67813e0438882642767fa8b552b0fc80_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

67813e0438882642767fa8b552b0fc80_NeikiAnalytics
Size

696KB
MD5

67813e0438882642767fa8b552b0fc80
SHA1

bf9db7096cc4a5c72f301e127f6a32a677c9c171
SHA256

beacfa2fd5643dad4dafe825eda2b2ab798146bfb16134a9ecb23913724e6dd7
SHA512

ef9089d8859d9d2fff9b18608acf3c4d43c7161e6ec4a3cc15c5a5e198ad092b410b6325df80e6fb32c6c7026a273e18ef03fb1aeb7e8d0d8a7ea1005be257a6
SSDEEP

12288:FCLtorakCGqEBhNCl12ho1OEpmTcVjQNXK96IEj97Z1lInSdbqvyMcl7p:cLOGkCqNLho1OEpmTBXK92v1WnSdDl7p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67813e0438882642767fa8b552b0fc80_NeikiAnalytics

Files

67813e0438882642767fa8b552b0fc80_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

2aba1c371f620a56bdbe19b96ab89987

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\jenkins\workspace\Win-PCCS-3.13-Daily\Output\PDB\release\ServiceLayer.pdb

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

pccs_dbengine

sqlite3_prepare16
sqlite3_column_text16
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_blob
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_int64
sqlite3_open16
sqlite3_prepare
sqlite3_errcode
sqlite3_close
sqlite3_step
sqlite3_column_count
sqlite3_column_text
sqlite3_finalize
sqlite3_exec
sqlite3_column_type
sqlite3_bind_text16

kernel32

InitializeCriticalSectionAndSpinCount
IsBadCodePtr
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
CloseHandle
CreateFileW
GetProcAddress
GetModuleHandleW
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
DeleteFileW
GetProcessHeap
HeapFree
HeapSize
HeapValidate
FindFirstFileW
FindClose
SetFileAttributesW
MultiByteToWideChar
HeapAlloc
GetModuleHandleA
GetCurrentProcess
GetVersionExW
GetSystemDirectoryW
GetModuleFileNameW
lstrlenW
CreateDirectoryW
CreateMutexW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FreeLibrary
lstrcmpiW
RaiseException
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
DisconnectNamedPipe
CancelIo
ResetEvent
GetLastError
PeekNamedPipe
CreateEventW
ConnectNamedPipe
SetEvent
TerminateThread
GetTickCount
ExitThread
CreateThread
SetThreadPriority
CreateNamedPipeW
TerminateProcess
DeviceIoControl
WideCharToMultiByte
GetSystemTime
FileTimeToSystemTime
FindNextFileW
GetSystemTimeAsFileTime
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
LocalFree
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentThread
lstrcpyW
GetCommandLineW
OpenEventW
PurgeComm
SetCommMask
SetCommState
GetCommState
HeapReAlloc
LoadLibraryA
CreateEventA
OpenEventA
EncodePointer
MoveFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetFullPathNameW
GetFileInformationByHandle
GetFileType
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
DecodePointer
GetFileAttributesW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
ExitProcess
GetStdHandle
GetCPInfo
GetACP
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
RtlUnwind
CompareStringW
GetOverlappedResult
SetEnvironmentVariableA

user32

CharUpperBuffW
wsprintfW
MessageBoxExW
UnregisterClassW
DestroyWindow
PostMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
CharNextW
LoadStringW

advapi32

RegOpenKeyExA
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
DeleteService
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenThreadToken
GetTokenInformation
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorGroup
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenCurrentUser
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
OpenProcessToken
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
CreateProcessAsUserW
RegQueryValueExA

shell32

SHGetFolderPathW

ole32

CoCreateGuid
CoTaskMemAlloc
CoInitializeSecurity
StringFromCLSID
CoTaskMemFree
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoAddRefServerProcess
CoUninitialize
CoReleaseServerProcess
CoTaskMemRealloc

oleaut32

VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
SafeArrayRedim
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCat
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VarBstrCmp
SysAllocString
SysStringLen

shlwapi

PathAppendW

Sections

.text
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2aba1c371f620a56bdbe19b96ab89987

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

setupapi

wtsapi32

version

pccs_dbengine

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 452KB - Virtual size: 452KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 17KB - Virtual size: 25KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 452KB - Virtual size: 452KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 17KB - Virtual size: 25KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 51KB - Virtual size: 51KB