d75d4fd1bd6a544a60488d2de0cc3030_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d75d4fd1bd6a544a60488d2de0cc3030_NeikiAnalytics
Size

390KB
MD5

d75d4fd1bd6a544a60488d2de0cc3030
SHA1

ec081fda60c490cb2b00dcd0527128daa1660b29
SHA256

3efbd465006a6a80a1328030175ab1ba6154f9a2484f6a01e3a62280c8684450
SHA512

ac454ad6d50c4fa091f5fff1e7c8594d07461a53d8af7432dde61b928c83274eee05d045fa2874af2dd83684feebc2908c8ef121fa849c9846e1803e8d7b20a7
SSDEEP

6144:wwynAtMrOVRkidy9yIGWlUiFCrxpDtnx47E/:wwKfOVRo9yRYXCUg/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d75d4fd1bd6a544a60488d2de0cc3030_NeikiAnalytics

Files

d75d4fd1bd6a544a60488d2de0cc3030_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToCacheFileA

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

DeleteFileA
GetTempFileNameA
CreateFileA
lstrcpyA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetVolumeInformationA
GetDriveTypeA
WaitForSingleObject
CreateMutexA
Thread32Next
SuspendThread
ResumeThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateDirectoryA
GetTempPathA
CreateThread
FreeResource
UpdateResourceA
LockResource
LoadResource
SizeofResource
FindResourceExA
EnumResourceLanguagesA
EnumResourceNamesA
SetFileTime
GetFileTime
FreeLibrary
FindResourceA
LoadLibraryExA
GetCurrentProcess
SetEvent
OpenEventA
Process32Next
Process32First
FindClose
FindNextFileA
FindFirstFileA
EndUpdateResourceA
EnumResourceTypesA
BeginUpdateResourceA
GetTickCount
CopyFileA
ReleaseMutex
lstrlenA
lstrcatA
WriteFile
GetModuleFileNameA
CreateProcessA
CloseHandle
Sleep
GetLastError
HeapSize
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
FlushFileBuffers
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
ReadFile
HeapReAlloc
lstrcmpA
SetFilePointer
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
GetFullPathNameA
GetCurrentThread
WideCharToMultiByte
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc

user32

wvsprintfA
wsprintfA

advapi32

OpenProcessToken
FreeSid
OpenThreadToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

SHRegCloseUSKey
SHRegCreateUSKeyA

wininet

InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpQueryInfoA
InternetOpenUrlA
InternetSetFilePointer
InternetConnectA

