30ad1b5e4d623a861ca5965410292640_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

30ad1b5e4d623a861ca5965410292640_NeikiAnalytics
Size

104KB
MD5

30ad1b5e4d623a861ca5965410292640
SHA1

272785298e0df5592ffd59bc63b2b30f1ca1d63a
SHA256

a66b0c980ae7c5e1f63928ec9a9dc1d16b04595df0e5ba600f5cc8c5297c5b79
SHA512

6142f0ed96e851c506413f990696061b7cd0b04e455aff20e02fe2c1b63a7acf15967df79ea3ba5bc672dfa9db6d962ab406f8513529f9298ec3c9373f332377
SSDEEP

1536:KSTO+QPtZ3aGMoTdxI2cptyAZclv7Zq+KQ:KMO+QPtZqaXxcptyAZg1KQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30ad1b5e4d623a861ca5965410292640_NeikiAnalytics

Files

30ad1b5e4d623a861ca5965410292640_NeikiAnalytics
.dll regsvr32 windows:4 windows x86 arch:x86

cf26978cc6a2e109367eeb0be604be92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
__CxxFrameHandler

kernel32

InterlockedDecrement
CloseHandle
CreateEventA
ResetEvent
DuplicateHandle
InterlockedIncrement
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetVersionExA
LoadLibraryA
VirtualFree
FreeLibrary
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
SetThreadPriority
CreateThread
InterlockedExchange
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
EnterCriticalSection
GetThreadPriority
GetCurrentThread
GetTickCount
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
GetSystemInfo
GetACP

user32

RegisterWindowMessageA
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
wvsprintfA
DispatchMessageA
PostThreadMessageA
GetQueueStatus

advapi32

RegDeleteKeyA
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegEnumKeyExA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize

oleaut32

SysAllocString
SysFreeString

winmm

timeSetEvent
timeGetTime

cv

cvSetData
cvInitImageHeader

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf26978cc6a2e109367eeb0be604be92

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

winmm

cv

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 812B

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 812B

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB