0672db55af6f589d39faec56d1cbb780_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

0672db55af6f589d39faec56d1cbb780_NeikiAnalytics
Size

413KB
MD5

0672db55af6f589d39faec56d1cbb780
SHA1

48eafcefbffdb10ee63d1aa1a20d58e6b50078e8
SHA256

7bc7adbc22b3219c141791926204f8422d55c1370e167fd3557ec572dd07d4f5
SHA512

3466d63ffcf63df171849da49475302fda55eaea3ba544fa01d766dcf103fd589113e012c6b915859c178009c5b5da12832d40e1082237a2b60961111bf90535
SSDEEP

12288:9/XnaPED6MeVMC9K4l28N9+OAtA5gs8yPW+Bi7boVsIpf:9/feM+yls8oHWCsi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0672db55af6f589d39faec56d1cbb780_NeikiAnalytics

Files

0672db55af6f589d39faec56d1cbb780_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

4900715ad5d780934493ac90c0e035cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
GetPrivateProfileSectionA
GlobalWire
LocalHandle
WritePrivateProfileStructW
GetAtomNameW
FillConsoleOutputCharacterW
EnumResourceNamesW
EnumResourceNamesA
CreateThread
lstrcpynA
SetThreadAffinityMask
MapViewOfFileEx
EnumCalendarInfoW
WaitForSingleObjectEx
GetLocaleInfoW
GetShortPathNameW
ReadFileEx
ReadConsoleInputA
FindAtomW
MulDiv
SetEnvironmentVariableW
TerminateThread
EnterCriticalSection
EraseTape
Heap32Next
RtlMoveMemory
HeapWalk
GetTimeFormatW
GetStringTypeExA
SetThreadPriority
GetLargestConsoleWindowSize
DeleteFileA
RemoveDirectoryW
ReleaseSemaphore
GetVersion
lstrcpyA
EnumDateFormatsA
GetConsoleCursorInfo
GetNumberFormatW
GetMailslotInfo
DosDateTimeToFileTime
GetFileType
SetConsoleTextAttribute
GetThreadPriority
WaitCommEvent
CreateSemaphoreW
GetLocalTime
SetEvent
DefineDosDeviceW
GetEnvironmentStringsW
TlsSetValue
GetDiskFreeSpaceExA
FindResourceExW
ReadConsoleW
SetConsoleCursorPosition
FoldStringW
EnumResourceLanguagesW
EnumResourceTypesA
CreateFileMappingW
ExitThread
lstrlen
SetConsoleOutputCP
SetLocaleInfoA
EnumSystemLocalesA
CreateRemoteThread
DisableThreadLibraryCalls
LocalSize
LockFileEx
GetConsoleTitleW
FreeResource
FindResourceA
GlobalSize
RtlZeroMemory
VirtualQueryEx
WritePrivateProfileStringA
GetCurrentDirectoryA

advapi32

LookupPrivilegeValueA
RegCreateKeyW
RegOpenKeyExW
CryptEnumProvidersW
RegSetValueA
RegEnumKeyExA
CryptDecrypt
CryptGetUserKey
CryptSignHashA
CryptDeriveKey
LogonUserA
RegSaveKeyW
CryptHashData
CryptEnumProviderTypesW
CryptEnumProviderTypesA
GetUserNameA
RegQueryValueExA
CreateServiceA
LookupPrivilegeNameA
CryptAcquireContextW
CryptHashSessionKey
RegCreateKeyA
AbortSystemShutdownW
CryptDuplicateHash
CryptSignHashW
RegOpenKeyA
RegReplaceKeyA
RegLoadKeyA
RegSetValueW
LookupSecurityDescriptorPartsW
RegQueryValueW
RegQueryMultipleValuesA
CryptReleaseContext
RevertToSelf
ReportEventW
RegRestoreKeyA
LookupPrivilegeValueW
LookupAccountNameA
CryptGetKeyParam
RegSetValueExA
RegDeleteValueW
StartServiceA
RegCloseKey
CryptDestroyKey
RegReplaceKeyW
RegQueryValueExW
InitiateSystemShutdownW
CryptGetDefaultProviderW
LookupAccountSidW
LookupPrivilegeDisplayNameA
CryptAcquireContextA
RegFlushKey
CryptEnumProvidersA
LookupAccountNameW

