cc01459b6fb7d72ce6bd767082288cc0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

cc01459b6fb7d72ce6bd767082288cc0_NeikiAnalytics
Size

451KB
MD5

cc01459b6fb7d72ce6bd767082288cc0
SHA1

911983859f4f4b4ed265efa8a8abe02170730ed9
SHA256

a7221b1ec02452f92cf8133479cbacfbb2c967595b43fb4c68f87615593f6df3
SHA512

df496df2a5351abda6031dfff742f6898759278ff164de188a983b0d403f782988be54c98b9089283abe18af45fc58e11b30703b5cba29c403cae1a3882135e4
SSDEEP

6144:p89ImUVpjQAltLPWwynnpwETqeOB0xyx6vmIF4zJlO6bnGjj+jo07PcmklrOLaE+:p8E/rZynmE1F4zNGjKjhMlzVOhCvZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc01459b6fb7d72ce6bd767082288cc0_NeikiAnalytics

Files

cc01459b6fb7d72ce6bd767082288cc0_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

9f61104ad5302a3b63265143f55f045e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WindowsMedia.pdb

Imports

shlwapi

PathCreateFromUrlA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
lstrlenW
FlushInstructionCache
GetCurrentProcess
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
RaiseException
GetUserDefaultLangID
SetErrorMode
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DisableThreadLibraryCalls
lstrcmpiA
LoadLibraryExA
IsDBCSLeadByte
LeaveCriticalSection
SizeofResource
LoadResource
FindResourceA
GetVersionExA
InitializeCriticalSection
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
GetSystemInfo
LocalAlloc
LocalFree
InterlockedExchange
DecodePointer
Sleep
TerminateProcess
EnterCriticalSection
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
InterlockedPopEntrySList
GetModuleHandleA
WideCharToMultiByte
lstrlenA
CreateEventA
CloseHandle
MultiByteToWideChar
WaitForSingleObject
SetEvent
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
EncodePointer
FreeLibrary
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange

user32

wsprintfA
KillTimer
SetTimer
ShowWindow
BringWindowToTop
LoadStringA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsWindow
GetDesktopWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
SetWindowPos
CharNextA
GetSysColor
DefWindowProcA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
SendMessageA
GetClientRect
MoveWindow
PostMessageA
GetWindowLongA
SetWindowLongA
LoadCursorA
SetCursor
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
CreateAcceleratorTableA
UnregisterClassA

gdi32

GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
GetDeviceCaps
CreateDIBSection
DeleteObject

advapi32

RegOpenKeyExA
GetUserNameA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString

oleaut32

VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?infinity@?$numeric_limits@N@std@@SANXZ
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
__clean_type_info_names_internal
??2@YAPAXI@Z
_CxxThrowException
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
_purecall
memcmp
memcpy
malloc
free
wcsncmp
memcpy_s
_resetstkoflw
memset
_recalloc
calloc
sprintf_s
strcmp
wcscmp
_mbsnbcpy_s
_mbsstr
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_onexit
?_type_info_dtor_internal_method@type_info@@QAEXXZ

Exports

Exports

GetAcrobatMPPInterface
WMCreateStreamForURL

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f61104ad5302a3b63265143f55f045e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp100

msvcr100

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 248KB - Virtual size: 248KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 248KB - Virtual size: 248KB