4f4723b0d5e0ea30f2a63a3e29cc5400_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

4f4723b0d5e0ea30f2a63a3e29cc5400_NeikiAnalytics
Size

567KB
MD5

4f4723b0d5e0ea30f2a63a3e29cc5400
SHA1

97d3fbf1270884713246a43247653ade5ad905a8
SHA256

0e0e0ec6164c0ce9c4b5416c7417afb28cd4cbc231e75d37d20277f7ed388da3
SHA512

c16fda0b7d41df3f6ee82278ee528d77c73c51fa9beb4d151627045bf4aa0e5469e5d2e5dc52ebc151d95bac01d04ac4a68b219287c603c43aaeae71e3627539
SSDEEP

12288:rsQvmXR9cd3XVpH3s+WTDTzRlM0zpV3U:rmenM5TDplnNRU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f4723b0d5e0ea30f2a63a3e29cc5400_NeikiAnalytics

Files

4f4723b0d5e0ea30f2a63a3e29cc5400_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

5261d1f1a3718d587299d253f4cc6e66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\VSTPlugins\TransientMonster.pdb

Imports

kernel32

WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetCPInfo
LCMapStringA
LCMapStringW
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
WriteFile
GetStdHandle
SetHandleCount
SizeofResource
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
CloseHandle
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
LoadResource
FindResourceA
LockResource
GetCurrentProcessId
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetFileType
LeaveCriticalSection

user32

GetWindowRect
ShowWindow
SetTimer
SetWindowTextA
SetCapture
GetWindowLongA
SendMessageA
ReleaseCapture
GetClassNameA
UnregisterClassA
TrackMouseEvent
GetParent
GetCapture
EnumWindows
LoadCursorA
DestroyWindow
UpdateWindow
CallWindowProcA
GetKeyState
SetWindowLongA
GetWindowThreadProcessId
RegisterClassA
InvalidateRect
EndPaint
DrawTextA
BeginPaint
DefWindowProcA
CreateWindowExA

gdi32

SetTextColor
SetBkMode
CreateFontIndirectA
SelectObject
DeleteObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
BitBlt

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

shell32

ShellExecuteA

Exports

Exports

VSTPluginMain
main

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5261d1f1a3718d587299d253f4cc6e66

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 276KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 192KB - Virtual size: 192KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 276KB - Virtual size: 276KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 192KB - Virtual size: 192KB

.reloc
Size: 17KB - Virtual size: 17KB