b0c04f5993a4a554a1f150c5369deff0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

b0c04f5993a4a554a1f150c5369deff0_NeikiAnalytics
Size

329KB
MD5

b0c04f5993a4a554a1f150c5369deff0
SHA1

07ccb9bc7432297d3687eb8f60976031120a8bb2
SHA256

da101b1cf9039f8e101beddda00febc336b21dfcb1eaea5603f4f0ab22152af3
SHA512

5129629b105d0f749482d9f016ea38e0ebf49145b5d9161dede90df5843ef24dda8fd4dbe4d48135b1db296cbe80bfcb5f5a52c2b9d5f5539ce7b0b0d6e8adae
SSDEEP

6144:ADW2lrALbbtIINUbTR5ORw2ByfloDkFvxhbrQLU:Ai2kU8wfoI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0c04f5993a4a554a1f150c5369deff0_NeikiAnalytics

Files

b0c04f5993a4a554a1f150c5369deff0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

cbbade6588176090d0d2aa752a15d8f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mfc42

ord4623
ord4426
ord652
ord6175
ord338
ord4823
ord4238
ord1200
ord1147
ord6329
ord1841
ord4241
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord4340
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord2091
ord4432
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord364
ord784
ord6334
ord941
ord3455
ord5037
ord6131
ord6216
ord5856
ord858
ord2614
ord3803
ord4277
ord5272
ord1783
ord3522
ord6403
ord2938
ord1779
ord4129
ord3098
ord4615
ord4274
ord815
ord3198
ord6080
ord2554
ord2512
ord5731
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord4486
ord4622
ord3738
ord561
ord3869
ord2127
ord2723
ord2391
ord3059
ord5102
ord5105
ord4468
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2880
ord2878
ord4153
ord4077
ord5237
ord2383
ord5284
ord2649
ord1665
ord4437
ord5255
ord4428
ord2635
ord2558
ord2092
ord5484
ord796
ord807
ord554
ord529
ord402
ord4159
ord986
ord411
ord3521
ord2621
ord674
ord6117
ord1153
ord4698
ord5289
ord2725
ord6402
ord6021
ord2645
ord5572
ord2915
ord940
ord4160
ord922
ord4953
ord4858
ord6375
ord5714
ord4133
ord4297
ord2860
ord5951
ord3095
ord1148
ord2101
ord2390
ord5100
ord2289
ord2737
ord3351
ord2879
ord4152
ord2382
ord5283
ord4436
ord5254
ord2445
ord4427
ord401
ord4772
ord2884
ord2379
ord4387
ord3454
ord768
ord319
ord2864
ord1858
ord976
ord4245
ord5031
ord3349
ord4614
ord1830
ord4239
ord2400
ord5061
ord4938
ord4940
ord4629
ord4586
ord4891
ord4532
ord5076
ord4341
ord4349
ord4723
ord4886
ord4964
ord4961
ord1723
ord3619
ord657
ord344
ord5251
ord6089
ord4455
ord3797
ord5852
ord4315
ord6242
ord4538
ord3089
ord2607
ord2916
ord3790
ord3811
ord4368
ord4897
ord2516
ord361
ord2450
ord2246
ord5681
ord3517
ord482
ord3518
ord6161
ord5451
ord1259
ord2740
ord6408
ord2801
ord1271
ord5115
ord5111
ord1859
ord4246
ord6000
ord2117
ord5883
ord4147
ord2120
ord4457
ord6195
ord4413
ord3870
ord4202
ord5159
ord2086
ord2297
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3385
ord3699
ord489
ord4976
ord4258
ord472
ord2513
ord293
ord5875
ord5787
ord283
ord755
ord470
ord4055
ord1816
ord2358
ord924
ord2764
ord2820
ord535
ord1908
ord4715
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord496
ord4259
ord2363
ord4476
ord540
ord860
ord800
ord2414
ord2859
ord1146
ord1641
ord323
ord1640
ord5785
ord5788
ord640
ord3663
ord3626
ord3693
ord3573
ord3571
ord6197
ord4275
ord4710
ord6241
ord1168
ord5953
ord825
ord324
ord567
ord818
ord609
ord641
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord3798
ord5290
ord4353
ord2399
ord4420
ord5653
ord3172
ord5577
ord1746
ord5740
ord5243
ord2542
ord2510
ord6336
ord3058
ord4696
ord266
ord1825
ord823
ord1199
ord3876
ord3873
ord537
ord2763
ord2919
ord939
ord355
ord2515
ord3499
ord2652
ord1669
ord2298
ord2299
ord2301
ord5981
ord3874
ord3092
ord6199
ord2642
ord6215
ord2370
ord2528
ord1008
ord5261
ord1727
ord6376
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord4234
ord5065
ord3749
ord4441
ord2055
ord2648
ord5104
ord4837
ord4467
ord5836
ord4083
ord3495
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
_EH_prolog
memmove
_itoa
_getdiskfree
tolower
_isctype
__p__pctype
__p___mb_cur_max
atoi
_strnicmp
_stricmp
strstr
_mbscmp
atol
rand
srand
_strdup
free
strtoul
_mbsicmp
_chdrive
_chdir
strtol
strncmp
strncat
sscanf
sprintf
strchr
_purecall
strrchr
_exit
_XcptFilter
exit
__p__acmdln
_initterm
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp

