326933a43ff7f2c740328f0ae32690b0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

326933a43ff7f2c740328f0ae32690b0_NeikiAnalytics
Size

869KB
MD5

326933a43ff7f2c740328f0ae32690b0
SHA1

a3dc450c96e2e1a3d68b77a47d0bd73e7ed45803
SHA256

b2222e18b8fcb147084ef5f555e0ca09d048b7c6b603a07d9027b11df4121bf7
SHA512

b40d7a882b75e8cb86c65fae1984b9fc5db9c942f933236a02580126175023cf75bc58aca0495c95fd0d6c596050afecca5ec871df83d3013d45c8aaabff42b0
SSDEEP

24576:Hc9XuacpKIue9+L6VMRCPU6CENltmVVdpx7fLrQWd:Hc9RcpKwK6ZU6CENlc7dpJLrQWd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
326933a43ff7f2c740328f0ae32690b0_NeikiAnalytics

Files

326933a43ff7f2c740328f0ae32690b0_NeikiAnalytics
.exe windows:10 windows x86 arch:x86

f769684ca47c350eea891ad5839dff5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vswriter.pdb

Imports

kernel32

GetVolumePathNameW
GetFileTime
GetFileSize
FindVolumeClose
FindNextFileW
FindFirstFileW
FindFirstVolumeMountPointW
DeleteFileW
CreateFileW
CreateDirectoryW
CompareFileTime
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
ReadFile
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExW
FreeLibrary
LocalFree
CloseHandle
GetCurrentThread
FormatMessageW
GetCommandLineW
FindNextVolumeMountPointW
FindVolumeMountPointClose
RemoveDirectoryW
SetFilePointer
WriteFile
GetVolumeNameForVolumeMountPointW
SystemTimeToFileTime
CopyFileW
SetConsoleCtrlHandler
WideCharToMultiByte
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSection
HeapSetInformation
GetLastError
FindClose
GetFileAttributesW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsSetValue
OutputDebugStringW
TlsAlloc
GetProcAddress
TlsGetValue
GetSystemTime

msvcrt

__p__commode
_XcptFilter
abort
setlocale
__crtLCMapStringW
__crtGetStringTypeW
__mb_cur_max
_errno
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
__pctype_func
_callnewh
_vsnwprintf
wprintf
_wcsicmp
wcschr
_wcsnicmp
_vsnprintf
wcstol
wcstoul
printf
sprintf
swprintf
towupper
rand
strstr
_amsg_exit
srand
time
memcpy
malloc
_except_handler4_common
__wgetmainargs
__set_app_type
_purecall
memset
memcpy_s
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_controlfp
memmove_s
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
?terminate@@YAXXZ
strcspn
exit
free
sprintf_s
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memchr
__CxxFrameHandler3
_CxxThrowException
localeconv
wcscpy_s
__uncaught_exception
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z

ole32

StringFromCLSID
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
GetErrorInfo
SysAllocStringLen
VariantClear
SysStringLen

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
DeregisterEventSource
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
RegisterEventSourceW
ReportEventW

atl

ord30

user32

LoadStringW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

vssapi

CreateWriterEx

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f769684ca47c350eea891ad5839dff5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ole32

oleaut32

advapi32

atl

user32

rpcrt4

vssapi

api-ms-win-security-lsalookup-l1-1-0

Sections

.text Size: 222KB - Virtual size: 221KB

.data Size: 64KB - Virtual size: 66KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 222KB - Virtual size: 221KB

.data
Size: 64KB - Virtual size: 66KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 576KB - Virtual size: 580KB