531c0e58867ab3ee054ec7eee710c330_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

531c0e58867ab3ee054ec7eee710c330_NeikiAnalytics
Size

5.7MB
MD5

531c0e58867ab3ee054ec7eee710c330
SHA1

f8f86c7eada36c0f474e8bb162bb58ad54d44f87
SHA256

4b3cafec56fdfa9ec266bfcda79f3c45b614b99842cd375eee79db849a2cd059
SHA512

f60fe710f8e786840dcce41f1bb64492993dcd0cd7c2dcfbe35a6545e7cf9ce4f93d74005f9aeef59c7c71d8dac3a424264265dc88078868f56e40608550927c
SSDEEP

98304:Moh8yCErZ31CXOS5zruaI6HMaJTtGbau6otnoq:RrJ1CXAaI6HMaJTtGbl6J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
531c0e58867ab3ee054ec7eee710c330_NeikiAnalytics

Files

531c0e58867ab3ee054ec7eee710c330_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

ee005bc21d8cf9a6dfb3997d54d47530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueA
RegDeleteValueA
CreateWellKnownSid
CheckTokenMembership
RegGetValueA
OpenThreadToken
OpenProcessToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
EqualSid
RegNotifyChangeKeyValue
RevertToSelf
EventWrite

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize
IIDFromString
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoInitializeEx

oleaut32

VariantClear
VariantInit

gdi32

GetDeviceCaps

iphlpapi

GetAdaptersInfo

kernel32

GetCommandLineW
GetCommandLineA
SetStdHandle
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetOEMCP
ExitProcess
GetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
GetEnvironmentStringsW
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetCurrentProcess
GetModuleHandleExW
GetLastError
CompareStringEx
GetProcAddress
FreeLibrary
IsWow64Process
MultiByteToWideChar
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
SetLastError
DeactivateActCtx
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
QueryActCtxW
OutputDebugStringA
LocalFree
FindClose
UnmapViewOfFile
CreateFileA
CloseHandle
GetFileSize
CreateFileMappingW
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FormatMessageA
LocalAlloc
CreateEventExW
GlobalMemoryStatusEx
RaiseException
LoadLibraryExW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
WideCharToMultiByte
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
OpenProcess
GetExitCodeProcess
GetProcessTimes
GetTickCount64
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
GetCurrentProcessId
GetUserDefaultLocaleName
IsValidCodePage
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetCPInfoExW
GetDiskFreeSpaceExW
CreateFileW
VirtualProtect
GetComputerNameW
FormatMessageW
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
ReleaseMutex
CreateMutexExW
OpenMutexW
WaitForSingleObjectEx
QueryUnbiasedInterruptTime
GetCurrentThreadId
ResetEvent
SetEvent
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateEventW
WaitForSingleObject
CreateThread
WaitForMultipleObjectsEx
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
GetUserGeoID
GetLocaleInfoEx
LCIDToLocaleName
LocaleNameToLCID
GetLocaleInfoW
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
IsValidLocale
ExpandEnvironmentStringsW
ReadFile
LockResource
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetFileAttributesA
GetFileAttributesW
LoadLibraryExA
LCMapStringEx
GetSystemDefaultLCID
GetTempPathW
GetLongPathNameW
GetFinalPathNameByHandleW
FindFirstFileExW
DeleteFileW
FindNextFileW
GetFileType
SetFilePointerEx
SetFilePointer
GetOverlappedResult
GetFileTime
GetFileAttributesExW
SetFileInformationByHandle
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
GetSystemPowerStatus
GetTimeZoneInformation
AreFileApisANSI
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
OutputDebugStringW
FlushViewOfFile
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetFileSizeEx
CreateDirectoryW
K32GetProcessMemoryInfo
GetCurrentThread
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
CreateFileMappingA
GlobalAlloc
GlobalFree
SetFileTime
CancelIoEx
GetTempFileNameW
GetPhysicallyInstalledSystemMemory
GetProductInfo
QueryPerformanceFrequency
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
IsDebuggerPresent
WaitForMultipleObjects
GetStartupInfoW
CreateMemoryResourceNotification
IsSystemResumeAutomatic
RtlCaptureContext
SwitchToThread
FindFirstFileW
ProcessIdToSessionId
GetExitCodeThread
GetPriorityClass
VirtualQuery
GetLocalTime
DeviceIoControl
EncodePointer
GetFileInformationByHandleEx
TryAcquireSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
RtlPcToFileHeader

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee005bc21d8cf9a6dfb3997d54d47530

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ole32

oleaut32

gdi32

iphlpapi

kernel32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 107KB - Virtual size: 140KB

.pdata Size: 140KB - Virtual size: 140KB

.didat Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 280KB - Virtual size: 280KB

.reloc Size: 612KB - Virtual size: 616KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 107KB - Virtual size: 140KB

.pdata
Size: 140KB - Virtual size: 140KB

.didat
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 280KB - Virtual size: 280KB

.reloc
Size: 612KB - Virtual size: 616KB