf970
SHA256

d9a14cdf34a33b717d37930f4892ba696f4ea0acb5c2c8d745cac7f61c215504
SHA512

d8d1630b8758f20055b628407ddfd72c6f27e26ff1e2ece8173e96bae0c616c3620f18b4da798177f6e66db698054ab67b3be1f6abe560de2e6469fc18a3ec38
SSDEEP

12288:KEAA95OWHEaFuLF3Hg/GF/4GW9qSTRUmK2:KEjkaVGFHW9HVK2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82f94489763c11d85bdb79072f668f00_NeikiAnalytics

Files

82f94489763c11d85bdb79072f668f00_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

c1241ce55d89ef03f88b81b4681e717e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\workspace\EGWin\bin\Release\pdbs\EGMonitor.pdb

Imports

util

fnGetCommonAppDataPath
fnProcessNativeMsg
fnInstallNewtab
fnRepairBrowserPlugins
fnSetAssociation
fnGetAssociation
fnGetAppPath

ws2_32

inet_ntoa

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidFromStringW

sqlite3

sqlite3_step
sqlite3_prepare
sqlite3_open
sqlite3_close
sqlite3_column_text

kernel32

InterlockedIncrement
GetPrivateProfileStringW
DebugBreak
OutputDebugStringW
lstrlenA
WritePrivateProfileStringW
GetProcAddress
GetModuleHandleW
SetLastError
CloseHandle
GetModuleFileNameW
GetSystemWindowsDirectoryW
CopyFileW
MoveFileExW
GetTickCount
Sleep
CreateFileW
CreateEventW
DeviceIoControl
GetLastError
GetOverlappedResult
DeleteFileW
LoadLibraryW
FreeLibrary
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
AllocConsole
FreeConsole
GetFileAttributesW
CreateMutexW
ReleaseMutex
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
InterlockedDecrement
GlobalAddAtomW
WaitForSingleObject
WideCharToMultiByte
QueryDosDeviceW
SetEvent
InterlockedCompareExchange
OpenMutexW
OpenProcess
InterlockedExchange
ResetEvent
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
LoadLibraryA
DecodePointer
HeapReAlloc
HeapSize
GetFileType
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
WriteFile
GetStdHandle
RtlUnwind
GetStartupInfoW
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
lstrlenW
IsValidLocale
GetUserDefaultLCID
SetEndOfFile
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
CreateThread
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
EncodePointer
GetStringTypeW

user32

LoadStringW
CharNextW
DefWindowProcW
PostQuitMessage
DestroyWindow
GetAsyncKeyState
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
PostMessageW
UnregisterHotKey
RegisterHotKey

advapi32

RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
RegQueryInfoKeyW
DeleteService
QueryServiceStatusEx
ControlService
CloseServiceHandle
QueryServiceStatus
StartServiceW
CreateServiceW
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathCombineW
PathFileExistsW
PathRemoveExtensionW
PathAppendW
PathUnquoteSpacesW
PathAddExtensionW
PathRemoveFileSpecW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetModuleFileNameExW

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1241ce55d89ef03f88b81b4681e717e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

util

ws2_32

setupapi

version

rpcrt4

sqlite3

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

userenv

psapi

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 79KB - Virtual size: 80KB

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 79KB - Virtual size: 80KB