a8edf630c6ef7722ea32b26ec87b8670_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

a8edf630c6ef7722ea32b26ec87b8670_NeikiAnalytics
Size

364KB
MD5

a8edf630c6ef7722ea32b26ec87b8670
SHA1

af488ecf7444cee18df734851e9255fb6a2e48e3
SHA256

f815c847fb22ac83a0f9cc1481cd8a2b08021b1f1f3fb714e15f825da8bb4fdd
SHA512

bb4fc82ba0e619bd402fe4b22b0a938cee6cf8e2e6a54062ca4c13e16bab98cf0d6d49cc846ed3f28dfe37e4c059965760bd73af347f1d95ea78da65b68dd255
SSDEEP

6144:QAvgoPebYfs7NxcyLn7dX9K1RBef84CYgRx6M2mJ7MDBkKmRdVuXP0L0QpwwdH9n:QAvgombYfs7we8Bc844xR2mpM9k5RdVN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8edf630c6ef7722ea32b26ec87b8670_NeikiAnalytics

Files

a8edf630c6ef7722ea32b26ec87b8670_NeikiAnalytics
.dll regsvr32 windows:4 windows x86 arch:x86

6df230e4eb1d704df0a17dff2a8316e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
LoadLibraryA
GetVersionExA
RaiseException
GetFileSize
ReadFile
CloseHandle
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FreeLibrary
InterlockedExchange
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrlenA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
GetSystemDefaultLCID

gdi32

GetTextColor
GetBkMode
SetTextColor
SetBkMode
MoveToEx
LineTo
TextOutW
CreatePen
GetStockObject
GetDeviceCaps
SelectObject
CreateSolidBrush
Rectangle
CreatePalette
SelectPalette
RealizePalette
DeleteObject

user32

GetClientRect
IsRectEmpty
SetRectEmpty
UnregisterClassA
ShowWindow
GetParent
IsWindowEnabled
GetActiveWindow
SendMessageA
IsChild
IsWindowVisible
DestroyWindow
MapWindowPoints
SetWindowPos
OffsetRect
BringWindowToTop
EndDialog
IsWindowUnicode
EnableWindow
GetWindowRect
ScreenToClient
MoveWindow
FillRect
IsWindow
SetScrollPos
GetDlgItem
EnumChildWindows
GetSysColorBrush
SetFocus
BeginPaint
GetSysColor
InflateRect
GetFocus
DrawFocusRect
EndPaint
GetDC
InvalidateRect
ReleaseDC

comctl32

ImageList_Destroy

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

OleRun
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarBstrCat
VariantCopy
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi

msvcr70

wcscat
towlower
wcsncmp
_wcsnicmp
vswprintf
_vscwprintf
wcschr
wcsstr
wcscmp
memmove
_purecall
realloc
free
wcsrchr
_except_handler3
wcslen
memset
wcsncpy
wcstoul
_wcsicmp
wcscpy
swprintf
??2@YAPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
_initterm
_adjust_fdiv
__dllonexit
_onexit
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6df230e4eb1d704df0a17dff2a8316e4

Headers

File Characteristics

Imports

kernel32

gdi32

user32

comctl32

advapi32

ole32

oleaut32

msvcr70

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 85KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 248KB - Virtual size: 248KB

.text
Size: 88KB - Virtual size: 85KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 248KB - Virtual size: 248KB