1b7e3d678a997f322fa4d87307fcb9a0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

1b7e3d678a997f322fa4d87307fcb9a0_NeikiAnalytics
Size

59KB
MD5

1b7e3d678a997f322fa4d87307fcb9a0
SHA1

4271f1d0b2e747b21cbbe9bca1377c636eb78531
SHA256

603e5581882fb3f588dc3d59ea18ce4c3c5607514229244109bdd86e361aee55
SHA512

c4d38374fe7e046aecc08c168f325eff502a937b0702666a93c0705ed05ed5730864fb376bdd404ac6f4cda4c60692e6b4570039d657b7bdd8aa4b7eca49586a
SSDEEP

1536:eQxFBdL2im3Dnfsugg01iHlhjKXGfxwS3AfhE:efR373gg0eheWfxkZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b7e3d678a997f322fa4d87307fcb9a0_NeikiAnalytics

Files

1b7e3d678a997f322fa4d87307fcb9a0_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

488a040ff5f901dbfd2a7962083e3d7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

freetype

FT_Done_FreeType
FT_Vector_From_Polar
FT_Outline_Embolden
FT_Outline_Get_Orientation
FTC_Manager_LookupSize
FTC_ImageCache_New
FT_Atan2
FTC_Manager_LookupFace
FT_Outline_Transform
FT_Library_SetLcdFilter
FT_DivFix
FT_Cos
FTC_ImageCache_Lookup
FTC_CMapCache_Lookup
FT_Glyph_To_Bitmap
FT_Angle_Diff
FT_Select_Charmap
FT_Init_FreeType
FTC_Manager_New
FT_Done_Face
FT_Get_Kerning
FT_Done_Glyph
FT_Load_Sfnt_Table
FT_Open_Face
FT_Glyph_Copy
FTC_CMapCache_New
FT_RoundFix
FTC_Manager_Done
FT_Get_Charmap_Index

kernel32

MultiByteToWideChar
SetLastError
ResumeThread
GetModuleHandleW
GetPrivateProfileStringW
GetVersionExW
LeaveCriticalSection
GetModuleFileNameW
GetStartupInfoW
IsDBCSLeadByte
GetPrivateProfileIntW
EnterCriticalSection
GetPrivateProfileSectionW
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetThreadContext
SetThreadContext
FindResourceW
LoadResource
GetEnvironmentStringsW
VirtualFreeEx
FlushInstructionCache
VirtualAllocEx
LockResource
GetModuleHandleA
FreeEnvironmentStringsW
WriteProcessMemory
MulDiv
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CloseHandle
VirtualQuery
GetCurrentProcess
GetProcAddress
VirtualProtect
InterlockedCompareExchange
GetLastError
VirtualAlloc
GetCurrentThreadId
SuspendThread
GetSystemTimeAsFileTime
TlsFree
TlsAlloc
DeleteCriticalSection
InterlockedExchange
RaiseException
CreateProcessA
TlsSetValue
InitializeCriticalSection
GetCurrentThread
CreateProcessW
TlsGetValue
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WritePrivateProfileStringW

user32

DrawStateW
GetSysColor
IntersectRect
OffsetRect
DrawTextW
ReleaseDC
GetDC
CallNextHookEx
DrawStateA

msvcrt

memmove
free
??3@YAXPAX@Z
setlocale
??2@YAPAXI@Z
calloc
wcslen
realloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
malloc
_wcsnicmp
_wcsdup
_except_handler3
_CIpow
towlower
_wcsicmp
wcschr
_getmbcp

gdi32

TextOutA
TextOutW
GetTextExtentPointA
CreateFontW
GetTextExtentPointW
GetCharWidth32W
GetFontData
GetCharWidthI
CreateDIBSection
CreateCompatibleDC
EnumFontFamiliesW
MoveToEx
BitBlt
GetTextMetricsW
SetTextColor
GetBkMode
GetDeviceCaps
GetCurrentObject
SetBkColor
SetBkMode
SelectObject
GetOutlineTextMetricsW
GetTextCharacterExtra
GetBkColor
GetCurrentPositionEx
GetObjectW
GetTextAlign
GetCharABCWidthsW
SetTextCharacterExtra
GetTextFaceW
SetTextAlign
ExtTextOutW
DeleteObject
CreateFontIndirectA
CreateFontA
CreateFontIndirectW
DeleteDC
GetCharWidthW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextColor
GetStockObject
ExtTextOutA

detoured

Detoured

Exports

Exports

DllGetVersion
GetMsgProc

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

488a040ff5f901dbfd2a7962083e3d7e

Headers

File Characteristics

Imports

freetype

kernel32

user32

msvcrt

gdi32

detoured

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB