a7ebe3c9bce020c356edadb5a4ce13b0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

a7ebe3c9bce020c356edadb5a4ce13b0_NeikiAnalytics
Size

1.2MB
MD5

a7ebe3c9bce020c356edadb5a4ce13b0
SHA1

4998b44245c1f924f2eb8a567e2a688178e077b6
SHA256

fb49f5e707a19d167d810809b3d4f8c6dd934ba845e5a1245f5ee4593466842e
SHA512

2794e75f84774950e2048fa53bf4f553b870e40c6954686e53e52504d46fa6f3a8252d387879e1c413aa52ce9edb85a6db6ce88ae2f51c30e3510e90674ca4b1
SSDEEP

12288:eX3w6UfexRxb4w7L6gE36N0cTUHiv6WbkBGG6NmScO49Vw+6Et0TVU2OpF9KWw1H:exUWxRxb4oL9E3ITTkBC3cOiU/Wc6NK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7ebe3c9bce020c356edadb5a4ce13b0_NeikiAnalytics

Files

a7ebe3c9bce020c356edadb5a4ce13b0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

5af35d01024e01f595d867c97bf007d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\mtz_zip\product\win32\dbginfo\installer.pdb

Imports

imm32

ImmDisableIME

kernel32

GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
GetWindowsDirectoryW
SetFileAttributesW
GetComputerNameA
GetDiskFreeSpaceExW
CreateFileA
CreateProcessW
GetCommandLineW
GetCurrentProcessId
GetPrivateProfileStringW
GetPrivateProfileIntW
InterlockedExchange
FreeResource
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
FlushInstructionCache
RaiseException
lstrcmpiW
OutputDebugStringW
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetDriveTypeW
WritePrivateProfileStringW
MapViewOfFileEx
LoadLibraryExW
SetThreadPriority
SleepEx
DuplicateHandle
ReleaseMutex
CreateMutexW
GetExitCodeThread
FormatMessageW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameA
HeapCreate
GetStartupInfoA
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
FindFirstFileA
GetDriveTypeA
GetStartupInfoW
ExitProcess
VirtualQuery
GetModuleHandleA
VirtualProtect
ExitThread
GetFileType
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetFileAttributesW
DeleteFileW
GetLastError
CreateDirectoryW
FindClose
RemoveDirectoryW
CreateFileW
CloseHandle
WriteFile
lstrlenW
WideCharToMultiByte
GetFileSize
ReadFile
FileTimeToLocalFileTime
GetLocalTime
SetFilePointer
FileTimeToSystemTime
GetSystemTimeAsFileTime
FlushFileBuffers
SetEndOfFile
SetCurrentDirectoryW
CreateFileMappingW
MoveFileW
SetLastError
GetCurrentDirectoryW
GetTempPathW
CopyFileW
GetTickCount
MoveFileExW
UnmapViewOfFile
MapViewOfFile
GetTempFileNameW
GetSystemInfo
InterlockedCompareExchange
LocalFree
LocalAlloc
GetVersionExW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
WaitForSingleObject
CreateThread
TerminateThread
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
ExpandEnvironmentStringsW
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
OpenProcess
QueryDosDeviceW
GetLogicalDriveStringsW
MultiByteToWideChar
lstrlenA

user32

ReleaseDC
FindWindowW
IsDialogMessageW
SetWindowLongW
ClientToScreen
IntersectRect
GetCursorPos
ScreenToClient
LoadBitmapW
SetWindowTextW
LoadImageW
CharLowerW
CharUpperW
GetDesktopWindow
GetKeyState
WindowFromPoint
GetScrollPos
GetFocus
GetDC
IsChild
GetMonitorInfoW
MonitorFromWindow
CopyRect
GetWindowTextW
GetWindowTextLengthW
CreateWindowExW
DefWindowProcW
LoadCursorW
RegisterClassExW
IsWindow
GetWindowRect
UpdateLayeredWindow
SetCapture
ReleaseCapture
SetWindowRgn
CharNextW
PtInRect
SetCursor
InflateRect
LoadIconW
DestroyIcon
IsWindowEnabled
SendMessageW
RegisterWindowMessageW
SetTimer
KillTimer
SetRectEmpty
SetRect
GetDlgCtrlID
ShowWindow
EqualRect
SetWindowPos
IsWindowVisible
InvalidateRect
GetDlgItem
GetParent
OffsetRect
IsIconic
IsRectEmpty
MoveWindow
DestroyWindow
DrawTextW
CallWindowProcW
DrawIconEx
GetClassInfoExW
PostThreadMessageW
GetActiveWindow
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
AttachThreadInput
SetForegroundWindow
SetActiveWindow
EndPaint
BeginPaint
UnregisterClassA
GetWindow
GetWindowLongW
GetClientRect
MapWindowPoints
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
SetFocus
GetNextDlgTabItem

