960ee50502a87b0b343737f3d50dcd90_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

960ee50502a87b0b343737f3d50dcd90_NeikiAnalytics
Size

568KB
MD5

960ee50502a87b0b343737f3d50dcd90
SHA1

28d8562997b93a65423b2ead74f405477f64eafe
SHA256

7144a9e1bb90b4c4e8055d0f2fff66ec46208c748d93cd825293db68584999e4
SHA512

8d7c05e989ff02d7ff82cc41dcf891cb68d08c25fa17d44e2176d369d8004302f7d2d4a2207b2b46b5e7526bcbd316f784ee6d21b09a0d3fcfd53f5d0ac2ac6f
SSDEEP

6144:3pSAJSFJybM1W6wG6ppTMwJjZWm/IP3s0Crm00yQp1izRZBCSjKPbwSglXgeQzsr:5VYIMOpFkm/IPMd7zcPbw6vb3Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
960ee50502a87b0b343737f3d50dcd90_NeikiAnalytics

Files

960ee50502a87b0b343737f3d50dcd90_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

684508435de3fbde56ccc28625d4c983

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathRemoveFileSpecW
PathAppendW
PathIsRelativeW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

ntohl
htonl

mfc42

ord6453
ord1949
ord2688
ord341
ord2379
ord3402
ord2135
ord5858
ord5603
ord3981
ord2061
ord353
ord4160
ord6140
ord6197
ord6377
ord4034
ord1158
ord924
ord3789
ord6467
ord922
ord5710
ord940
ord6876
ord539
ord6892
ord857
ord5834
ord1154
ord861
ord1200
ord1199
ord700
ord4189
ord913
ord2764
ord398
ord801
ord5861
ord541
ord6311
ord4171
ord1168
ord654
ord397
ord5593
ord3438
ord5631
ord4188
ord568
ord819
ord5611
ord5863
ord859
ord6648
ord3185
ord2864
ord4673
ord1223
ord1206
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord4622
ord3738
ord4698
ord5289
ord3938
ord815
ord5500
ord6354
ord4202
ord5716
ord5717
ord2621
ord699
ord3742
ord561
ord3953
ord2725
ord1205
ord4021
ord4020
ord1567
ord268
ord1265
ord2233
ord2393
ord2763
ord6877
ord538
ord2458
ord6289
ord3470
ord968
ord455
ord1572
ord3258
ord1799
ord2727
ord2730
ord2729
ord3353
ord772
ord610
ord614
ord500
ord287
ord290
ord4003
ord5606
ord5602
ord5608
ord5860
ord6883
ord5857
ord6142
ord6139
ord6143
ord3986
ord6781
ord3979
ord4226
ord446
ord743
ord3127
ord3616
ord5651
ord3126
ord3613
ord350
ord3579
ord3584
ord3643
ord696
ord543
ord394
ord803
ord6418
ord6307
ord909
ord4167
ord5683
ord1263
ord5628
ord2820
ord548
ord4185
ord1166
ord2919
ord6442
ord1233
ord4277
ord2915
ord4129
ord858
ord800
ord823
ord825
ord567
ord818
ord4080
ord4424
ord4627
ord3831
ord3079
ord3825
ord3081
ord3830
ord2976
ord3136
ord2985
ord3262
ord3147
ord4465
ord3259
ord2124
ord2982
ord5277
ord1727
ord2446
ord5261
ord6376
ord5065
ord3749
ord4441
ord2055
ord2648
ord5290
ord4837
ord3798
ord5163
ord4353
ord6374
ord4407
ord2385
ord5241
ord6055
ord1776
ord4078
ord2044
ord4275
ord2107
ord2841
ord3903
ord2448
ord4278
ord6663
ord2818
ord5186
ord6385
ord354
ord5572
ord3318
ord5442
ord2614
ord1979
ord665
ord6394
ord6383
ord5440
ord3790
ord5450
ord3663
ord6282
ord6662
ord535
ord941
ord6283
ord6929
ord2781
ord356
ord2770
ord3178
ord4058
ord540
ord939
ord860
ord668
ord3181
ord1980
ord1134
ord537
ord1218
ord3401
ord521
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
_beginthreadex
_splitpath
sscanf
_mbslwr
_except_handler3
wcsncpy
_CxxThrowException
strcmp
_wcsicmp
realloc
_purecall
memcmp
atol
_controlfp
atoi
rand
_ftol
srand
_mbsnbcmp
_mbsstr
_mbsncmp
_mbschr
memcpy
memmove
_mbscmp
_lseek
_write
_read
_open
free
malloc
memset
_close
strncpy
time
localtime
_setmbcp
atof
strcpy
__CxxFrameHandler
strlen
_mbsrchr
sprintf
strcat
strftime