ws2_32

WSAStartup
gethostbyname

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/0/HTML/-1015781088.GIF
.gif
.rsrc/0/HTML/-1108728660.GIF
.gif
.rsrc/0/HTML/-1190441987.GIF
.gif
.rsrc/0/HTML/-1294166854.GIF
.gif
.rsrc/0/HTML/-1321107452.GIF
.gif
.rsrc/0/HTML/-1453084453.GIF
.gif
.rsrc/0/HTML/-1683631896.GIF
.gif
.rsrc/0/HTML/-1714607780.GIF
.gif
.rsrc/0/HTML/-1866358447.GIF
.gif
.rsrc/0/HTML/-1901826460.GIF
.gif
.rsrc/0/HTML/-1987051769.GIF
.gif
.rsrc/0/HTML/-461719633.GIF
.gif
.rsrc/0/HTML/-469526201.GIF
.gif
.rsrc/0/HTML/-494405534.GIF
.gif
.rsrc/0/HTML/1004874082.GIF
.gif
.rsrc/0/HTML/1045967129.GIF
.gif
.rsrc/0/HTML/1072965035.GIF
.gif
.rsrc/0/HTML/127524012.GIF
.gif
.rsrc/0/HTML/154108289.GIF
.gif
.rsrc/0/HTML/1985535038.GIF
.gif
.rsrc/0/HTML/1998575771.GIF
.gif
.rsrc/0/HTML/2074021955.GIF
.gif
.rsrc/0/HTML/2081186484.GIF
.gif
.rsrc/0/HTML/2123910084.GIF
.gif
.rsrc/0/HTML/303389197.GIF
.gif
.rsrc/0/HTML/605022923.GIF
.gif
.rsrc/0/HTML/619609687.GIF
.gif
.rsrc/0/HTML/636344856.GIF
.gif
.rsrc/0/HTML/773894731.GIF
.gif
.rsrc/0/HTML/82506052.GIF
.gif
.rsrc/0/HTML/948518396.GIF
.gif
.rsrc/0/version.txt
.rsrc/10/string.txt
.rsrc/1028/string.txt
.rsrc/1033/BITMAP/110.bmp
.rsrc/1033/BITMAP/BUTTONS.bmp
.rsrc/1033/CURSOR/14
.rsrc/1033/CURSOR/15
.rsrc/1033/CURSOR/16
.rsrc/1033/CURSOR/17
.rsrc/1033/CURSOR/18
.rsrc/1033/CURSOR/19
.rsrc/1033/CURSOR/20
.rsrc/1033/CURSOR/21
.rsrc/1033/CURSOR/22
.rsrc/1033/CURSOR/23
.rsrc/1033/CURSOR/24
.rsrc/1033/CURSOR/25
.rsrc/1033/CURSOR/26
.rsrc/1033/CURSOR/27
.rsrc/1033/CURSOR/28
.rsrc/1033/CURSOR/29
.rsrc/1033/CURSOR/30
.rsrc/1033/CURSOR/31
.rsrc/1033/CURSOR/32
.rsrc/1033/CURSOR/33
.rsrc/1033/CURSOR/34
.rsrc/1033/CURSOR/35
.rsrc/1033/CURSOR/36
.rsrc/1033/CURSOR/37
.rsrc/1033/CURSOR/38
.rsrc/1033/CURSOR/39
.rsrc/1033/CURSOR/40
.rsrc/1033/CURSOR/41
.rsrc/1033/CURSOR/42
.rsrc/1033/CURSOR/43
.rsrc/1033/CURSOR/44
.rsrc/1033/CURSOR/45
.rsrc/1033/CURSOR/46
.rsrc/1033/CURSOR/47
.rsrc/1033/CURSOR/48
.rsrc/1033/CURSOR/49
.rsrc/1033/CURSOR/50
.rsrc/1033/CURSOR/51
.rsrc/1033/CURSOR/52
.rsrc/1033/CURSOR/53
.rsrc/1033/CURSOR/54
.rsrc/1033/CURSOR/55
.rsrc/1033/CURSOR/56
.rsrc/1033/CURSOR/57
.rsrc/1033/CURSOR/58
.rsrc/1033/CURSOR/59
.rsrc/1033/CURSOR/60
.rsrc/1033/CURSOR/61
.rsrc/1033/CURSOR/62
.rsrc/1033/CURSOR/63
.rsrc/1033/CURSOR/64
.rsrc/1033/CURSOR/65
.rsrc/1033/CURSOR/66
.rsrc/1033/CURSOR/67
.rsrc/1033/CURSOR/68
.rsrc/1033/CURSOR/69
.rsrc/1033/CURSOR/70
.rsrc/1033/CURSOR/71
.rsrc/1033/CURSOR/72
.rsrc/1033/CURSOR/73
.rsrc/1033/CURSOR/74
.rsrc/1033/CURSOR/75
.rsrc/1033/CURSOR/76
.rsrc/1033/CURSOR/77
.rsrc/1033/CURSOR/78
.rsrc/1033/CURSOR/79
.rsrc/1033/CURSOR/80
.rsrc/1033/CURSOR/81
.rsrc/1033/CURSOR/82
.rsrc/1033/CURSOR/83
.rsrc/1033/CURSOR/84
.rsrc/1033/CURSOR/85
.rsrc/1033/CURSOR/86
.rsrc/1033/CURSOR/87
