52dfe3ecc24041ab0b4b5f5d6ad2ce90_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

52dfe3ecc24041ab0b4b5f5d6ad2ce90_NeikiAnalytics
Size

908KB
MD5

52dfe3ecc24041ab0b4b5f5d6ad2ce90
SHA1

02f2059245fe99fa449049664dec92af2c1d76d8
SHA256

8555c64971b707274db49d6d93291af31659e4d416b43d2d18dff60bd970245c
SHA512

335328b6b9cbeae77a0ccb9fa1751455763f4ed59f281d5edb40497ca23c6e5fdd87ee97334d8db468dac29465774b5d17c879ec6d2c1d63ddd59ba15e800c82
SSDEEP

3072:DclpEfJi9XXwLKjOcDr56s/c/0+DjBWZjbfgKxm70ezW8lMrSP/KEJj:DSdALzcDrQv3EUQClP/KEJj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52dfe3ecc24041ab0b4b5f5d6ad2ce90_NeikiAnalytics

Files

52dfe3ecc24041ab0b4b5f5d6ad2ce90_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

f37f560fd25f86bfe25cd8fcc53cf3b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

digiflow.exe

_M_BASIC_mp_SETINTERACTIVESERVERHANDLER@12
_M_BASIC_mp_ADDIMAGESERVER$SHORT@16
_M_SIMPLE_mp_GETVIEWINFO@4
_M_MIDDLE_mp_GETTHREADPTR@8
_M_MIDDLE_mp_STARTTIMER$THREAD@12
_M_MIDDLE_mp_CONTINUETHREAD$THREAD@8
_M_MIDDLE_mp_STEPTIME$IMAGE@12
_M_MIDDLE_mp_WAITFORTIMER$THREAD@8
_M_SIMPLE_mp_GETGLOBALVARIABLES@4
_M_SIMPLE_mp_INITIALISEIMAGE$IMAGE@4
ReadImage_Selector
_M_SIMPLE_mp_CREATEIMAGE$IMAGESIZE$ACCESS@72
_M_MIDDLE_mp_SHOWIMAGE$HANDLE@8
_M_BASIC_mp_SETVIEWTIME$SELECTOR@8
_M_MIDDLE_mp_TIMEFROMFRAME$IMAGE@8
_M_LIB_mp_UPDATECONTROL$IDC@8
_M_MIDDLE_mp_STOPTHREAD$ID@8
_M_SIMPLE_mp_DESTROYIMAGE@4
_M_MIDDLE_mp_CLOSEVIEW$HANDLE@8
_M_LIB_mp_DESTROYDIALOG@4
_M_MIDDLE_mp_TOLIMITTIME$IMAGE@8
_M_BASIC_mp_INITIALISEIMAGESERVER@24
_M_LIB_mp_CREATEDIALOG@48
_M_LIB_mp_CREATEDIALOG_ADDFUNCTION$@12
_M_LIB_mp_CREATECONTROL_INTEGEREDIT@52
_M_LIB_mp_CREATECONTROL_REALEDIT@56
_M_LIB_mp_CREATECONTROL_TRACKBAR$REAL@72
_M_LIB_mp_CREATECONTROL_TRACKBAR$INTEGER@64
_M_LIB_mp_CREATECONTROL_SPINCONTROL@36
_M_LIB_mp_CREATECONTROL_ADDFUNCTION$@20
_M_LIB_mp_CREATECONTROL_CHECKBOX@56
_M_LIB_mp_CREATECONTROL_PUSHBUTTON$@44
_M_LIB_mp_CREATECONTROL_RADIOGROUP@12
_M_LIB_mp_CREATECONTROL_RADIOBUTTON@48
_M_LIB_mp_PROCESSDIALOG@20
_M_MIDDLE_mp_SLEEPFOR$RTIME@4
_M_BASIC_mp_PROCESSDATA_INITIALISE@12
_M_BASIC_mp_PROCESSDATA_INPUTSERVER@48
_M_BASIC_mp_PROCESSDATA_OPTION@60
_M_MIDDLE_mp_NEWVIEW$IMAGE@32
_M_BASIC_mp_SETVIEWCOLOURS$NAME@24
_M_MIDDLE_mp_CREATETHREAD$THREAD@60
_M_MIDDLE_mp_STARTTHREAD$ID@4
_M_LIB_mp_CREATECONTROL_INPUTIMAGE@100
_M_BASIC_mp_GETSERVERSELECTOR$NAME@16
_M_SIMPLE_mp_CANUSE$SELECTOR@4
_M_SIMPLE_mp_COPYIMAGE$IMAGEACCESS@24
_M_SIMPLE_mp_SETIMAGERANGE$BLACKWHITE@16
_M_MIDDLE_mp_SETTIMESTEP$SELSTEP@8
_M_MIDDLE_mp_THREADRUNNING$ID@4
_M_MIDDLE_mp_THREADISPAUSED$ID@4
_M_MIDDLE_mp_UNPAUSETHREAD$ID@4
_M_MIDDLE_mp_CHANGETHREADROUTINE$ID@8
_M_MIDDLE_mp_SETTIMESTEPDIRECTION$IMAGE@8
_M_MIDDLE_mp_ADDWINDOWTOTHREAD$IDINFO@8
_R_CREATEVALUES_mp_OPTIONALORDEFAULT$LOGICAL@8
_M_MIDDLE_mp_PAUSETHREAD$ID@4
_M_MIDDLE_mp_SELECTTIME$IMAGE$INDEX@12
_M_LIB_mp_ENABLEMOVIEBAR@8
_M_MIDDLE_mp_SETTIMERPERIOD$IDPERIOD@12
_M_MIDDLE_mp_NOWAITFORTIMER$ID@4
_M_LIB_mp_GETCONTROLFROMID$DLGIDC@12
_M_MIDDLE_mp_ADDCOLOURSCHEME$STRING@16
_M_LIB_mp_SELECTCOLOURSCHEME@8
_M_MIDDLE_mp_DELETECOLOURSCHEME$STRING@8
_M_LIB_mp_SETVIEWCURSORSTATES@0
_M_SIMPLE_mp_SETUPSELECTOR$SELFILE@52
_M_BASIC_mp_OPENIMAGE$SELECTORCTRL@48
_M_MIDDLE_mp_WRITEIMAGE$IMAGESELECTOR@12

