40620a0d5b082a49a586fd16d18f8480_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

40620a0d5b082a49a586fd16d18f8480_NeikiAnalytics
Size

4.5MB
MD5

40620a0d5b082a49a586fd16d18f8480
SHA1

a8f9375664c99ace557d61a2baace062d68d8c45
SHA256

a3a9280e185be8d30c1e2613e58ce943e09b89a91a238f9d8fb95fa1a06f3f2e
SHA512

62fa77892a6d0d1f98861b09be7b88575b8aeb2a3f296ae655834977508b3aa2caa01fcea69e6aae019f7533bb85b70ed072a9ee29eb844bb965fb4a2cba114b
SSDEEP

49152:s4qDvTTe27J9aJHjldF8YrKCljjzhdiu+wlHGDlBeteIqdR8faOS8dfnDauZj3G5:s4qDvuwJ0+YrKChzhdizwFGEd2r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40620a0d5b082a49a586fd16d18f8480_NeikiAnalytics

Files

40620a0d5b082a49a586fd16d18f8480_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

8b087aef2db9688f64dc78fac24996a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\workspace\win\branches\ai_series\build\win\Release\cclgui.pdb

Imports

kernel32

VerifyVersionInfoW
GetLastError
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GlobalLock
GlobalUnlock
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
TerminateProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetTickCount
CreateProcessW
OpenProcess
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetSystemTime
SystemTimeToFileTime
GlobalSize
GetFileAttributesW
GlobalAlloc
LoadLibraryExW
FreeLibrary
SetThreadExecutionState
Sleep
GetCurrentProcessId
LocalFree
GetCommandLineW
VerSetConditionMask

user32

GetKeyboardLayout
SetWindowPlacement
IsChild
GetCapture
GetWindowPlacement
SetActiveWindow
AdjustWindowRectEx
GetDlgItem
GetScrollInfo
GetWindowTextLengthW
CreateMenu
GetMenuInfo
RemoveMenu
InsertMenuW
DestroyMenu
EndDialog
SetMenuItemInfoW
TrackPopupMenu
CreatePopupMenu
DdeFreeStringHandle
DdeDisconnect
DdeClientTransaction
DdeUninitialize
DdeInitializeW
DdeConnect
DdeCreateStringHandleW
GetWindow
DialogBoxIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
EnableWindow
WindowFromPoint
InflateRect
DrawFocusRect
GetSysColor
GetSysColorBrush
DrawEdge
DrawFrameControl
EnumChildWindows
DestroyCursor
CreateIconIndirect
OpenClipboard
CloseClipboard
ShowWindow
GetClipboardData
GetForegroundWindow
SetClipboardData
BeginPaint
EndPaint
GetUpdateRgn
FillRect
DrawTextW
GetKeyState
GetKeyboardState
ToUnicode
PostMessageW
IsWindowVisible
UnregisterClassW
GetClassInfoW
GetAsyncKeyState
SetTimer
PeekMessageW
RegisterClassW
GetDoubleClickTime
SetFocus
DisableProcessWindowsGhosting
DragDetect
LoadCursorW
SetCursor
KillTimer
PostQuitMessage
SetCursorPos
GetCursorPos
SendInput
GetWindowLongW
GetWindowThreadProcessId
DeferWindowPos
FindWindowExW
SetWindowPos
CreateWindowExW
SendMessageW
BeginDeferWindowPos
EnumWindows
GetClassNameW
EndDeferWindowPos
GetParent
SetForegroundWindow
GetWindowTextW
GetMessageW
GetMessageExtraInfo
IsWindowEnabled
SetMenu
SetLayeredWindowAttributes
ScrollWindowEx
SetParent
DrawMenuBar
SetCapture
IsZoomed
GetClientRect
UpdateLayeredWindow
GetWindowRect
CallWindowProcW
SetRect
UpdateWindow
ReleaseCapture
IsIconic
InvalidateRect
GetClipboardSequenceNumber
DefWindowProcW
EmptyClipboard
CallNextHookEx
MonitorFromPoint
ClientToScreen
ScrollDC
ReleaseDC
DrawIconEx
DestroyIcon
ScreenToClient
DispatchMessageW
GetMessageTime
TranslateMessage
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
DestroyWindow
GetSystemMetrics
SetWindowTextW
LoadIconW
IsProcessDPIAware
SetProcessDPIAware
GetDC
CopyIcon
GetIconInfo
SetMenuInfo

gdi32

GetObjectW
DeleteDC
GetDIBits
StretchBlt
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateICW
CombineRgn
ExtSelectClipRgn
RestoreDC
SetStretchBltMode
MoveToEx
RectInRegion
Polygon
SelectClipRgn
Rectangle
LineTo
SetBkMode
GetRegionData
SetTextColor
SetBkColor
CreateRectRgn
SelectClipPath
GetClipBox
GetStockObject
PolyPolyline
SetGraphicsMode
RectVisible
GetWorldTransform
ModifyWorldTransform
SaveDC
CreateSolidBrush
CreatePen
CreateFontW
RoundRect
AngleArc
EndPath
PolyBezier
BeginPath
SetWorldTransform
RemoveFontMemResourceEx
AddFontMemResourceEx
CreateBitmap
ExtTextOutW
BitBlt
CreateDIBSection
DeleteObject
GetTextExtentPoint32W

comdlg32

PageSetupDlgW
ChooseColorW
PrintDlgW
PrintDlgExW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SetCurrentProcessExplicitAppUserModelID
CommandLineToArgvW
DragQueryFileW
ShellExecuteW
SHAddToRecentDocs
SHCreateItemFromParsingName
Shell_NotifyIconW