.rsrc/1033/CURSOR/88
.rsrc/1033/CURSOR/89
.rsrc/1033/CURSOR/90
.rsrc/1033/CURSOR/91
.rsrc/1033/DIALOG/102
.rsrc/1033/DIALOG/103
.rsrc/1033/DIALOG/104
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/107
.rsrc/1033/DIALOG/111
.rsrc/1033/DIALOG/1536
.rsrc/1033/GROUP_CURSOR/ARROW
.rsrc/1033/GROUP_CURSOR/BASED_ARROW_DOWN
.rsrc/1033/GROUP_CURSOR/BASED_ARROW_UP
.rsrc/1033/GROUP_CURSOR/BOAT
.rsrc/1033/GROUP_CURSOR/BOGOSITY
.rsrc/1033/GROUP_CURSOR/BOTTOM_LEFT_CORNER
.rsrc/1033/GROUP_CURSOR/BOTTOM_RIGHT_CORNER
.rsrc/1033/GROUP_CURSOR/BOTTOM_SIDE
.rsrc/1033/GROUP_CURSOR/BOTTOM_TEE
.rsrc/1033/GROUP_CURSOR/BOX_SPIRAL
.rsrc/1033/GROUP_CURSOR/CENTER_PTR
.rsrc/1033/GROUP_CURSOR/CIRCLE
.rsrc/1033/GROUP_CURSOR/CLOCK
.rsrc/1033/GROUP_CURSOR/COFFEE_MUG
.rsrc/1033/GROUP_CURSOR/CROSS
.rsrc/1033/GROUP_CURSOR/CROSSHAIR
.rsrc/1033/GROUP_CURSOR/CROSS_REVERSE
.rsrc/1033/GROUP_CURSOR/DIAMOND_CROSS
.rsrc/1033/GROUP_CURSOR/DOT
.rsrc/1033/GROUP_CURSOR/DOTBOX
.rsrc/1033/GROUP_CURSOR/DOUBLE_ARROW
.rsrc/1033/GROUP_CURSOR/DRAFT_LARGE
.rsrc/1033/GROUP_CURSOR/DRAFT_SMALL
.rsrc/1033/GROUP_CURSOR/DRAPED_BOX
.rsrc/1033/GROUP_CURSOR/EXCHANGE
.rsrc/1033/GROUP_CURSOR/FLEUR
.rsrc/1033/GROUP_CURSOR/GOBBLER
.rsrc/1033/GROUP_CURSOR/GUMBY
.rsrc/1033/GROUP_CURSOR/HAND1
.rsrc/1033/GROUP_CURSOR/HAND2
.rsrc/1033/GROUP_CURSOR/HEART
.rsrc/1033/GROUP_CURSOR/ICON
.rsrc/1033/GROUP_CURSOR/IRON_CROSS
.rsrc/1033/GROUP_CURSOR/LEFTBUTTON
.rsrc/1033/GROUP_CURSOR/LEFT_PTR
.rsrc/1033/GROUP_CURSOR/LEFT_SIDE
.rsrc/1033/GROUP_CURSOR/LEFT_TEE
.rsrc/1033/GROUP_CURSOR/LL_ANGLE
.rsrc/1033/GROUP_CURSOR/LR_ANGLE
.rsrc/1033/GROUP_CURSOR/MAN
.rsrc/1033/GROUP_CURSOR/MIDDLEBUTTON
.rsrc/1033/GROUP_CURSOR/MOUSE
.rsrc/1033/GROUP_CURSOR/NONE
.rsrc/1033/GROUP_CURSOR/PENCIL
.rsrc/1033/GROUP_CURSOR/PIRATE
.rsrc/1033/GROUP_CURSOR/PLUS
.rsrc/1033/GROUP_CURSOR/QUESTION_ARROW
.rsrc/1033/GROUP_CURSOR/RIGHTBUTTON
.rsrc/1033/GROUP_CURSOR/RIGHT_PTR
.rsrc/1033/GROUP_CURSOR/RIGHT_SIDE
.rsrc/1033/GROUP_CURSOR/RIGHT_TEE
.rsrc/1033/GROUP_CURSOR/RTL_LOGO
.rsrc/1033/GROUP_CURSOR/SAILBOAT
.rsrc/1033/GROUP_CURSOR/SB_DOWN_ARROW
.rsrc/1033/GROUP_CURSOR/SB_H_DOUBLE_ARROW
.rsrc/1033/GROUP_CURSOR/SB_LEFT_ARROW
.rsrc/1033/GROUP_CURSOR/SB_RIGHT_ARROW
.rsrc/1033/GROUP_CURSOR/SB_UP_ARROW
.rsrc/1033/GROUP_CURSOR/SB_V_DOUBLE_ARROW
.rsrc/1033/GROUP_CURSOR/SHUTTLE
.rsrc/1033/GROUP_CURSOR/SIZING
.rsrc/1033/GROUP_CURSOR/SPIDER
.rsrc/1033/GROUP_CURSOR/SPRAYCAN
.rsrc/1033/GROUP_CURSOR/STAR
.rsrc/1033/GROUP_CURSOR/TARGET
.rsrc/1033/GROUP_CURSOR/TCROSS
.rsrc/1033/GROUP_CURSOR/TOP_LEFT_ARROW
.rsrc/1033/GROUP_CURSOR/TOP_LEFT_CORNER
.rsrc/1033/GROUP_CURSOR/TOP_RIGHT_CORNER
.rsrc/1033/GROUP_CURSOR/TOP_SIDE
.rsrc/1033/GROUP_CURSOR/TOP_TEE
.rsrc/1033/GROUP_CURSOR/TREK
.rsrc/1033/GROUP_CURSOR/UL_ANGLE
.rsrc/1033/GROUP_CURSOR/UMBRELLA
