0a6a238abb9c555cbd434062939aa1b0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

0a6a238abb9c555cbd434062939aa1b0_NeikiAnalytics
Size

4.5MB
MD5

0a6a238abb9c555cbd434062939aa1b0
SHA1

ffdc298198db9219a3f872c3016effef50d56320
SHA256

4b99415013d1c944650be994b08a95f8057bbb3d1d49d1cd1e3360486c09cd1f
SHA512

250754cb31e712aae3e5eff38cb40679116a8401251e48041d0d3347308f9a7668931054cdb565d9d634f2fb3f8a17cdafa11c1972de96dbf50025df3ed62945
SSDEEP

98304:gcehM5f7Cv4vuVjMtkyi/K7R+s8qzL6TNaZ3GxBdY:dIMRA4v2Mx5j8qzL6TNaZ3GxM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a6a238abb9c555cbd434062939aa1b0_NeikiAnalytics

Files

0a6a238abb9c555cbd434062939aa1b0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

8d6a1206b94e842796e0ccc852c91c88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Drive1\temp\buildwar3x\War3\Tools\WorldEdit\Temp\Release\WorldEdit.pdb

Imports

kernel32

CreateFileA
SetLastError
ReadFile
SetFilePointer
WriteFile
GetFileSize
GetFileTime
DeleteFileA
SetEndOfFile
FreeLibrary
VirtualFree
VirtualUnlock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
VirtualLock
VirtualAlloc
GetProcAddress
LoadLibraryA
GetDiskFreeSpaceA
GetCurrentDirectoryA
GetLogicalDriveStringsA
GetDriveTypeA
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
WaitForSingleObject
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
WaitForMultipleObjects
ReleaseSemaphore
CreateMutexA
OpenMutexA
ReleaseMutex
CreateSemaphoreA
InterlockedIncrement
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
OpenEventA
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringA
FindFirstFileA
FindNextFileA
FindClose
SetCurrentDirectoryA
RemoveDirectoryA
CreateDirectoryA
CopyFileA
MoveFileA
SetFileAttributesA
GetFileAttributesA
SetFileTime
FlushFileBuffers
GetWindowsDirectoryA
GetModuleFileNameA
GetCommandLineA
LocalFree
FormatMessageA
GetACP
GetProcessHeaps
HeapWalk
HeapLock
HeapUnlock
SetThreadPriority
GetCurrentThread
GetThreadPriority
CreateEventA
GlobalMemoryStatus
GetComputerNameA
GetVersionExA
Sleep
GetSystemInfo
WideCharToMultiByte
GetLastError
MultiByteToWideChar
GetModuleHandleA
CloseHandle
SetEvent
InterlockedDecrement
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
TerminateThread
QueryPerformanceFrequency
ResumeThread
GetTickCount
SuspendThread
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
CreateProcessA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GlobalUnlock

wininet

InternetCanonicalizeUrlA

storm

ord569
ord509
ord570
ord302
ord571
ord507
ord508
ord405
ord506
ord551
ord572
ord552
ord465
ord503
ord289
ord517
ord501
ord578
ord272
ord542
ord541
ord548
ord544
ord545
ord577
ord510
ord421
ord424
ord428
ord426
ord300
ord263
ord268
ord291
ord293
ord252
ord266
ord422
ord425
ord264
ord275
ord281
ord406
ord288
ord579
ord423
ord461
ord470
ord469
ord271
ord580
ord537
ord534
ord525
ord524
ord575
ord574
ord463
ord462
ord267
ord265
ord269
ord253
ord504
ord581
ord476
ord479
ord474
ord472
ord279
ord590
ord280
ord595
ord401
ord403
ord563

ijl15

ord3
ord2
ord5
ord4

msvcr80

_HUGE
strchr
strcspn
_stricmp
toupper
strrchr
_except_handler3
strncpy
fopen
_control87
_clearfp
_purecall
memcpy
rand
srand
_controlfp_s
_vsnprintf
putc
memmove
__CxxFrameHandler
fputs
fputc
vfprintf
fprintf
__iob_func
exit
?raw_name@type_info@@QBEPBDXZ
fwrite
fclose
memset
__CxxFrameHandler3
_beginthreadex
setvbuf
_CIlog10
strtoul
strtol
_ctime64
_time64
iswspace
ceil
_CIsqrt
_CItan
floor
strncmp
isalnum
isdigit
qsort
malloc
realloc
free
fread
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
fseek
_CIfmod
atoi
_ismbcspace
_CIacos
_CIatan2
_CIasin
sprintf
_CIatan
isupper
_CIexp
_CIcos
strstr
sscanf
_CIsin
atof
printf
_CIpow
ftell
strspn