ole32

CoCreateInstance
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
PropVariantClear
CoTaskMemFree
DoDragDrop
ReleaseStgMedium

oleaut32

SysFreeString

cclsystem

GetErrorHandler
GetFileUtilities
GetFileSystem
GetPackageHandler
GetSystemTicks
GetSignalHandler
GetExecutableLoader
GetScriptingManager
GetMainModuleRef
GetSystem
AtomicGet
GetAtomTable
GetThreadSelfID
DebugReportWarning
CreateAtomicStack
CreateSyncPrimitive
GetModuleIdentifier
GetFileTypeRegistry
GetProfileTime
DebugPrintCString
CreateUID
GetLocaleManager
Hash
GetLogger
GetPlugInManager
GetObjectTable
GetTypeLibRegistry
GetMainThread

ccltext

core_malloc
core_free
GetConstantString
GetConstantCString
GetUnicodeUtilities
CreateTranslationTable
CreateMutableCString
ParseVariantString
core_realloc
GetEmptyString
CreateTransformStream
CreateDataTransformer
CreateStringDictionary
CreateXmlWriter
CreateXmlParser
CreateTextStreamer
JsonStringify
UBJsonWrite
JsonParse
UBJsonParse
CreateRegularExpression
CreateCStringDictionary

prntvpt

ord4
ord9
ord2

comctl32

ord17
ord345

gdiplus

GdipCreateBitmapFromScan0
GdipDrawImagePointRectI
GdipGetImageWidth
GdipImageGetFrameCount
GdipDeletePen
GdipAddPathLine
GdipAddPathRectangleI
GdipCreateMatrix2
GdipAddPathArcI
GdipTransformPath
GdipAddPathBezier
GdipDeletePath
GdipAddPathBezierI
GdipCreatePath
GdipFillPath
GdipAddPathLineI
GdipClosePathFigure
GdipDrawPath
GdipClonePath
GdipStartPathFigure
GdipGetPathWorldBoundsI
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFont
GdipSetPenLineCap197819
GdipCreateSolidFill
GdipGetGenericFontFamilySansSerif
GdipSetPenLineJoin
GdipDeleteFont
GdipCreatePen1
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipPrivateAddMemoryFont
GdipCreateStringFormat
GdipDrawRectangleI
GdipGetTextRenderingHint
GdipReleaseDC
GdipSaveGraphics
GdipDrawEllipseI
GdipDrawImageRectRectI
GdipGetDC
GdipSetSmoothingMode
GdipSetClipPath
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipMultiplyWorldTransform
GdipGraphicsClear
GdipDrawLine
GdipSetPixelOffsetMode
GdipSetClipRectI
GdipGetSmoothingMode
GdipDrawString
GdipGetClipBoundsI
GdipCreateFromHDC
GdipFillEllipseI
GdipSetTextRenderingHint
GdipRestoreGraphics
GdipSetStringFormatTabStops
GdipMeasureString
GdipFillRectangleI
GdipDeleteGraphics
GdipDeleteStringFormat
GdipTranslateWorldTransform
GdipSetStringFormatAlign
GdipDeleteMatrix
GdipDrawLineI
GdipSetStringFormatFlags
GdipGetImageHeight
GdipCloneImage
GdipBitmapUnlockBits
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipFree
GdipImageSelectActiveFrame
GdipBitmapLockBits

msimg32

GradientFill
AlphaBlend

shlwapi

StrStrIW
SHStrDupW
AssocQueryStringW
StrCmpIW

dbghelp

MiniDumpWriteDump

uxtheme

GetThemeSysFont
OpenThemeData
DrawThemeBackground
CloseThemeData

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

vcruntime140

memmove
__std_type_info_destroy_list
memcpy
_except_handler4_common
__current_exception_context
__current_exception
strrchr
strchr
strstr
_purecall
__CxxFrameHandler3
memset
_except_handler3

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

strncat
_stricmp
wcsncmp
strncpy
isdigit
isalnum
strtok

api-ms-win-crt-utility-l1-1-0

rand
bsearch
qsort

api-ms-win-crt-math-l1-1-0

round
__libm_sse2_acosf
_CIfmod
__libm_sse2_exp
__libm_sse2_log
__libm_sse2_logf
__libm_sse2_powf
__libm_sse2_tanf
ceil
__libm_sse2_expf

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm_e
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_cexit
_crt_atexit
_initterm

Exports

Exports

CCLModuleMain
CreateChildWindow
CreateFrameworkView
GetAlertService
GetClipboard
GetCommandTable
GetDesktop
GetFrameworkConfiguration
GetGUI
GetGUIHelper
GetGraphicsHelper
GetHelpManager
GetPrintService
GetSystemShell
GetThemeManager
GetWindowManager
GetWorkspaceManager
IsFrameworkHostProcess

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 609KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b087aef2db9688f64dc78fac24996a0

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

cclsystem

ccltext

prntvpt

comctl32

gdiplus

msimg32

shlwapi

dbghelp

uxtheme

psapi

version

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 609KB - Virtual size: 608KB

.data Size: 16KB - Virtual size: 413KB

_RDATA Size: 78KB - Virtual size: 77KB

.rsrc Size: 343KB - Virtual size: 342KB

.reloc Size: 323KB - Virtual size: 322KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 609KB - Virtual size: 608KB

.data
Size: 16KB - Virtual size: 413KB

_RDATA
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 343KB - Virtual size: 342KB

.reloc
Size: 323KB - Virtual size: 322KB