3366ec3a966f9b0ca09993a264d964c0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

3366ec3a966f9b0ca09993a264d964c0_NeikiAnalytics
Size

1.7MB
MD5

3366ec3a966f9b0ca09993a264d964c0
SHA1

c8453a0269595f6cf2f057c5e2f296165039ac96
SHA256

b549e358415fa24f9edffc4d7156c68ef7e642f3d2486eac0bd6c331467c17b9
SHA512

623c7e34ec87010a07037e7fd62b50749d62e3ee4c856c70e636242957fb8ebfd6ec208a75282bde0fb1f24fd61b32f8ad6ffb673e2163cf79ac53ed8920c4b7
SSDEEP

49152:KZSpBFpEPcDor/GhUn1qIhn1qJQF8CAtsuSLQ7hIoTv5NyGgpK:KZSpBFaPcDor/GhUn1qIhn1qJQF8CAth

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3366ec3a966f9b0ca09993a264d964c0_NeikiAnalytics

Files

3366ec3a966f9b0ca09993a264d964c0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

21f561a115e43b067b5d6b42dd543414

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

d3dx9_27

D3DXMatrixShadow
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationZ
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXSaveTextureToFileA
D3DXMatrixInverse
D3DXCreateSprite
D3DXCreateFontIndirectA
D3DXCreateEffectFromFileA
D3DXCreateTexture
D3DXMatrixPerspectiveFovLH
D3DXMatrixLookAtLH
D3DXMatrixTranslation
D3DXVec3TransformCoord
D3DXMatrixMultiply
D3DXVec3Normalize
D3DXMatrixRotationY
D3DXVec3TransformNormal

dsound

ord11

dinput8

DirectInput8Create

winmm

timeGetTime

wininet

FtpGetFileA
InternetConnectA
InternetOpenA
FtpPutFileA
InternetCloseHandle

ws2_32

inet_addr
htons
sendto
WSAGetLastError
socket
WSAAsyncSelect
WSACleanup
closesocket
WSAStartup
send
WSASend
recv
gethostbyname
connect

kernel32

UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
HeapSize
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetTimeZoneInformation
GetFileAttributesA
MoveFileA
HeapReAlloc
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsW
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
DeleteFileA
CopyFileA
CloseHandle
ReadFile
CreateFileA
WriteFile
GetFileSize
MultiByteToWideChar
GlobalAlloc
Sleep
FindClose
FindFirstFileA
CreateThread
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
SetFilePointer
lstrlenA
TerminateProcess
SetEvent
InitializeCriticalSection
SetUnhandledExceptionFilter
WideCharToMultiByte
DeleteCriticalSection
SetEndOfFile
GetLocalTime
GetVersionExA
GetEnvironmentStringsW
GetLastError
CreateMutexA
ResumeThread
ResetEvent
SetThreadPriority
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessA
OpenEventA
WaitForSingleObject
CreateEventA
MoveFileExA
GetModuleFileNameA
lstrcatA
CreateDirectoryA
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
TerminateThread
ReleaseMutex
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
ExitProcess
VirtualProtect
IsBadReadPtr
GetSystemDirectoryA
GetModuleFileNameW
OpenFileMappingA
GetCurrentDirectoryA
VirtualQuery
VirtualAlloc
VirtualFree
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
PeekNamedPipe
lstrcpyA
DeviceIoControl
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
GetSystemPowerStatus
lstrcmpA
GetLocaleInfoA
lstrcmpiA
GetSystemInfo
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
IsBadCodePtr
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
GetWindowsDirectoryA

user32

SetWindowLongA
SendMessageA
CallWindowProcA
SetCursor
DestroyCursor
SetWindowTextA
ShowCursor
GetCursorPos
ScreenToClient
FindWindowA
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
GetSystemMetrics
CreateWindowExA
UpdateWindow
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostQuitMessage
ShowWindow
DefWindowProcA
GetWindowTextA
ChangeDisplaySettingsA
wsprintfA
SetFocus
SetRect
DestroyWindow

gdi32

GetStockObject
AddFontResourceA
RemoveFontResourceA

advapi32

RegOpenKeyExA
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegDeleteValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
RegCreateKeyExA
CryptDeriveKey
RegEnumValueA
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash

shlwapi

PathFileExistsA

netapi32

Netbios
NetApiBufferFree
NetWkstaGetInfo

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21f561a115e43b067b5d6b42dd543414

Headers

File Characteristics

Imports

d3d9

d3dx9_27

dsound

dinput8

winmm

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shlwapi

netapi32

iphlpapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 124KB - Virtual size: 9.8MB

.data1 Size: 8KB - Virtual size: 6KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 124KB - Virtual size: 9.8MB

.data1
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 31KB