imm32

ImmGetConversionStatus
ImmGetCandidateListA
ImmNotifyIME
ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext
ImmAssociateContextEx
ImmAssociateContext
ImmGetOpenStatus

comctl32

ImageList_GetImageCount
ImageList_DragEnter
ImageList_Add
ImageList_DragLeave
ImageList_EndDrag
ImageList_Replace
ImageList_DragMove
_TrackMouseEvent
ImageList_Create
ImageList_DragShowNolock
ImageList_BeginDrag
InitCommonControlsEx
ImageList_Destroy

opengl32

glVertexPointer
glNormalPointer
glNormal3fv
glColorPointer
glDrawElements
glTexCoordPointer
glViewport
glDepthRange
glScissor
glMatrixMode
glLoadMatrixf
glFinish
wglSwapLayerBuffers
glReadBuffer
glReadPixels
glClearColor
glClear
glPolygonOffset
glMaterialfv
glLightModelfv
glTexGeni
glColorMaterial
glLightfv
glLightf
glDepthFunc
glDrawBuffer
glFogi
glFogf
glFogfv
glDepthMask
glTexEnvi
glDisable
glDisableClientState
glEnable
glBlendFunc
glAlphaFunc
glGenTextures
glBindTexture
glTexParameteri
glPixelStorei
glTexImage2D
glTexSubImage2D
glDeleteTextures
wglGetProcAddress
glGetIntegerv
glGetString
wglDeleteContext
wglCreateContext
wglMakeCurrent
glEnableClientState

user32

GetFocus
GetWindowInfo
SetWindowPos
InvalidateRect
IsWindowEnabled
IsWindowVisible
GetWindowTextLengthA
EmptyClipboard
SetClipboardData
ReleaseDC
GetDC
GetSysColorBrush
GetSysColor
CloseClipboard
GetClipboardData
OpenClipboard
SetScrollInfo
GetScrollInfo
SetWindowLongA
GetWindowLongA
SetScrollPos
LoadCursorA
SetCursor
ShowCursor
GetWindowTextA
DestroyIcon
SetClassLongA
LoadImageA
SetActiveWindow
EnableWindow
GetForegroundWindow
GetWindowPlacement
SetWindowPlacement
MessageBeep
GetKeyState
UpdateWindow
EndPaint
FillRect
BeginPaint
ChangeDisplaySettingsA
RegisterClassExA
MapWindowPoints
EnumDisplayDevicesA
EnumDisplaySettingsA
ChangeDisplaySettingsExA
UnregisterClassA
ClipCursor
GetClientRect
ScreenToClient
TranslateMessage
DispatchMessageA
ClientToScreen
SetCursorPos
CreateDialogIndirectParamA
DeleteMenu
TranslateAcceleratorA
MessageBoxA
DrawFocusRect
DrawTextA
SetWindowTextA
PeekMessageA
GetMessageA
IsDialogMessageA
SetParent
SetFocus
GetCursorPos
GetWindowRect
GetParent
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenu
InsertMenuItemA
CreatePopupMenu
CreateMenu
SetCapture
GetMenu
DestroyMenu
SystemParametersInfoA
WindowFromPoint
ReleaseCapture
GetClassLongA
CallWindowProcA
TrackPopupMenu
GetWindow
RegisterClassA
GetDesktopWindow
GetDCEx
ShowWindow
SetForegroundWindow
DefWindowProcA
SendMessageA
CreateWindowExA
GetPropA
SetPropA
RemovePropA
SetTimer
KillTimer
PostMessageA
GetActiveWindow
DestroyWindow
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemInfoA
DrawMenuBar

gdi32

SetPixelFormat
DescribePixelFormat
SetTextAlign
GetDeviceCaps
TextOutW
CreateFontA
GetDeviceGammaRamp
SetDeviceGammaRamp
CreatePen
MoveToEx
LineTo
SelectObject
GetTextExtentPoint32A
CreateRectRgnIndirect
CombineRgn
SetBkMode
GetBkColor
CreateSolidBrush
FillRgn
GetStockObject
SetTextColor
SetBkColor
CreateDIBitmap
DeleteObject
ChoosePixelFormat

advapi32

GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

DragAcceptFiles
DragQueryFileA
FindExecutableA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

wsock32

accept
WSACleanup
send
closesocket
htons
getpeername
getsockname
listen
bind
setsockopt
inet_ntoa
socket
WSAStartup
sendto
recvfrom
WSAGetLastError
recv
ioctlsocket
ntohs
inet_addr
ntohl
gethostbyname
gethostname
connect
select

