207af26e9103ab8ef53909d015d8f2e0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

207af26e9103ab8ef53909d015d8f2e0_NeikiAnalytics
Size

832KB
MD5

207af26e9103ab8ef53909d015d8f2e0
SHA1

737df5bea650a3b97dddd119831ec48e6fcd4aca
SHA256

20c779c8e254a45589f4f1c3aa4fc3a9ef9c2ffb3521c2d076f13d761699d1b6
SHA512

f0e5d18829b46347a87cb0e76684e9e03035b34907ac0d6aac38d68887b2f65b7eea4886381bf3de5da93a51bd6d6f74ac7112b5e6d7ac80e1caeb17b3e08633
SSDEEP

6144:Hjdu/+P5a/5u2gjreVPqZeabQSPi6nOy47WVu4q65694xIoqe7Y1XTW3WLXhLN4:/a/5d+0PqZe+vPWY76ku13cuzYaDo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
207af26e9103ab8ef53909d015d8f2e0_NeikiAnalytics

Files

207af26e9103ab8ef53909d015d8f2e0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

d080fb0fe316581721f23c7a66697ee7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\DailyBuild\sources\NeroBackItUp_OCTANE_RELEASE\NeroBackItUp\NBService\UnicodeRelease\NBService.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCommandLineW
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetCurrentThreadId
lstrcatW
lstrcpynW
GetCurrentThread
GetCurrentProcess
CloseHandle
LocalAlloc
LocalFree
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcpyW
lstrlenW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange
ExitProcess
GetVersionExA
WaitForMultipleObjects
CreateSemaphoreW
SetEvent
ResetEvent
CreateEventW
ReleaseSemaphore
WaitForSingleObject
BackupSeek
BackupWrite
BackupRead
SetFilePointer
GetFileSize
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
WriteFile
ReadFile
CreateFileW
GetVolumeInformationW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
IsBadReadPtr
IsBadStringPtrW
IsBadStringPtrA
CompareStringW
WideCharToMultiByte
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
FindNextFileW
SetLastError
FindClose
FindFirstFileW
GetDiskFreeSpaceW
GetDriveTypeW
GetFileAttributesW
MoveFileW
ExpandEnvironmentStringsW
CopyFileW
FormatMessageW
GetLogicalDriveStringsW
GetTempPathW
DeleteFileW
GetTempFileNameW
IsBadWritePtr

user32

GetMessageW
LoadStringW
UnregisterClassW
MessageBoxW
CharNextW
UnregisterClassA
FindWindowW
PostThreadMessageW
DispatchMessageW

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
QueryServiceConfigW
QueryServiceStatus
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
LogonUserW
RegCreateKeyW
GetUserNameW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoUninitialize
CoRevokeClassObject
StringFromGUID2
StringFromCLSID
CoCreateGuid

oleaut32

SysAllocString
VariantClear
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysFreeString
SysStringLen
VariantInit

shlwapi

PathFindExtensionW

msvcp71

?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?_Id_cnt@id@locale@std@@0HA
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?_Xran@_String_base@std@@QBEXXZ
?_Nomemory@std@@YAXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

msvcr71

_wcsnicmp
_wcsupr
_wcslwr
_wcsrev
iswspace
wcschr
wcsrchr
wcscat
wcscpy
wcscmp
_wcsicmp
wcsstr
wcspbrk
vswprintf
wcsncmp
iswdigit
_wtoi
strncpy
isspace
floor
localtime
swscanf
mktime
wcsftime
_wfullpath
_wsplitpath
_mbsupr
_mbsinc
_mbsrchr
?swprintf@@YAHPAGIPBGZZ
iswascii
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
_except_handler3
__CxxFrameHandler
free
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
_resetstkoflw
fclose
realloc
wcsncpy
_wfopen
_purecall
fwrite
wcslen
fflush
memcpy
malloc
memcmp
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??_V@YAXPAX@Z
??3@YAXPAX@Z
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ

winmm

PlaySoundW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d080fb0fe316581721f23c7a66697ee7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

winmm

version

shell32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 612KB - Virtual size: 612KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 612KB - Virtual size: 612KB