53a666c9ac53a4bd1bfc5e46bdc0d400_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

53a666c9ac53a4bd1bfc5e46bdc0d400_NeikiAnalytics
Size

5.6MB
MD5

53a666c9ac53a4bd1bfc5e46bdc0d400
SHA1

63b33b4ba885c9f1c8cc955a8064610856c2ddff
SHA256

f71f8d5bd9c86125e8e9576a5a07d0c0274b0c1faeeae590b62d9d0c9a5d08cd
SHA512

c76606ce812787920b008b533780f82f3c27697f8fe3da444c33cc58ac49171eb43ed6fe5f0acbbc8438e1f93464f251cc3e8fc15f7d098931ee0d1c3c892820
SSDEEP

98304:gHLpZwCR2a7KIychd6ov0x9lm/dkD527BWG:gHLwCkIy+PISdkVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53a666c9ac53a4bd1bfc5e46bdc0d400_NeikiAnalytics

Files

53a666c9ac53a4bd1bfc5e46bdc0d400_NeikiAnalytics
.exe windows:5 windows x64 arch:x64

cb597019961a4d7b6be47acafdc04e26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\build02\workspace\TriglavBuild03.http\Baltrice\Programs\Output\Baltrice\x64\Release\CertMdul.pdb

Imports

boost_system

?generic_category@system@boost@@YAAEBVerror_category@12@XZ
?system_category@system@boost@@YAAEBVerror_category@12@XZ

kernel32

LoadLibraryW
WaitForSingleObject
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetComputerNameW
GetSystemInfo
GetUserDefaultUILanguage
ReadFile
GetVersionExW
GetProcAddress
DeleteFileW
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
CreateMutexW
Sleep
GetLongPathNameW
GlobalAddAtomW
lstrcmpiW
GetModuleHandleW
lstrlenW
InitializeCriticalSectionAndSpinCount
RaiseException
WaitForSingleObjectEx
ResetEvent
OpenEventA
RemoveDirectoryW
GetDiskFreeSpaceExW
FindClose
FindNextFileW
FindFirstFileW
TryEnterCriticalSection
FlushFileBuffers
SetEndOfFile
MapViewOfFile
CreateFileMappingW
EncodePointer
DecodePointer
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetVersion
GetFileType
WriteFile
GetCurrentDirectoryA
GetCurrentDirectoryW
UnmapViewOfFile
VirtualAlloc
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
GlobalMemoryStatusEx
GetFullPathNameA
GetFullPathNameW
GetLocalTime
GetSystemTime
GetWindowsDirectoryW
GetTempPathW
GetFileAttributesW
GetCurrentProcessId
CreateDirectoryW
FreeLibrary
LeaveCriticalSection
GlobalDeleteAtom
LoadLibraryA
EnterCriticalSection
DeleteCriticalSection
GlobalGetAtomNameW
InitializeCriticalSection
GetFileSize
GetLastError
SetFilePointer
GetStdHandle
GetCurrentProcess
DuplicateHandle
CreateFileW
CreateFileA
GetVersionExA
IsValidCodePage
WideCharToMultiByte
IsDBCSLeadByteEx
MultiByteToWideChar
SetEvent
CloseHandle
CreateEventA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetCurrentThreadId

advapi32

RegCreateKeyExW
ReportEventW
DeregisterEventSource
LookupAccountNameW
ConvertSidToStringSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegisterEventSourceW
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA

msvcp100

?is_current_task_group_canceling@Concurrency@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcr100