mss32

_AIL_register_EOS_callback@8
_AIL_set_sample_user_data@12
_AIL_register_3D_EOS_callback@8
_AIL_set_3D_user_data@12
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_sequence_status@4
_AIL_stream_status@4
_AIL_sample_position@4
_AIL_3D_sample_offset@4
_AIL_stream_position@4
_AIL_stream_ms_position@12
_AIL_3D_sample_length@4
_AIL_set_sample_ms_position@8
_AIL_set_stream_ms_position@8
_AIL_set_sample_playback_rate@8
_AIL_sample_playback_rate@4
_AIL_set_3D_sample_playback_rate@8
_AIL_3D_sample_playback_rate@4
_AIL_set_stream_playback_rate@8
_AIL_stream_playback_rate@4
_AIL_set_3D_sample_obstruction@8
_AIL_3D_user_data@8
_AIL_sample_user_data@8
_AIL_stream_user_data@8
_AIL_sequence_user_data@8
_AIL_set_sample_volume@8
_AIL_set_3D_sample_volume@8
_AIL_set_stream_volume@8
_AIL_set_sequence_volume@12
_AIL_DLS_compact@4
_AIL_DLS_load_memory@12
_AIL_pause_stream@8
_AIL_set_stream_loop_count@8
_AIL_set_3D_velocity@20
_AIL_set_sample_pan@8
_AIL_set_stream_pan@8
_AIL_set_3D_sample_cone@16
_AIL_end_sequence@4
_AIL_set_stream_user_data@12
_AIL_end_sample@4
_AIL_allocate_3D_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_allocate_sequence_handle@4
_AIL_close_stream@4
_AIL_release_sequence_handle@4
_AIL_release_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_stop_sequence@4
_AIL_stop_3D_sample@4
_AIL_stop_sample@4
_AIL_resume_3D_sample@4
_AIL_set_3D_sample_loop_count@8
_AIL_set_3D_sample_info@8
_AIL_start_sample@4
_AIL_resume_sample@4
_AIL_set_sample_loop_count@8
_AIL_start_sequence@4
_AIL_resume_sequence@4
_AIL_set_sequence_loop_count@8
_AIL_decompress_ADPCM@12
_AIL_decompress_ASI@24
_AIL_find_DLS@24
_AIL_extract_DLS@28
_AIL_mem_free_lock@4
_AIL_init_sample@4
_AIL_set_named_sample_file@20
_AIL_WAV_info@8
_AIL_sample_ms_position@12
_AIL_close_3D_listener@4
_AIL_close_3D_provider@4
_AIL_DLS_close@8
_AIL_close_XMIDI_driver@4
_AIL_close_digital_driver@4
_AIL_set_3D_sample_distances@12
_AIL_3D_sample_attribute@12
_AIL_set_3D_sample_preference@12
_AIL_open_stream@12
_AIL_register_stream_callback@8
_AIL_set_sequence_user_data@12
_AIL_register_sequence_callback@8
_AIL_end_3D_sample@4
_AIL_set_3D_sample_effects_level@8
_AIL_shutdown@0
_AIL_mem_use_malloc@4
_AIL_mem_use_free@4
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_open_digital_driver@16
_AIL_set_file_callbacks@16
_AIL_open_XMIDI_driver@4
_AIL_DLS_open@28
_AIL_set_3D_orientation@28
_AIL_DLS_unload@8
_AIL_set_3D_position@16
_AIL_digital_CPU_percent@4
_AIL_set_3D_speaker_type@8
_AIL_set_3D_provider_preference@12
_AIL_set_3D_room_type@8
_AIL_set_XMIDI_master_volume@8
_AIL_open_3D_provider@4
_AIL_last_error@0
_AIL_open_3D_listener@4
_AIL_set_3D_distance_factor@8
_AIL_enumerate_3D_providers@12
_AIL_file_type@8
_AIL_MIDI_to_XMI@20
_AIL_init_sequence@12
_AIL_set_3D_sample_occlusion@8
_AIL_sequence_ms_position@12

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d6a1206b94e842796e0ccc852c91c88

Headers

File Characteristics

PDB Paths

Imports

kernel32

wininet

storm

ijl15

msvcr80

imm32

comctl32

opengl32

user32

gdi32

advapi32

shell32

ole32

wsock32

mss32

comdlg32

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 576KB - Virtual size: 575KB

.data Size: 172KB - Virtual size: 500KB

.rsrc Size: 156KB - Virtual size: 193KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 576KB - Virtual size: 575KB

.data
Size: 172KB - Virtual size: 500KB

.rsrc
Size: 156KB - Virtual size: 193KB