2b424d70eff4f1a00c23e549ac08b660_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

2b424d70eff4f1a00c23e549ac08b660_NeikiAnalytics
Size

429KB
MD5

2b424d70eff4f1a00c23e549ac08b660
SHA1

31589414f0f166c7c1954fdcf4c251d3d082fd45
SHA256

d5e376394d019c306d83ae0fe5e0c49e7f924f2e0e0f0c2ab1b4753c404f03bc
SHA512

c4e43958418e513af21eb518d55c5b43726672b407956302420322b55e2dac9824467fa90ee9efd9b333a33fd9be61e24c67488af60733dc3eed4957a852ec4b
SSDEEP

6144:UYNKZmncRIzzAxpKPLpXU3iNByAA1v/rTre16Gr/omKK+joI/qhOJpAWZ:4ZmncRIGQFE3iGVl7U/LLPOJ6WZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b424d70eff4f1a00c23e549ac08b660_NeikiAnalytics

Files

2b424d70eff4f1a00c23e549ac08b660_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

15b95e5a19b69d9f2624fe64b43c46a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Work\workspace\tools-main\trunk\common\bin\Channel9.pdb

Imports

kernel32

GetModuleFileNameW
VirtualAlloc
VirtualFree
VirtualQuery
SleepEx
GetCurrentThreadId
GetTickCount
GetSystemInfo
GetLastError
Sleep
CloseHandle
WaitForSingleObject
GetPrivateProfileIntW
ReadFile
GetFileSize
CreateFileW
GetLocalTime
SetThreadPriority
CreateThread
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
FreeConsole
FlushFileBuffers
IsBadWritePtr
WriteConsoleW
GetConsoleWindow
SetConsoleTitleW
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetStdHandle
AllocConsole
CreateDirectoryW
GetFileAttributesW
lstrlenW
SetFilePointer
WideCharToMultiByte
GetTempPathW
WriteFile
lstrlenA
lstrcatA
GetOverlappedResult
SetCommMask
GetCommMask
WaitCommEvent
ClearCommError
PurgeComm
SetupComm
SetCommState
GetCommState
SetCommTimeouts
GetModuleHandleW
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
InterlockedExchange
FreeLibrary
HeapReAlloc
HeapSize
GetLocaleInfoA
GetLocaleInfoW
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetEnvironmentVariableA
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCommandLineA
GetModuleFileNameA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
HeapAlloc
HeapFree
ExitProcess
SetConsoleCtrlHandler
SetHandleCount
GetFileType
GetStartupInfoA

user32

UnregisterClassW
DispatchMessageW
TranslateMessage
GetWindowLongW
SetWindowLongW
CreateWindowExW
RegisterClassExW
GetSystemMenu
EnableMenuItem
ShowWindow
GetMessageW
PostMessageW
PostThreadMessageW

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathIsRelativeW

ws2_32

WSAResetEvent
recv
WSAGetLastError
WSAGetOverlappedResult
WSAEventSelect
WSACleanup
closesocket
shutdown
WSASetEvent
WSACloseEvent
WSASend
WSACreateEvent
WSAAccept
WSAEnumNetworkEvents
listen
bind
htons
WSASocketW
WSAConnect
htonl
WSAStartup
WSARecv
WSAWaitForMultipleEvents

Exports

Exports

CreateChannel
ReleaseChannel

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 182KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15b95e5a19b69d9f2624fe64b43c46a3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text Size: 182KB - Virtual size: 184KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 182KB - Virtual size: 184KB