cbd9578ad8f576b39ea992b71d5001d0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

cbd9578ad8f576b39ea992b71d5001d0_NeikiAnalytics
Size

2.5MB
MD5

cbd9578ad8f576b39ea992b71d5001d0
SHA1

a81c5447945e17aad51dcb461cc13d8a79bc74e9
SHA256

5db7f4960bb257cf1423d830e0f975cdd2d39379282929b0ffa86ba64e968a0f
SHA512

02ff426d5b34b2d79185ce418d7562c50da4b08a2d40a8cb5f4665a9b366b328069b6b777fc2c97c0641b48397876107deafb0781388850089713da07eee248e
SSDEEP

49152:3cZF6DV6VPGFaPn3B5slaYExpawLJSKC03V3hIPjMzb0I4vFPvTLMgS9cGbIRM:3cnsVpFwZYpwLJSKCAI7M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbd9578ad8f576b39ea992b71d5001d0_NeikiAnalytics

Files

cbd9578ad8f576b39ea992b71d5001d0_NeikiAnalytics
.exe windows:1 windows x86 arch:x86

bc57adb982deb8529b4090a6ca4e63b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
SetEnvironmentVariableA
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
CreateFileA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
GetModuleFileNameA
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
RaiseException
ExitProcess
LoadLibraryA
GetProcAddress
GetFileType
GetStdHandle
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetVersion
GetCommandLineA
GetEnvironmentStrings
GetStartupInfoA
GetModuleHandleA
GetFileAttributesA
GetLastError
RtlUnwind
LocalAlloc
LocalFree
SetFileAttributesA
WinExec
GetPrivateProfileStringA
GlobalMemoryStatus
GetWindowsDirectoryA
Sleep
GetDiskFreeSpaceA
GetDriveTypeA
lstrlenA
GetCurrentThreadId
SetLastError
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
FatalAppExitA
_lwrite
_llseek
_lread
GetFileSize
GetLocalTime
GetCurrentDirectoryA
GetFullPathNameA
GetLogicalDrives
DeleteFileA
GetTimeZoneInformation

user32

OemToCharBuffA
FillRect
SetRect
GetSystemMetrics
ScrollDC
MessageBoxA
OemToCharA
PeekMessageA
TranslateMessage
DispatchMessageA
CharToOemA
RegisterWindowMessageA

gdi32

SetBitmapDimensionEx
CreateRectRgn
CreateCompatibleBitmap
SelectClipRgn
CreateCompatibleDC
GetCharWidthA
GetTextMetricsA
GetTextCharacterExtra
SetPixel
Polygon
Rectangle
CombineRgn
SetViewportOrgEx
CreateRectRgnIndirect
IntersectClipRect
ExtTextOutA
GetBitmapDimensionEx
BitBlt
CreatePen
SetROP2
CreateSolidBrush
RectVisible
Ellipse
DeleteDC
GetObjectA
GetDIBits
StretchDIBits
MoveToEx
LineTo
GetTextExtentPointA
DeleteObject
CreateFontIndirectA
SelectObject
SetTextAlign
StartDocA
AbortDoc
TextOutA
StartPage
GetDeviceCaps
SaveDC
RestoreDC
EndPage
EndDoc
SetBkMode
PtVisible
GetStockObject
SetTextColor
CreateBrushIndirect
SetBkColor

comdlg32

PrintDlgA

pt30an20

ord623
ord847
ord397
ord445
ord897
ord782
ord441
ord9
ord722
ord554
ord785
ord928
ord461
ord190
ord159
ord294
ord118
ord265
ord962
ord776
ord310
ord823
ord12
ord325
ord503
ord938
ord305
ord469
ord410
ord556
ord636
ord656
ord621
ord773
ord944
ord956
ord935
ord755
ord912
ord918
ord389
ord365
ord820
ord117
ord286
ord147
ord806
ord809
ord501
ord941
ord857
ord411
ord637
ord585
ord811
ord943
ord955
ord934
ord752
ord427
ord464
ord799
ord798
ord376
ord375
ord726
ord725
ord920
ord919
ord863
ord643
ord835
ord388
ord967
ord986
ord969
ord961
ord183
ord6
ord532
ord639
ord589
ord813
ord945
ord957
ord534
ord758
ord432
ord472
ord803
ord802
ord381
ord380
ord730
ord729
ord925
ord924
ord865
ord647
ord839
ord390
ord968
ord988
ord974
ord272
ord131
ord812
ord936
ord756
ord431
ord470
ord801
ord800
ord379
ord378
ord728
ord727
ord922
ord921
ord864
ord987
ord973
ord267
ord121
ord640
ord555
ord666
ord551
ord391
ord586
ord610
ord644
ord978
ord981
ord970
ord963
ord836
ord975
ord189
ord11
ord466
ord867
ord807
ord412
ord638
ord657
ord584
ord270
ord126

