bd12507221ff90d664d97a21253359a0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

bd12507221ff90d664d97a21253359a0_NeikiAnalytics
Size

149KB
MD5

bd12507221ff90d664d97a21253359a0
SHA1

4c72cef8a5225dc388c10d5a5a2bae6323a34f1d
SHA256

92b2748a327708719bbb6334485e441e76c9d63bb186ef635085f96b79132f4a
SHA512

492d141f6f35c7fd477b4fedd593168904e6331fbf0a9ea1058ce3f03f668b79a163f58e30d7e0fb19b570387cc4cacd7a98424e10be59a853d10ff08f833c0d
SSDEEP

3072:i3P+19RVfAqJfGgKmlYhfppb/DIdfegu/+cVD/itcjIi:UPmv5ApgvYhRFQfefra+Ii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd12507221ff90d664d97a21253359a0_NeikiAnalytics

Files

bd12507221ff90d664d97a21253359a0_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

05e08887485af26ab4d505f5bb7c2342

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\scm\out\job\12337\windows\lib\debug\x86\voPluginUI.pdb

Imports

kernel32

GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateFileW
CloseHandle
SetLastError
GetCurrentThreadId
GetModuleFileNameW
GetTickCount
GetVersionExW
GetModuleHandleW
GetPrivateProfileStringW
InitializeCriticalSection
WideCharToMultiByte
Sleep
GetSystemTimeAsFileTime
GetSystemInfo
CreateThread
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapSize
LCMapStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
WriteFile
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
GetCommandLineA
VirtualQuery
VirtualProtect
VirtualAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DecodePointer
LoadLibraryW
FreeLibrary
GetProcAddress

user32

UnregisterClassW
SendMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
GetDC
ReleaseDC
BeginPaint
EndPaint
GetWindowRect
ClientToScreen
GetWindowLongW
SetWindowLongW
LoadCursorW
TrackMouseEvent
RegisterHotKey
UnregisterHotKey
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
PostMessageW
ShowWindow
SetWindowDisplayAffinity
OpenClipboard
CloseClipboard
EmptyClipboard
SetFocus
GetActiveWindow
GetKeyState
GetAsyncKeyState
GetCapture
SetCapture
SetTimer
KillTimer
GetSystemMetrics
GetForegroundWindow
InvalidateRect
GetClientRect
ShowCursor
SetCursor
GetCursorPos
ScreenToClient
FillRect
PtInRect
GetDesktopWindow
GetMonitorInfoW
MonitorFromRect
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetWindowThreadProcessId
SetParent
GetParent

gdi32

BitBlt
CreateCompatibleBitmap
GetObjectW
SetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
CreateSolidBrush
CreateCompatibleDC
DeleteDC

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateFromHDC
GdipSetInterpolationMode
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectI
GdipGetImagePixelFormat

Exports

Exports

voGetPlugInUIAPI

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05e08887485af26ab4d505f5bb7c2342

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

gdiplus

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 15KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 15KB

.reloc
Size: 7KB - Virtual size: 7KB