kernel32

GetDiskFreeSpaceExA
GetVersionExA
lstrlenA
ReadFile
GetProcAddress
CreateDirectoryA
MultiByteToWideChar
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
SetFilePointer
WriteFile
CreateFileA
DeleteFileA
WritePrivateProfileStringA
CloseHandle
TerminateProcess
SetErrorMode
GetCurrentProcess
GetFileSize
GetTempPathA
SetUnhandledExceptionFilter
RemoveDirectoryA
LeaveCriticalSection
CopyFileA
GetCurrentThreadId
FlushInstructionCache
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
lstrcmpiA
GetCommandLineA
ReleaseMutex
CreateMutexA
OpenMutexA
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
WideCharToMultiByte
GetShortPathNameA
SizeofResource
LoadResource
FreeLibrary
GetLastError
LoadLibraryExA
FindResourceA
IsDBCSLeadByte
HeapDestroy
lstrcpynA
lstrcpyA
lstrcatA
LoadLibraryA
GetThreadSelectorEntry
ReadProcessMemory
VirtualQueryEx
GetCurrentThread
GetTempFileNameA
CreateProcessA
UnmapViewOfFile
MapViewOfFile
SetEndOfFile
GetWindowsDirectoryA
MoveFileExA
CreateFileMappingA
SetEvent
ResetEvent
CreateEventA
GetProcessHeap
HeapAlloc
HeapFree
TerminateThread
WaitForMultipleObjects
SetThreadPriority
GetStartupInfoA
VirtualQuery

user32

EnableWindow
IsWindow
MessageBeep
PostMessageA
SetParent
SetTimer
KillTimer
PostThreadMessageA
DefWindowProcA
GetParent
PostQuitMessage
FindWindowA
SendMessageA
DestroyWindow
CharNextA
CallWindowProcA
GetWindowLongA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateWindowExA
SetWindowLongA
SetWindowPos
GetDesktopWindow

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoRegisterClassObject
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoRevokeClassObject
StringFromCLSID
CoCreateGuid
StgCreateDocfile
StgOpenStorage
CoLoadLibrary
CoFreeLibrary

oleaut32

SafeArrayLock
SafeArrayDestroy
VariantClear
VariantCopyInd
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
SafeArrayCopy
VariantInit
VariantCopy
SysFreeString
SysAllocString
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SysStringLen
DispCallFunc
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringByteLen

imagehlp

SymInitialize
SymLoadModule
StackWalk
SymFunctionTableAccess
SymSetOptions
SymGetModuleInfo
SymGetSymFromAddr

wininet

HttpSendRequestExA
InternetWriteFile
InternetReadFileExA
HttpAddRequestHeadersA
InternetCloseHandle
HttpEndRequestA
HttpQueryInfoA
InternetErrorDlg
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetSetStatusCallback
InternetOpenA

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KAO
Size: 4KB - Virtual size: 575B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

684508435de3fbde56ccc28625d4c983

Headers

File Characteristics

Imports

shlwapi

version

ws2_32

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

imagehlp

wininet

Sections

.text Size: 400KB - Virtual size: 398KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 28KB - Virtual size: 41KB

.rsrc Size: 36KB - Virtual size: 33KB

.KAO Size: 4KB - Virtual size: 575B

.text
Size: 400KB - Virtual size: 398KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 28KB - Virtual size: 41KB

.rsrc
Size: 36KB - Virtual size: 33KB

.KAO
Size: 4KB - Virtual size: 575B