wininet

FindNextUrlCacheContainerA
InternetCombineUrlW
HttpOpenRequestW
LoadUrlCacheContent
FtpDeleteFileA
HttpQueryInfoW
InternetWriteFileExW
FtpPutFileW
InternetQueryOptionA
GetUrlCacheGroupAttributeW
UnlockUrlCacheEntryStream
InternetReadFile
InternetGetCookieA
DetectAutoProxyUrl
RunOnceUrlCache
GetUrlCacheEntryInfoA
SetUrlCacheEntryGroup
SetUrlCacheEntryInfoW
InternetTimeFromSystemTimeA
InternetGetLastResponseInfoW
InternetSetOptionExW
SetUrlCacheConfigInfoA
GetUrlCacheEntryInfoW
InternetSetDialStateA
InternetGetCertByURL
GopherFindFirstFileA
InternetGetConnectedStateEx
GopherCreateLocatorW
RetrieveUrlCacheEntryStreamA
FtpGetFileA
ShowSecurityInfo
FtpRenameFileA
FtpGetCurrentDirectoryA
RetrieveUrlCacheEntryFileA
InternetOpenW
InternetSetDialStateW
GopherOpenFileA
FindNextUrlCacheEntryW
GetUrlCacheEntryInfoExA
FtpDeleteFileW
InternetGetConnectedStateExW
FindFirstUrlCacheEntryA
CreateUrlCacheContainerW
InternetShowSecurityInfoByURLA
InternetDialW
InternetHangUp
FtpFindFirstFileW
HttpSendRequestW
InternetAlgIdToStringA
ShowClientAuthCerts
FindNextUrlCacheEntryA
FtpRemoveDirectoryW
ShowX509EncodedCertificate
InternetAlgIdToStringW
FtpCommandA
InternetOpenA
InternetConnectW
InternetGoOnlineA
InternetCheckConnectionA
FindNextUrlCacheContainerW
CommitUrlCacheEntryA
InternetDialA
InternetCanonicalizeUrlA
IncrementUrlCacheHeaderData
FindNextUrlCacheEntryExW
UrlZonesDetach
FtpGetFileEx
RegisterUrlCacheNotification
InternetGoOnlineW
FindFirstUrlCacheContainerW
FindNextUrlCacheEntryExA
FtpCreateDirectoryA
GetUrlCacheHeaderData
DeleteUrlCacheEntryA
InternetInitializeAutoProxyDll
GetUrlCacheGroupAttributeA
FtpGetFileSize
IsUrlCacheEntryExpiredA
InternetOpenUrlW
FtpCreateDirectoryW
InternetConfirmZoneCrossing
InternetQueryDataAvailable
InternetGetConnectedState
GopherFindFirstFileW
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
InternetCanonicalizeUrlW
InternetDial
InternetGoOnline
FindFirstUrlCacheEntryW
GopherGetAttributeA
InternetQueryOptionW
DeleteUrlCacheEntryW
HttpOpenRequestA
RetrieveUrlCacheEntryStreamW
GopherCreateLocatorA
InternetTimeToSystemTimeA
InternetLockRequestFile
DeleteUrlCacheContainerA
InternetCrackUrlW
GopherOpenFileW
SetUrlCacheHeaderData
SetUrlCacheGroupAttributeW
InternetCreateUrlA
FindFirstUrlCacheEntryExW
CommitUrlCacheEntryW
CreateUrlCacheContainerA
DeleteUrlCacheGroup
GopherGetAttributeW
HttpAddRequestHeadersW
DeleteUrlCacheEntry
FtpFindFirstFileA
InternetSetCookieA
DeleteUrlCacheContainerW
FreeUrlCacheSpaceW
GetUrlCacheConfigInfoA
InternetSetOptionW
DeleteIE3Cache
InternetTimeFromSystemTime
FtpRemoveDirectoryA
InternetCrackUrlA
InternetSetCookieW
FindNextUrlCacheGroup
HttpEndRequestW
FtpOpenFileA
InternetWriteFileExA
HttpAddRequestHeadersA
FindFirstUrlCacheContainerA
HttpSendRequestExW
InternetAutodial
InternetWriteFile
InternetAutodialHangup
FindFirstUrlCacheEntryExA
CreateUrlCacheGroup
InternetGetConnectedStateExA
SetUrlCacheConfigInfoW
IsUrlCacheEntryExpiredW

comdlg32

GetOpenFileNameA
GetSaveFileNameW
GetSaveFileNameA
ChooseFontA
PrintDlgW
GetFileTitleA
ReplaceTextA
PageSetupDlgW
PageSetupDlgA
ChooseColorA
PrintDlgA
ReplaceTextW
GetFileTitleW
ChooseColorW
FindTextA
LoadAlterBitmap
FindTextW
ChooseFontW

shell32

SHQueryRecycleBinA

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4900715ad5d780934493ac90c0e035cb

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

comdlg32

shell32

Sections

.text Size: 110KB - Virtual size: 110KB

.data Size: 281KB - Virtual size: 281KB

.reloc Size: 15KB - Virtual size: 14KB

.bss Size: 5KB - Virtual size: 5KB

.text
Size: 110KB - Virtual size: 110KB

.data
Size: 281KB - Virtual size: 281KB

.reloc
Size: 15KB - Virtual size: 14KB

.bss
Size: 5KB - Virtual size: 5KB