gdi32

SelectObject
CreateRectRgnIndirect
GetTextMetricsW
SetStretchBltMode
CreateRoundRectRgn
OffsetRgn
ExtSelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
RectInRegion
SetBkColor
GetTextExtentPoint32W
TextOutW
RoundRect
Rectangle
GetClipRgn
GetTextColor
RestoreDC
SaveDC
GetCurrentObject
SelectClipRgn
SetBkMode
LineTo
MoveToEx
CreatePen
CreateFontIndirectW
GetStockObject
GetDeviceCaps
SetTextColor
CreateBitmap
CreateCompatibleBitmap
CreateDIBSection
DeleteObject
CombineRgn
CreateRectRgn
GetObjectW
StretchBlt
BitBlt
DeleteDC
ExtTextOutW
CreateCompatibleDC

advapi32

RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
ControlService
StartServiceW
QueryServiceStatus
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegQueryInfoKeyW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
DeleteAce
GetAce
GetNamedSecurityInfoW
CreateProcessAsUserW
RegEnumKeyExW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegSetValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoCreateInstance
CoCreateGuid

oleaut32

VariantCopy
VariantClear
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocString

shlwapi

StrToIntA
StrToIntW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

gdiplus

GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipScaleWorldTransform
GdipDrawLine
GdipDrawRectangleI
GdipDrawPath
GdipGraphicsClear
GdipFillRectangle
GdipFillPath
GdipDrawImageI
GdipDrawImageRectI
GdipGetFamily
GdipGetFontSize
GdipCreateBitmapFromScan0
GdipDrawImagePointsRectI
GdipLoadImageFromStream
GdipGetImagePixelFormat
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapArea
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromFile
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDeleteFontFamily
GdipPrivateAddFontFile
GdipNewPrivateFontCollection
GdipAddPathStringI
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipSetClipPath
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipDrawLinesI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathPieI
GdipAddPathRectangleI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipAddPathArcI
GdipSetPenMode
GdipSetPenDashStyle
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreateLineBrushFromRectWithAngleI
GdiplusShutdown
GdipCloneFontFamily
GdiplusStartup
GdipDeletePrivateFontCollection

Exports

Exports

??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@ABU012@@Z
??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxThreadBase@VLocker@kbase@@@kbase@@QAE@XZ
??0ReportHelper@business_publish@@AAE@XZ
??1?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAE@XZ
??1?$kxThreadBase@VLocker@kbase@@@kbase@@UAE@XZ
??1ReportHelper@business_publish@@UAE@XZ
??4?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEAAU012@ABU012@@Z
??_7?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxThreadBase@VLocker@kbase@@@kbase@@6B@
??_7ReportHelper@business_publish@@6B?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
??_7ReportHelper@business_publish@@6B?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AfterThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXH@Z
?AfterThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXH@Z
?BeginThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXXZ
?BeginThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXXZ
?GetHandle@?$kxThreadBase@VLocker@kbase@@@kbase@@QBEPAXXZ
?GetInstance@ReportHelper@business_publish@@SAPAV12@XZ
?Init@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXPAU?$_CallBack@VKSimpleDirectInfoc@@@12@K@Z
?Initialzie@ReportHelper@business_publish@@QAE_NW4ReportType@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Insert@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE_NABVKSimpleDirectInfoc@@@Z
?IsRunning@?$kxThreadBase@VLocker@kbase@@@kbase@@QAE_NXZ
?KCreateThread@?$kxThreadBase@VLocker@kbase@@@kbase@@SAPAXHP6GKPAX@Z0PAK0II@Z
?Kill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHXZ
?Kill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHXZ
?QueueThreadCallback@ReportHelper@business_publish@@MAEHKAAVKSimpleDirectInfoc@@@Z
?Report@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?ReportDirect@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?SetPriority@?$kxThreadBase@VLocker@kbase@@@kbase@@QAEHH@Z
?SetTimeOut@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXK@Z
?Start@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEHXZ
?StartThread@?$kxThreadBase@VLocker@kbase@@@kbase@@IAEHPAX@Z
?Thread@?$kxThreadBase@VLocker@kbase@@@kbase@@AAEIPAX@Z
?Uninitialize@ReportHelper@business_publish@@QAEXXZ
?WaitKill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHK@Z
?WaitKill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHK@Z
?size@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEIXZ
?threadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@CGIPAX@Z
?threadFunImpl@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEHKPAX@Z

Sections

.text
Size: 680KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5af35d01024e01f595d867c97bf007d8

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

wtsapi32

gdiplus

Exports

Exports

Sections

.text Size: 680KB - Virtual size: 676KB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 364KB - Virtual size: 363KB

.text
Size: 680KB - Virtual size: 676KB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 364KB - Virtual size: 363KB