advapi32

RegSetValueA
RegQueryValueA

kernel32

SetCurrentDirectoryA
WriteProfileStringA
GetProfileIntA
GetExitCodeProcess
TerminateProcess
Sleep
_lopen
_lread
_lclose
lstrcpynA
GetUserDefaultLangID
IsDBCSLeadByte
CreateProcessA
CreateFileMappingA
MapViewOfFile
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
FindClose
FatalAppExitA
MulDiv
SetErrorMode
GetLocaleInfoA
GetCurrentDirectoryA
CloseHandle
GetFileAttributesA
GetUserDefaultLCID
EnumSystemLocalesA
GetTickCount
GetVersion
lstrcatA
WinExec
GetFullPathNameA
GetSystemDefaultLCID
CompareStringA
lstrlenA
lstrcmpiA
lstrcpyA
GlobalMemoryStatus
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA

gdi32

ExtTextOutA
GetTextExtentPointA
GetTextMetricsA
GetDeviceCaps
CreateFontIndirectA
GetObjectA
CreateSolidBrush
DeleteObject
PatBlt
BitBlt
SelectObject
DeleteDC
EnumFontsA
CreateCompatibleBitmap
CreateCompatibleDC
Rectangle
GetStockObject
StretchBlt
SetBkColor
SetTextColor

user32

KillTimer
SetActiveWindow
EnumWindows
GetClassNameA
InflateRect
PtInRect
MapWindowPoints
MessageBeep
FlashWindow
EnableWindow
WinHelpA
LoadIconA
DrawIcon
SetRect
FillRect
GetSystemMetrics
wsprintfA
CloseWindow
OpenIcon
SetTimer
IsZoomed
GetWindowLongA
BringWindowToTop
GetFocus
CreateWindowExA
SetWindowPos
IsWindowVisible
GetParent
LoadStringA
DrawFocusRect
GetMenuCheckMarkDimensions
GetDlgCtrlID
EnumChildWindows
SetWindowTextA
GetDlgItem
GetWindowTextA
EndDialog
IsWindow
LoadCursorA
RegisterClassA
FindWindowA
IsIconic
ShowWindow
SetForegroundWindow
UpdateWindow
CharLowerA
CharUpperA
PostMessageA
LoadBitmapA
GetSysColor
DrawTextA
GetDialogBaseUnits
BeginDeferWindowPos
ScreenToClient
DeferWindowPos
EndDeferWindowPos
InvalidateRect
RegisterWindowMessageA
DestroyMenu
LoadMenuA
GetDC
ReleaseDC
GetWindowRect
SendMessageA
GetClientRect

hwdll

ord27
ord74
ord4
ord117
ord23
ord17
ord10
ord76
ord28
ord36
ord12
ord8
ord21
ord20
ord38
ord44
ord59
ord35
ord46
ord31
ord32
ord34
ord30
ord64
ord67
ord66
ord65
ord63
ord13
ord54
ord41
ord45
ord26
ord75
ord39
ord2
ord18
ord14
ord50
ord56
ord57
ord106
ord107
ord6
ord11
ord48
ord16
ord116
ord40
ord37
ord33
ord73
ord114
ord115
ord49
ord118
ord1
ord110
ord113
ord3

comdlg32

GetOpenFileNameA

version

GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.heb
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cbbade6588176090d0d2aa752a15d8f0

Headers

File Characteristics

Imports

mfc42

msvcrt

advapi32

kernel32

gdi32

user32

hwdll

comdlg32

version

Sections

.text Size: 216KB - Virtual size: 216KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 78KB - Virtual size: 78KB

.reloc Size: 24KB - Virtual size: 24KB

.heb Size: - Virtual size: 1B

.text
Size: 216KB - Virtual size: 216KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 78KB - Virtual size: 78KB

.reloc
Size: 24KB - Virtual size: 24KB

.heb
Size: - Virtual size: 1B