.rsrc/1033/GROUP_CURSOR/UR_ANGLE
.rsrc/1033/GROUP_CURSOR/WATCH
.rsrc/1033/GROUP_CURSOR/XTERM
.rsrc/1033/GROUP_CURSOR/X_CURSOR
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/GROUP_ICON/118
.rsrc/1033/GROUP_ICON/202
.rsrc/1033/GROUP_ICON/TK
.rsrc/1033/HTML/124
.gif
.rsrc/1033/HTML/AULICENSECHANGE.HTML
.html .js polyglot
.rsrc/1033/HTML/AULICENSECHANGE_DE.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_EN.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_ES.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_FR.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_IT.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_JA.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_KO.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_PT_BR.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_SV.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_ZH_CN.WXL
.xml
.rsrc/1033/HTML/AULICENSECHANGE_ZH_TW.WXL
.xml
.rsrc/1033/HTML/AUWELCOME.HTML
.html .js polyglot
.rsrc/1033/HTML/AUWELCOME_DE.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_EN.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_ES.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_FR.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_IT.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_JA.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_KO.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_PT_BR.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_SV.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_ZH_CN.WXL
.xml
.rsrc/1033/HTML/AUWELCOME_ZH_TW.WXL
.xml
.rsrc/1033/HTML/COMMON.CSS
.rsrc/1033/HTML/HOST.JS
.js
.rsrc/1033/HTML/L10N.JS
.js
.rsrc/1033/HTML/LAYOUT.JS
.js
.rsrc/1033/HTML/MASTHEAD_FILL.PNG
.png
.rsrc/1033/HTML/MASTHEAD_LEFT.PNG
.png
.rsrc/1033/HTML/RTUTILS.JS
.rsrc/1033/HTML/RUNTIME.JS
.js
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/10.ico
.rsrc/1033/ICON/11.ico
.rsrc/1033/ICON/12.ico
.rsrc/1033/ICON/13.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/ICON/4.ico
.rsrc/1033/ICON/5.ico
.rsrc/1033/ICON/6.ico
.rsrc/1033/ICON/7.ico
.rsrc/1033/ICON/8.ico
.rsrc/1033/ICON/9.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/string.txt
.rsrc/1033/version.txt
.rsrc/1041/string.txt
.rsrc/1042/string.txt
.rsrc/1046/string.txt
.rsrc/12/string.txt
.rsrc/16/string.txt
.rsrc/2052/string.txt
.rsrc/29/string.txt
.rsrc/7/string.txt
.rsrc_1
.text

Sharing

General

Malware Config

Signatures

Files

d3eafac78b2f94eb6a014af9c2a27809

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

psapi

version

kernel32

user32

advapi32

shell32

shlwapi

wininet

ws2_32

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 209KB - Virtual size: 208KB

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 209KB - Virtual size: 208KB