kernel32

SetEvent
SwitchToThread
WaitForMultipleObjects
CloseHandle
CreateEventA
VirtualAlloc
VirtualFree
GetLastError
GetStdHandle
FormatMessageA
DebugBreak
RaiseException
FreeLibrary
SetLastError
GetCurrentThread
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetModuleFileNameA
VirtualQuery
MapViewOfFile
CreateFileMappingA
CreateFileA
GetModuleHandleA
SetEndOfFile
SetFilePointer
WriteFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentThreadId
Sleep
InterlockedExchange
GetVersionExA
GetACP
SetErrorMode
SetConsoleCtrlHandler
GetCommandLineA
DeleteFileA
SetThreadPriority
CreateProcessA
GetFileType
ReadFile
GetTempFileNameA
GetTempPathA
GetFullPathNameA
FlushFileBuffers
HeapFree
HeapAlloc
GetVersion
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
RtlUnwind
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetEnvironmentVariableA
HeapDestroy
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEnvironmentVariableA
CompareStringA
CompareStringW
SetStdHandle

user32

SendMessageA

Exports

Exports

SETFEATUREENTRYPOINTS
_SETFEATUREENTRYPOINTS@24

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 724KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f37f560fd25f86bfe25cd8fcc53cf3b1

Headers

File Characteristics

Imports

digiflow.exe

kernel32

user32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 724KB - Virtual size: 772KB

.tls Size: 4KB - Virtual size: 56B

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 724KB - Virtual size: 772KB

.tls
Size: 4KB - Virtual size: 56B

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 16KB - Virtual size: 12KB