dd03ab6b601f64ed00b8156f19ad0db0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dd03ab6b601f64ed00b8156f19ad0db0_NeikiAnalytics
Size

3.7MB
MD5

dd03ab6b601f64ed00b8156f19ad0db0
SHA1

830ecd820d3f042b51fc543f4f716a4669ea8839
SHA256

a70b74bef703815fe17faac38cdb864c5093d57fb121c0ca17c47eb96e8dfb80
SHA512

adb7c5bc9f38465039865e13f01a299493099a573362ab6106b68c580527a739a63eb5994b3dd81f07d22b26080f084cb29ee397841ff5c80ef9e6591a519ebc
SSDEEP

98304:n5I9c0ecPmGB8PuAGWAUv6ycyZl4N3vqbl:Ci1GBwuAsUv6yuol

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd03ab6b601f64ed00b8156f19ad0db0_NeikiAnalytics

Files

dd03ab6b601f64ed00b8156f19ad0db0_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

a9b58dcb71d7064f7ed227165495b490

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\TeamCityAgent\work\67d12f215139a5f6\symbols\Nightly_ClientNetwork.pdb

Imports

ws2_32

gethostname
inet_addr
gethostbyname
ioctlsocket
WSACleanup
WSAStartup
inet_ntoa
WSAWaitForMultipleEvents
closesocket
WSAEventSelect
getsockopt
socket
bind
sendto
setsockopt
getsockname
ntohs
htons
WSAGetLastError
recvfrom
select

libcurl

curl_global_init
curl_share_init
curl_share_setopt
curl_share_cleanup
curl_global_cleanup
curl_easy_cleanup
curl_easy_init
curl_easy_setopt
curl_slist_append
curl_easy_getinfo
curl_multi_perform
curl_multi_fdset
curl_multi_add_handle
curl_multi_init
curl_easy_strerror
curl_multi_info_read
curl_multi_cleanup
curl_multi_remove_handle

pthread

pthread_setcancelstate
pthread_cancel
pthread_mutex_init
pthread_cond_destroy
pthread_mutex_destroy
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_mutex_unlock
pthread_testcancel
pthread_cond_init
pthread_create
pthread_mutex_lock

wininet

InternetCrackUrlA

kernel32

WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
InterlockedExchange
FlushInstructionCache
FreeLibrary
VirtualProtect
CreateWaitableTimerW
CreateEventW
Sleep
GetLastError
TerminateProcess
FormatMessageW
LocalFree
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetThreadTimes
GetCurrentThread
GetFileAttributesA
SetFileAttributesA
GetDllDirectoryW
GetLongPathNameW
GetLocalTime
GetSystemTime
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
SetPriorityClass
GetVersionExA
DebugActiveProcessStop
GetProcessId
RemoveDirectoryA
SetLastError
LoadLibraryW
GetProcessAffinityMask
SetProcessAffinityMask
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
GetFileAttributesExW
GetTickCount
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
CloseHandle
SetThreadAffinityMask
SetWaitableTimer
GetModuleFileNameW

user32

SetWindowLongW
CallWindowProcW
GetWindowLongA
MessageBoxA
GetAsyncKeyState
MessageBoxW
SetWindowLongA

advapi32

CloseEventLog
ReadEventLogW
OpenEventLogW
SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
BuildExplicitAccessWithNameA
ConvertStringSidToSidA
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
FreeSid
CheckTokenMembership
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
AllocateAndInitializeSid

shell32

ShellExecuteA
SHGetFolderPathW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity

oleaut32

VariantChangeType
VariantClear
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString

msvcp90

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

msvcr90

_CIfmod
_snprintf
memcpy_s
isalnum
isspace
isprint
_atoi64
isalpha
strtoul
towlower
ferror
printf
_strnicmp
_vsnprintf
memcpy
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_wcsicmp
_unlink
_mkdir
_wcsnicmp
__CxxFrameHandler3
_CxxThrowException
strcat
strcpy
floor
_CIsqrt
_beginthreadex
??2@YAPAXI@Z
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_purecall
??0exception@std@@QAE@XZ
fopen
fclose
feof
fflush
ftell
fseek
fread
fwrite
_invalid_parameter_noinfo
_ftime64
_wfopen
free
malloc
??_V@YAXPAX@Z
_vscprintf
_stricmp
_vscwprintf
_vsnwprintf
tolower
toupper
atoi
srand
rand
_time64
isdigit
strncpy
rewind
wcsncpy
wcschr
sprintf
sscanf
memchr
strrchr
_copysign
realloc

winmm

timeGetTime

wintrust

WinVerifyTrust

Exports

Exports

CheckCompatibility
CheckService
GetLibMtaVersion
GetNetRel
GetNetRev
InitNetInterface
ReleaseNetInterface
WaitForObject

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9b58dcb71d7064f7ed227165495b490

Headers

File Characteristics

PDB Paths

Imports

ws2_32

libcurl

pthread

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp90

msvcr90

winmm

wintrust

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 137KB - Virtual size: 246KB

.rsrc Size: 513KB - Virtual size: 513KB

.reloc Size: 153KB - Virtual size: 153KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 137KB - Virtual size: 246KB

.rsrc
Size: 513KB - Virtual size: 513KB

.reloc
Size: 153KB - Virtual size: 153KB