d0335ce3c69dce82e3346dd3f0f51ca0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d0335ce3c69dce82e3346dd3f0f51ca0_NeikiAnalytics
Size

1.9MB
MD5

d0335ce3c69dce82e3346dd3f0f51ca0
SHA1

9a55cb080eabf51e56605566f170322df6edc4ed
SHA256

856d6725d37752d946ab3efa145d0ac256bd76a6cf65dba42b57cec7237f585c
SHA512

f427b8491e54e4c09c54fdf9fb79dd9168236133f64b76562bbedc3fdbe052002c18eb46c06518d0137c08e167e89af8e42497fd62aac17385d8dd0ea2dbc2ac
SSDEEP

49152:GyDos2igsFhJ0ub5C2hLauY/Dmg27RnWGj:f3hCD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0335ce3c69dce82e3346dd3f0f51ca0_NeikiAnalytics

Files

d0335ce3c69dce82e3346dd3f0f51ca0_NeikiAnalytics
.exe windows:10 windows x64 arch:x64

bc0f5315eea41e76b544e9f6acfe1fee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vssvc.pdb

Imports

msvcrt

_lock
_vscwprintf
__setusermatherr
_cexit
towupper
iswspace
wcsrchr
wcstoul
iswdigit
_vsnprintf
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
wcstok
_initterm
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
wcsstr
qsort
_beginthreadex
_errno
wcsncmp
_wcsicmp
_wcmdln
memcmp
_fmode
_commode
__CxxFrameHandler4
_wcsnicmp
wcscat_s
??0exception@@QEAA@XZ
memset
_vsnprintf_s
malloc
realloc
??0exception@@QEAA@AEBV0@@Z
free
memcpy_s
??1exception@@UEAA@XZ
_vsnwprintf
__C_specific_handler
_purecall
?terminate@@YAXXZ
wcscmp

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
OpenSemaphoreW
EnterCriticalSection
DeleteCriticalSection
CreateWaitableTimerExW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
WaitForMultipleObjectsEx
ReleaseSemaphore
CancelWaitableTimer
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSection
SetEvent
ReleaseMutex
CreateSemaphoreExW
CreateMutexExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
SetThreadPriority
ResumeThread
OpenThread
TerminateProcess
GetStartupInfoW
GetCurrentThread
OpenProcessToken
GetCurrentProcess
CreateThread
OpenThreadToken

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount
GetTickCount64

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
FreeLibrary
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW

ntdll

RtlNtStatusToDosError
EtwTraceMessage
NtThawRegistry
NtFreezeRegistry
NtQueryInformationProcess
RtlAdjustPrivilege
NtClose
NtCreateSymbolicLinkObject
RtlInitUnicodeString
NtThawTransactions
NtFreezeTransactions
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
NtQueryVolumeInformationFile
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

DefineDosDeviceW
GetVolumeInformationW
FindFirstVolumeW
FindNextVolumeW
CreateFileW
ReadFile
DeleteFileW
GetDriveTypeW
FindFirstFileW
FindNextFileW
GetFileAttributesW
WriteFile
SetFileAttributesW
CreateDirectoryW
FindClose
FindVolumeClose
GetDiskFreeSpaceW
FlushFileBuffers
DeleteVolumeMountPointW
QueryDosDeviceW
GetVolumePathNameW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-security-base-l1-1-0

InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
AddAccessAllowedAce
GetLengthSid
CreateWellKnownSid
EqualDomainSid
GetSidSubAuthorityCount
AccessCheck
IsValidSid
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAce
GetAce
GetAclInformation
SetSecurityDescriptorGroup
CopySid
SetSecurityDescriptorOwner
EqualSid
FreeSid
AdjustTokenPrivileges
PrivilegeCheck
CheckTokenMembership
DuplicateToken
GetTokenInformation

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vssapi

CreateVssSnapshotSetDescription
CreateWriter
VssFreeSnapshotPropertiesInternal
LoadVssSnapshotSetDescription
CreateWriterEx

vsstrace

ord4
ord8
ord1
ord2
ord5
ord9
ord7
ord11
ord6
ord3
ord10

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer

Sections

.text
Size: 972KB - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc0f5315eea41e76b544e9f6acfe1fee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

ntdll

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

vssapi

vsstrace

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-util-l1-1-0

Sections

.text Size: 972KB - Virtual size: 970KB

.rdata Size: 376KB - Virtual size: 373KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 32KB - Virtual size: 29KB

.didat Size: 4KB - Virtual size: 904B

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 972KB - Virtual size: 970KB

.rdata
Size: 376KB - Virtual size: 373KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 32KB - Virtual size: 29KB

.didat
Size: 4KB - Virtual size: 904B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 572KB - Virtual size: 576KB