b31cdfc0798ffd67f2d9014ef3d26570_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

b31cdfc0798ffd67f2d9014ef3d26570_NeikiAnalytics
Size

178KB
MD5

b31cdfc0798ffd67f2d9014ef3d26570
SHA1

930a21c36c99997eb025fc2ef27de488e2395f14
SHA256

542b654c6b5e4cfb81f1bd817ad43a1a9030ea696adeb0b2eaf8ef5020c2d44a
SHA512

b95f51c2da8da73e86f54d1d2a70ef0dab13ec3eee64764eb8100da80a60b975acb15131a4c5e3c86cde11d71ffeda76dec7b1aa41360e79a7c0eb89c38189e4
SSDEEP

3072:FitpqLI7IoyOs5uKyTwx+UExUqLXDceTO:FMqLfO17TIJ2LAeTO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b31cdfc0798ffd67f2d9014ef3d26570_NeikiAnalytics

Files

b31cdfc0798ffd67f2d9014ef3d26570_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

f9d2307d4455d329bd2a7f8e62905c89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\adfiltersvn\trunk\Release\TxAgent32.pdb

Imports

kernel32

HeapCreate
HeapDestroy
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
CreateSemaphoreW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
Sleep
SwitchToThread
InterlockedCompareExchange
GetNativeSystemInfo
CreateEventW
GetLastError
lstrlenW
lstrcpyW
PostQueuedCompletionStatus
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
GetProcAddress
GetModuleHandleW
GetFileSize
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
CreateIoCompletionPort
WaitForMultipleObjects
GetQueuedCompletionStatus
InterlockedDecrement
SetLastError
ResetEvent
SetEvent
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetModuleFileNameW
WriteConsoleW
WriteFile
GetStdHandle
GetProcessHeap
HeapSize
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
EncodePointer
DecodePointer
HeapReAlloc
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage

winmm

timeGetTime

ws2_32

WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
connect
WSAGetOverlappedResult
bind
socket
WSARecvFrom
WSASendTo
WSARecv
WSASend
closesocket
shutdown
WSAResetEvent
getsockopt
setsockopt
getsockname
htons
inet_ntoa
gethostbyname
inet_addr
ntohs
WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
send
recv
WSACloseEvent
listen
sendto
ioctlsocket
WSACreateEvent

Exports

Exports

HP_Create_TcpAgent
HP_Create_TcpAgent
HP_Create_TcpClient
HP_Create_TcpClient
HP_Create_TcpPullAgent
HP_Create_TcpPullAgent
HP_Create_TcpPullClient
HP_Create_TcpPullClient
HP_Create_TcpPullServer
HP_Create_TcpPullServer
HP_Create_TcpServer
HP_Create_TcpServer
HP_Create_UdpClient
HP_Create_UdpClient
HP_Create_UdpServer
HP_Create_UdpServer
HP_Destroy_TcpAgent
HP_Destroy_TcpAgent
HP_Destroy_TcpClient
HP_Destroy_TcpClient
HP_Destroy_TcpPullAgent
HP_Destroy_TcpPullAgent
HP_Destroy_TcpPullClient
HP_Destroy_TcpPullClient
HP_Destroy_TcpPullServer
HP_Destroy_TcpPullServer
HP_Destroy_TcpServer
HP_Destroy_TcpServer
HP_Destroy_UdpClient
HP_Destroy_UdpClient
HP_Destroy_UdpServer
HP_Destroy_UdpServer
HP_GetSocketErrorDesc
HP_GetSocketErrorDesc
SYS_GetLastError
SYS_GetLastError
SYS_GetSocketOption
SYS_GetSocketOption
SYS_IoctlSocket
SYS_IoctlSocket
SYS_SetSocketOption
SYS_SetSocketOption
SYS_WSAGetLastError
SYS_WSAGetLastError
SYS_WSAIoctl
SYS_WSAIoctl

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9d2307d4455d329bd2a7f8e62905c89

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winmm

ws2_32

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 20KB