95b45bda20187e46d76d3e57bc5b1540_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

95b45bda20187e46d76d3e57bc5b1540_NeikiAnalytics
Size

1.7MB
MD5

95b45bda20187e46d76d3e57bc5b1540
SHA1

ffa4fc9df1ea42829ef0cfabcc781fb1adcc53ec
SHA256

75d7a030122d1b5b6f65634639a30b1dba22944830ce88c319487a72ead69add
SHA512

3b1a388ef645977550181e146dfdc66b8428f732747e103704e4a363429c70de427306e05d7633021fde8466aa2c6aaf629d174d11de333179dfb4c39ff795b9
SSDEEP

49152:OzO/a9PXNomMS5Y7xbcdW8D8gn0ImmY57gk:OzOHmr52bcgHKJiU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95b45bda20187e46d76d3e57bc5b1540_NeikiAnalytics

Files

95b45bda20187e46d76d3e57bc5b1540_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

8e89b60e37d68eccd883cdc3ae700dee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathGetCharTypeA

user32

GetMessageA
GetUpdateRgn
InflateRect
EnableScrollBar
SetActiveWindow

advapi32

RegCloseKey

kernel32

GetProcessId
CreateIoCompletionPort
SetCommConfig
TlsAlloc
HeapUnlock
GetNativeSystemInfo
MultiByteToWideChar
GetFullPathNameW
GetModuleHandleA
GetModuleFileNameA
TerminateProcess
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
GetLastError
CompareStringW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
HeapFree
Sleep
ExitProcess
GetLocaleInfoA
HeapAlloc
InitializeCriticalSectionAndSpinCount
WriteFile
GetStdHandle
VirtualFree
VirtualAlloc
HeapReAlloc
LoadLibraryA

ole32

CoFreeUnusedLibraries

version

GetFileVersionInfoW

setupapi

CM_Get_Res_Des_Data

ws2_32

WSAGetLastError

gdi32

GetROP2
SetBkMode
GetTextExtentExPointI
GetSystemPaletteUse
ArcTo
ResizePalette

lz32

GetExpandedNameW

Exports

Exports

OhalnSestawtl

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 409B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e89b60e37d68eccd883cdc3ae700dee

Headers

File Characteristics

Imports

shlwapi

user32

advapi32

kernel32

ole32

version

setupapi

ws2_32

gdi32

lz32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.idata Size: 4KB - Virtual size: 409B

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 88KB - Virtual size: 91KB

.rsrc Size: 40KB - Virtual size: 38KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.idata
Size: 4KB - Virtual size: 409B

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 88KB - Virtual size: 91KB

.rsrc
Size: 40KB - Virtual size: 38KB

.reloc
Size: 12KB - Virtual size: 9KB