5bf4b12775cef082c8de085857f93ca0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

5bf4b12775cef082c8de085857f93ca0_NeikiAnalytics
Size

48KB
MD5

5bf4b12775cef082c8de085857f93ca0
SHA1

d0d49bf03b254e6de31f99af4bb00a80f648eb88
SHA256

b9e4e3aa426d552cb138be337b56848fc42cc0f76ddbc490fcdcf2a5c4e864af
SHA512

a456240ca2db5e950182d9f67e218bf10eed353e76554d2a599640b88e8e6c81a71b27d48e9477e8bcd06fed0a04019a1c6be800737d3326a95b5a49a228bbc5
SSDEEP

768:Tl/p2Fk/JZ8LzeLE6bvt1ohMQhAQ/XPCNSauRx15fQvtRb+WTqaQYtS2:hpdRgmE6bvt1gJAQfKNxBqaQv2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf4b12775cef082c8de085857f93ca0_NeikiAnalytics

Files

5bf4b12775cef082c8de085857f93ca0_NeikiAnalytics
.dll regsvr32 windows:4 windows x86 arch:x86

419a94c8252e76dfb428209ea9132d33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord1128
ord2717
ord3948
ord6466
ord800
ord861
ord540
ord823
ord665
ord561
ord535
ord537
ord4199
ord860
ord3122
ord3611
ord3733
ord538
ord354
ord3658
ord5193
ord1089
ord3917
ord5727
ord600
ord269
ord2504
ord2546
ord4480
ord6371
ord815
ord4269
ord4075
ord4418
ord825
ord4616
ord3826
ord3074
ord3820
ord3076
ord3825
ord2971
ord3131
ord2980
ord3257
ord3142
ord4459
ord3254
ord5285
ord2977
ord5710
ord4074
ord5303
ord4692
ord3341
ord5298
ord5296
ord2388
ord5647
ord826
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1165
ord1173
ord1115
ord1568

msvcrt

_close
_lseek
vswprintf
strncmp
_wcsicmp
_wopen
memcmp
memset
free
__CxxFrameHandler
_purecall
memcpy
swprintf
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
wcslen
strlen
malloc
realloc
_read

kernel32

GetLastError
SizeofResource
lstrlenA
LoadResource
FreeLibrary
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
InterlockedDecrement
GetShortPathNameW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryExW
DeleteCriticalSection
lstrcpynW
HeapDestroy
lstrcmpiW
LoadLibraryW
lstrcpyW
GetProcAddress
GetUserDefaultLangID
WideCharToMultiByte
lstrcatW
LocalFree
LocalAlloc
FindResourceW

user32

CharNextW

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

419a94c8252e76dfb428209ea9132d33

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB