d33ba30173594a6d58561a09435e9ed0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

d33ba30173594a6d58561a09435e9ed0_NeikiAnalytics
Size

701KB
MD5

d33ba30173594a6d58561a09435e9ed0
SHA1

d323a2c3638a43e71092c95dccf9226f874f97f6
SHA256

3e1e056479d42f3b18862711cf2e41583d57ff62a9e4eef6d218e90bd06cff49
SHA512

e8ef360e7186c4bb7f5bf3f1b4c19d94ec00f91ee59d8ecf2e5ec3e8e122e27ff273af9358bf975fd771b8f809bde6d1207b0f98a7398e714f377c19c01a458a
SSDEEP

12288:srwebzQtH8iRIxQ0ExrYm0bJDyAvJecVZV0l8+H5BeJjZyHpl:sY8PxQ0RyIJBZH+Yw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d33ba30173594a6d58561a09435e9ed0_NeikiAnalytics

Files

d33ba30173594a6d58561a09435e9ed0_NeikiAnalytics
.dll regsvr32 windows:6 windows x86 arch:x86

65c3cf679503d4dc68296ab1eab00f57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

kernel32

WideCharToMultiByte
GetLocaleInfoA
IsDBCSLeadByte
Sleep
GlobalLock
GlobalUnlock
lstrcpynA
lstrcpynW
SetEnvironmentVariableA
GetModuleFileNameA
MultiByteToWideChar
SetStdHandle
GetTimeZoneInformation
InterlockedExchange
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FindResourceA
lstrcmpiA
SizeofResource
LoadResource
LoadLibraryExA
GetModuleHandleW
FlushFileBuffers
GetModuleHandleA
DisableThreadLibraryCalls
GetVersion
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
DecodePointer
EncodePointer
GetACP
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
WriteConsoleW
GetFileType
GetProcessHeap
HeapAlloc
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
CreateSemaphoreW
GetStartupInfoW
TlsFree
CreateThread
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
CloseHandle
SetEvent
OpenEventW
GetCurrentProcessId
InitializeCriticalSectionEx
GetCurrentThread
GetSystemInfo
VirtualAlloc
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapValidate
VirtualProtect
VirtualQuery
GetModuleHandleExW
FindClose
FindFirstFileExA
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
RtlUnwind
GetCommandLineA
GetCurrentThreadId
FatalAppExitA
LoadLibraryExW
lstrlenA
LoadLibraryW
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
GetStdHandle
WriteFile
ExitProcess
AreFileApisANSI
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
SetConsoleCtrlHandler

user32

SetForegroundWindow
wsprintfA
UnregisterClassA
CharNextA
LoadImageA
CharNextW
EnumWindows
GetSysColor
GetPropA
LoadBitmapA
SetMenuItemBitmaps
InsertMenuA
LoadStringA

gdi32

SetPixel
SelectObject
GetPixel
GetCurrentObject
DeleteDC
CreateCompatibleDC
GetObjectA

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA
DragQueryFileA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
ReleaseStgMedium
CoCreateInstance
CoTaskMemFree

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

shlwapi

PathFileExistsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65c3cf679503d4dc68296ab1eab00f57

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 528KB - Virtual size: 528KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 8KB - Virtual size: 17KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 528KB - Virtual size: 528KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 8KB - Virtual size: 17KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 23KB - Virtual size: 23KB