_strnicmp
strncpy
floorf
srand
strerror
qsort
_vsnwprintf
vfprintf
raise
realloc
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??3@YAXPEAX@Z
??0exception@std@@QEAA@AEBQEBDH@Z
isdigit
_time64
memchr
isxdigit
fclose
ferror
fread
fwrite
fflush
fopen
_setmode
_fileno
ftell
feof
fseek
fgets
_wfopen
getenv
tolower
isupper
sscanf
_gmtime64
fputs
signal
_getch
rand
memcpy
memmove
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_cexit
_exit
_XcptFilter
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_vscwprintf
vswprintf_s
sprintf_s
vsprintf_s
_purecall
??0exception@std@@QEAA@AEBV01@@Z
__CxxFrameHandler3
??2@YAPEAX_K@Z
_CxxThrowException
??8type_info@@QEBA_NAEBV0@@Z
??_V@YAXPEAX@Z
exit
fprintf
__iob_func
_wcsupr
_wcsicmp
_wcsnicmp
_wcslwr
memset
strlen
strncmp
strcmp
isspace
strtoul
_errno
strtol
memcmp
strchr
strstr
atoi
_aligned_malloc
_aligned_free
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?Yield@Context@Concurrency@@SAXXZ
??0missing_wait@Concurrency@@QEAA@XZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?CurrentContext@Context@Concurrency@@SAPEAV12@XZ
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
__uncaught_exception
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?Free@Concurrency@@YAXPEAX@Z
_setjmp
longjmp
_controlfp_s
??0exception@std@@QEAA@XZ
sqrt
fmod
modf
pow
__RTDynamicCast
cos
sin
ceilf
ceil
floor
_recalloc
wcsncpy_s
memcpy_s
free
malloc
wcsstr
__argc
__wargv
??9type_info@@QEBA_NAEBV0@@Z
sprintf
strtod
localeconv
abs
div
logf

imm32

ImmGetCompositionStringW
ImmNotifyIME
ImmGetContext
ImmSetOpenStatus
ImmGetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmSetCompositionFontW

psapi

GetProcessMemoryInfo

libjpeg

jpeg_start_compress
jpeg_write_scanlines
jpeg_finish_compress
jpeg_destroy_compress
jpeg_std_error
jpeg_CreateDecompress
jpeg_read_header
jpeg_start_decompress
jpeg_read_scanlines
jpeg_finish_decompress
jpeg_destroy_decompress
jpeg_write_marker
jpeg_resync_to_restart
jpeg_set_marker_processor
jpeg_set_defaults
jpeg_set_quality
jpeg_CreateCompress

libpng16

png_get_io_ptr
png_sig_cmp
png_get_pHYs
png_get_IHDR
png_read_info
png_set_read_fn
png_destroy_read_struct
png_create_info_struct
png_create_read_struct_2
png_read_end
png_free
png_read_image
png_get_rowbytes
png_malloc
png_create_write_struct_2
png_destroy_write_struct
png_set_write_fn
png_set_IHDR
png_set_compression_level
png_set_text
png_set_pHYs
png_write_info
png_set_filter
png_write_image
png_write_end
png_set_longjmp_fn
png_set_strip_16
png_set_packing
png_set_palette_to_rgb
png_read_update_info
png_set_interlace_handling
png_set_swap
png_set_swap_alpha
png_set_tRNS_to_alpha
png_get_valid
png_set_expand_gray_1_2_4_to_8

libtiff

TIFFOpenW
TIFFSetWarningHandler
TIFFSetWarningHandlerExt
TIFFSetErrorHandler
TIFFSetErrorHandlerExt
TIFFStripSize
TIFFNumberOfStrips
TIFFGetFieldDefaulted
_TIFFmalloc
_TIFFmemcpy
_TIFFfree
TIFFGetField
TIFFSetField
TIFFClose
TIFFScanlineSize
TIFFReadScanline
TIFFReadEncodedStrip
TIFFWriteEncodedStrip

comctl32

ord17

gdiplus

GdipDeleteStringFormat
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteFont
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipCloneBrush
GdipCreateFontFromLogfontW
GdipSetClipRect
GdipMeasureString
GdipDrawString
GdipTranslateWorldTransform
GdipGetImageGraphicsContext

