a7be831523dea5b9e1bb73065e5c9d80_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

a7be831523dea5b9e1bb73065e5c9d80_NeikiAnalytics
Size

917KB
MD5

a7be831523dea5b9e1bb73065e5c9d80
SHA1

47a2d07a9eea4f0fdc3bf11e1ce9da3f73f203eb
SHA256

252110e903e6fdef3c19c1dfaf198526bb3e11050de0b25c2aebabf21cfafda1
SHA512

371bb2c4d6c1917f343bb4ccdd754b1413889f0017dad8ab4fcf69c008d042584f773280004811fea5d50fe4a11148a6db3eba5babac31d62091375f9320c011
SSDEEP

24576:2BCUigebcx2YOXp6hILA0Trm69d8byAV0I:aCk2YO56h2TS69ef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7be831523dea5b9e1bb73065e5c9d80_NeikiAnalytics

Files

a7be831523dea5b9e1bb73065e5c9d80_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

3eaa314c9a1796e973ce69520a123886

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\devel\svn\FileZilla Server trunk\trunk\FileZilla Server\source\Release\FileZilla server.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

ntohl
setsockopt
getsockopt
ioctlsocket
accept
listen
shutdown
getsockname
getpeername
ntohs
connect
WSAAsyncGetHostByName
send
gethostbyaddr
WSACancelAsyncRequest
closesocket
bind
inet_addr
WSAAsyncSelect
socket
htons
gethostbyname
gethostname
WSASetLastError
WSAGetLastError
inet_ntoa
htonl
WSAStartup
WSACleanup
recv

kernel32

GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetLocalTime
GetLastError
SizeofResource
FindResourceW
GetModuleHandleW
GetSystemTime
SystemTimeToFileTime
SetLastError
FreeLibrary
LoadLibraryW
GetProcAddress
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
DeleteFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
FileTimeToSystemTime
CreateFileW
SetFileTime
SetStdHandle
WriteFile
GetModuleFileNameW
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
ReadFile
SetEndOfFile
CreateThread
Sleep
GetTimeZoneInformation
SetThreadPriority
GetCurrentThread
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
CreateEventW
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResumeThread
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeA
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
RaiseException
HeapAlloc
GetStartupInfoA
CreateFileA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
GetStringTypeExA
CloseHandle
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
HeapFree
GetCommandLineA
HeapReAlloc

user32

PostThreadMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
PostQuitMessage
RegisterWindowMessageW
MessageBoxW
SetTimer
DefWindowProcW
KillTimer
GetWindowLongW
PostMessageW
PeekMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW
RegisterClassExW
LoadStringW
LoadStringA

advapi32

RegisterServiceCtrlHandlerW
ControlService
DeleteService
StartServiceW
CreateServiceW
StartServiceCtrlDispatcherW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
SetServiceStatus

Sections

.text
Size: 603KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3eaa314c9a1796e973ce69520a123886

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 603KB - Virtual size: 603KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 11KB - Virtual size: 22KB

.rsrc Size: 6KB - Virtual size: 6KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 603KB - Virtual size: 603KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 11KB - Virtual size: 22KB

.rsrc
Size: 6KB - Virtual size: 6KB

.vmp0
Size: 192KB - Virtual size: 1.3MB