sv221mn

ord1526
ord729
ord1496
ord2259
ord724
ord991
ord660
ord822
ord1499
ord1883
ord899
ord901
ord1621
ord820
ord2256
ord1986
ord2116
ord1552
ord1551
ord2176
ord1807
ord2271
ord766
ord2274
ord1958
ord1210
ord1230
ord1227
ord1225
ord1978
ord1224
ord1383
ord1358
ord1195
ord1231
ord1219
ord1550
ord99
ord1620
ord76
ord73
ord1199
ord2086
ord1862
ord1951
ord104
ord119
ord137
ord121
ord1928
ord1878
ord1029
ord1658
ord1674
ord1027
ord1663
ord1619
ord79
ord1080
ord1660
ord1428
ord136
ord2202
ord1360
ord1136
ord2229
ord2232
ord2227
ord2238
ord1120
ord1929
ord1131
ord455
ord1525
ord1524
ord92
ord1806
ord1581
ord1362
ord1398
ord1407
ord1233
ord1232
ord1359
ord1222
ord1810
ord1962
ord1403
ord1399
ord1411
ord1408
ord1410
ord1400
ord1193
ord1501
ord1917
ord1767
ord1920
ord1764
ord1916
ord1578
ord1579
ord2191
ord2188
ord1980
ord2211
ord2210
ord1238
ord2289
ord1907
ord1781
ord2120
ord2117
ord2293
ord2291
ord2275
ord1528
ord1529
ord1511
ord1494
ord1488
ord2255
ord2270
ord1473
ord1937
ord2312
ord1824
ord1107
ord587
ord2305
ord580
ord578
ord2304
ord1026
ord93
ord2315
ord2311
ord2309
ord2310
ord1934
ord1820
ord1783
ord2167
ord1772
ord1388
ord1932
ord2265
ord2031
ord1354
ord1379
ord1449
ord1447
ord1452
ord2068
ord2072
ord2073
ord72
ord65
ord71
ord64
ord66
ord62
ord678
ord847
ord647
ord832
ord2127
ord1404
ord934
ord762
ord2175
ord910
ord2165
ord1476
ord1391
ord1394
ord1374
ord1373
ord1375
ord1114
ord1523
ord1517
ord1577
ord1350
ord1353
ord1471
ord1474
ord404
ord1382
ord1355
ord411
ord1507
ord1527
ord1505
ord1516
ord1515
ord1492
ord1348
ord1402
ord1361
ord1146
ord1390
ord1825
ord2258
ord2268
ord2269
ord2264
ord2262
ord2245
ord2254
ord1886
ord2272
ord2186
ord2190
ord2244
ord988
ord1869
ord1508
ord1497
ord1887
ord1627
ord1646
ord89
ord90
ord1774
ord1776
ord1872
ord1855
ord1817
ord140
ord1622
ord1623
ord1624
ord102
ord2085
ord1822
ord1587
ord2088
ord1097
ord1947
ord1843
ord1939
ord1950
ord1941
ord1949
ord2248
ord2136
ord2296
ord2134
ord2166
ord1851
ord2015
ord2024
ord2043
ord2027
ord2034
ord2018
ord2257
ord2263
ord1773
ord2246
ord1984
ord1345
ord1369
ord2219
ord1971
ord1826
ord1982
ord2260
ord2261
ord1832
ord2212
ord2140
ord1845
ord1884
ord1970
ord1956
ord2200
ord2131
ord2125
ord2129
ord2278
ord46
ord54
ord1427
ord1844
ord1823
ord1849
ord2204
ord1961
ord1840
ord1867
ord1865
ord1866
ord1863
ord1870
ord1877
ord1868
ord1837
ord1864
ord1876
ord386
ord1396
ord1908
ord1976
ord1999
ord384
ord382
ord123
ord130
ord128
ord139
ord132
ord81
ord37
ord388
ord85
ord1545
ord1546
ord101
ord1831
ord1871
ord1905
ord1909
ord1969
ord1775
ord2111
ord2297
ord2282
ord1346
ord1441
ord83
ord390
ord1349
ord105
ord1153
ord1885
ord78
ord2273
ord1666
ord1586
ord1457
ord1252
ord1395
ord1273
ord1274

pttmn20

ord45
ord110
ord246
ord269
ord109
ord41
ord29
ord70
ord90
ord79
ord206
ord43
ord114
ord288
ord291
ord328
ord21
ord373
ord301
ord250
ord84
ord300
ord282
ord50
ord91
ord89
ord47
ord24
ord69
ord40
ord49
ord52
ord73
ord44
ord72
ord46

tl221mn

ord167
ord466
ord727
ord208
ord740
ord672
ord170
ord244
ord159
ord658
ord689
ord180
ord179
ord247
ord168
ord684
ord661
ord214
ord212
ord440
ord492
ord240
ord71
ord379
ord224
ord252
ord174
ord203
ord177
ord221
ord185
ord598
ord716
ord158
ord685
ord596
ord683
ord726
ord143
ord744
ord698
ord675
ord681
ord695
ord737
ord731
ord219
ord144
ord129
ord184
ord141
ord721
ord644
ord722
ord218
ord160
ord183
ord382
ord380
ord245
ord381
ord140
ord242
ord235
ord234
ord246
ord243
ord241
ord251
ord233
ord232
ord225
ord227
ord162
ord173
ord656
ord510
ord673
ord666
ord146
ord133
ord236
ord643
ord676
ord649
ord642
ord646
ord156
ord166
ord172
ord152
ord199
ord132
ord163
ord207
ord150
ord161
ord127
ord154
ord181
ord690
ord691
ord148
ord377
ord128
ord139
ord353
ord378
ord134
ord408
ord477
ord521
ord130
ord125
ord412
ord136
ord138
ord137
ord142

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc57adb982deb8529b4090a6ca4e63b4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

pt30an20

sv221mn

pttmn20

tl221mn

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.bss Size: - Virtual size: 6KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 48KB - Virtual size: 47KB

.idata Size: 64KB - Virtual size: 64KB

.rsrc Size: 561KB - Virtual size: 560KB

.reloc Size: 88KB - Virtual size: 88KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.bss
Size: - Virtual size: 6KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 48KB - Virtual size: 47KB

.idata
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 561KB - Virtual size: 560KB

.reloc
Size: 88KB - Virtual size: 88KB