rpcrt4

UuidFromStringW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

boost_thread

?yield@this_thread@boost@@YAXXZ
?cleanup@handle_manager@win32@detail@boost@@AEAAXXZ

zlib

ord10
ord7
ord23
ord22
ord6
ord20
ord19
ord21
ord4

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

user32

OpenClipboard
CloseClipboard
GetMessageExtraInfo
TrackMouseEvent
GetSystemMetrics
RegisterClipboardFormatW
PostThreadMessageW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MapVirtualKeyW
MonitorFromPoint
EnumDisplayMonitors
GetAsyncKeyState
CreateIconIndirect
DestroyCursor
FillRect
DrawTextW
SetClipboardData
SetWindowPos
SetWindowsHookExW
RemovePropW
PostMessageW
SendMessageW
GetMessageW
SendInput
SystemParametersInfoW
PostQuitMessage
CharNextW
GetKeyState
DispatchMessageW
TranslateMessage
PeekMessageW
SendNotifyMessageW
SetForegroundWindow
IsIconic
IsWindowVisible
FindWindowW
RegisterClassExW
UnregisterClassW
CreateWindowExW
DestroyWindow
SetClipboardViewer
SetPropW
GetPropW
GetWindowThreadProcessId
GetClassLongPtrW
GetWindow
DefWindowProcW
EndPaint
GetDlgCtrlID
BeginPaint
CallNextHookEx
IsZoomed
MonitorFromRect
GetMonitorInfoW
SetWindowPlacement
SetWindowTextW
MoveWindow
AdjustWindowRectEx
GetActiveWindow
UpdateWindow
ShowWindow
SetWindowLongPtrW
SetLayeredWindowAttributes
GetWindowLongPtrW
InvalidateRect
SetCursor
SetClassLongPtrW
GetCapture
ScreenToClient
WindowFromPoint
GetCursorPos
ReleaseCapture
SetCapture
GetFocus
SetFocus
KillTimer
ClientToScreen
GetAncestor
GetParent
ReleaseDC
UpdateLayeredWindow
GetWindowRect
GetDC
GetDlgItem
SetParent
GetWindowPlacement
MonitorFromWindow
GetClientRect
SetActiveWindow
LoadCursorW
SetTimer
EnableWindow
IsChild
FindWindowExW
UnhookWindowsHookEx
ChangeClipboardChain
SetWindowRgn

gdi32

CreateCompatibleBitmap
GetTextCharset
CreateBitmap
EnumFontFamiliesExW
CreateFontIndirectW
GetTextAlign
SetTextAlign
SetBkMode
SetTextColor
SetBkColor
TextOutW
GetObjectW
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject
StretchDIBits
CombineRgn
CreateRectRgn
SelectClipRgn
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject

shell32

SHGetFolderPathW
DragQueryPoint
DragFinish
SHAppBarMessage
DragQueryFileW

ole32

CoCreateGuid
RegisterDragDrop
CoInitializeEx
OleInitialize
RevokeDragDrop
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
ReleaseStgMedium
CoTaskMemAlloc

oleaut32

VarUI4FromStr

boost_date_time

??0greg_month@gregorian@boost@@QEAA@G@Z

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 398KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 616KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cb597019961a4d7b6be47acafdc04e26

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

boost_system

kernel32

advapi32

msvcp100

msvcr100

imm32

psapi

libjpeg

libpng16

libtiff

comctl32

gdiplus

rpcrt4

version

boost_thread

zlib

winmm

user32

gdi32

shell32

ole32

oleaut32

boost_date_time

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 398KB - Virtual size: 446KB

.pdata Size: 157KB - Virtual size: 157KB

.rsrc Size: 389KB - Virtual size: 388KB

.reloc Size: 616KB - Virtual size: 620KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 398KB - Virtual size: 446KB

.pdata
Size: 157KB - Virtual size: 157KB

.rsrc
Size: 389KB - Virtual size: 388KB

.reloc
Size: 616KB - Virtual size: 620KB