d6ed80f99f14ca31db9a74f956691660_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

d6ed80f99f14ca31db9a74f956691660_NeikiAnalytics
Size

422KB
MD5

d6ed80f99f14ca31db9a74f956691660
SHA1

2a80bfa853a7c47e45903510be5b2406d8ae4a5c
SHA256

9b519abe26bde35d6650998f2e7ebff520cbf7d783aee3afe549e98aa11f35f6
SHA512

e82ae75f171916178f8b3b6b9185e7140e31f13ca27845a338d375db1b35c3f486017ce0e135409f7976d5325a59e3f6da3d00a792302db4b8abdc5b77b857d9
SSDEEP

12288:yT7y+JsA9eTSP7o0WNBj+z5UUv6inBMRem21H:yT7y+Jle+WhHinBv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6ed80f99f14ca31db9a74f956691660_NeikiAnalytics

Files

d6ed80f99f14ca31db9a74f956691660_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

6062013b3a9e7db7d8413ae1dcbbdd2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\T\BuildResults\bin\Release\Acrobat32OL.pdb

Imports

kernel32

GlobalFlags
lstrcmpW
InitializeCriticalSectionAndSpinCount
GlobalDeleteAtom
GlobalFindAtomW
GetCurrentThread
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
ReleaseSemaphore
WaitForMultipleObjectsEx
CreateEventA
WaitForMultipleObjects
TerminateProcess
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OpenEventA
OutputDebugStringW
EncodePointer
LoadLibraryExW
GlobalAddAtomW
CreateEventW
WaitForSingleObject
FindResourceW
FormatMessageW
SizeofResource
LockResource
LoadResource
LocalReAlloc
LocalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
VerifyVersionInfoW
GetFileType
VerSetConditionMask
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemDirectoryW
GetTempPathA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrlenW
GetTickCount
Sleep
OpenMutexW
SetNamedPipeHandleState
WriteFile
ReadFile
GetVolumeInformationW
OutputDebugStringA
CreateFileW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDefaultLCID
SetThreadLocale
LocalFree
FreeLibrary
DisableThreadLibraryCalls
GetVersionExW
GetCurrentProcessId
GetCurrentProcess
OpenEventW
SetEvent
CloseHandle
GetCommandLineW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapFree
SetLastError
GetLastError
DecodePointer
CreateSemaphoreA

user32

TabbedTextOutW
SetWindowsHookExW
ValidateRect
GetKeyState
PeekMessageW
DispatchMessageW
TranslateMessage
GrayStringW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
DrawTextExW
DrawTextW
CallNextHookEx
GetWindowTextW
MessageBoxW
IsWindowEnabled
EnableWindow
GetDlgCtrlID
GetFocus
SetWindowTextW
GetWindowRect
ClientToScreen
PtInRect
LoadCursorW
DestroyMenu
GetClassNameW
PeekMessageA
MsgWaitForMultipleObjectsEx
PostQuitMessage
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
GetDlgItem
GetCapture
GetMenu
SetMenu
GetForegroundWindow
SetForegroundWindow
GetWindow
SetPropW
GetPropW
RemovePropW
GetClientRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
CopyRect
SetWindowLongW
GetClassLongW
GetTopWindow
LoadIconW
WinHelpW
DispatchMessageA
RealChildWindowFromPoint
MonitorFromWindow
GetMonitorInfoW
SendMessageW
FindWindowW
GetSubMenu
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetStockObject
GetClipBox
Escape
DeleteDC
SetTextColor
SetBkColor
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorSacl

shell32

CommandLineToArgvW

comctl32

InitCommonControlsEx

shlwapi

PathAppendW

oleaut32

VariantInit
VariantChangeType
VariantClear

msvcp140

?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z

oleacc

CreateStdAccessibleObject
LresultFromObject

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__current_exception
_except_handler4_common
memset
__CxxFrameHandler3
memcpy
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_purecall
longjmp
__std_terminate

api-ms-win-crt-heap-l1-1-0

calloc
_msize
free
_expand
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
terminate
_crt_atexit
_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
_wassert
_register_onexit_function
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_errno

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcsncpy_s
wcscat_s
wcsncpy
wmemcpy_s
wcslen
_wcsicmp
strlen
wcsnlen

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-utility-l1-1-0

ldiv

Exports

Exports

AcroWinMainSandbox
DllCanUnloadNow
DllGetClassObject
_ixAbortIndexingSession@8
_ixCloseIndex@8
_ixConvertQuery@8
_ixCreateIndexCreationParams@4
_ixCreateIndexEx@12
_ixCreateIndexManager@12
_ixCreateStemmer@4
_ixDeleteIndexCreationParams@4
_ixDeleteIndexManager@8
_ixDeleteRecordNum@12
_ixDeleteResultVector@8
_ixDeleteStemmer@8
_ixEndIndexingSession@20
_ixEndRetrievalSession@8
_ixForceCloseOfTemporaryFiles@4
_ixGetTempDiskSpaceUsage@12
_ixIncrementRecord@12
_ixIndexNumber@20
_ixIndexWord@12
_ixIndexWordSpecial@20
_ixIsRecordDeleted@12
_ixNumHits@20
_ixNumberOfRecordsInIndex@12
_ixOpenIndex@12
_ixProcessQuery@16
_ixRetrieveMoreRecordData@24
_ixRetrieveRecordData@28
_ixSetBaseDistributedIndexDirectory@12
_ixSetFinalIndexDataFileNameAndPosition@16
_ixSetIndexCreationParams@12
_ixSetLocationForTemporaryFiles@4
_ixStartIndexingSession@8
_ixStartRetrievalSession@8
_ixStem8BitWord@28
_ixStoreMoreRecordData@16
_ixStoreRecordData@16
_ixVectorCurrentHit@24
_ixVectorNextHit@24

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6062013b3a9e7db7d8413ae1dcbbdd2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

msvcp140

oleacc

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 8KB - Virtual size: 18KB

.reloc Size: 244KB - Virtual size: 244KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 8KB - Virtual size: 18KB

.reloc
Size: 244KB - Virtual size: 244KB