dd0a609f4b7fac2001aef8d70d13abb0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dd0a609f4b7fac2001aef8d70d13abb0_NeikiAnalytics
Size

327KB
MD5

dd0a609f4b7fac2001aef8d70d13abb0
SHA1

bd1ab13dfaeb1f67997cde357bc2321a7a384a5c
SHA256

0f9bfa081b4cfc11a9722645226361f8b944bbdf770b12653b33f1134c1cedca
SHA512

2a8c56f836601a0dfdda8ff4a5b99f3253621f2523c60c228b2afd4233ecc6ac73c0cd7939bb3a9f308327a67a7ce29eb030a46f0b85ac55ab555ebfe5619a85
SSDEEP

6144:pdeUizS/MxHVxEQG2Gfhf9nw0QzztXAFwFt7DYjo8Q18ZpLnDNhS7:pdelWGxEQG2Gfhf9nwRzWMDYjrdZp9h4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd0a609f4b7fac2001aef8d70d13abb0_NeikiAnalytics

Files

dd0a609f4b7fac2001aef8d70d13abb0_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

f9b24d667d416ef090f4b1917ad61687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
OpenServiceW
RegDeleteValueW
QueryServiceConfigW
RegOpenKeyExA
EnumServicesStatusExW
OpenSCManagerA
CloseServiceHandle
RegCloseKey
EnumServicesStatusExA
OpenProcessToken
QueryServiceStatusEx
StartServiceA
ControlService
DeleteService
GetTokenInformation
MakeAbsoluteSD
LookupAccountSidW
SetKernelObjectSecurity
GetKernelObjectSecurity
DuplicateToken
CreateProcessAsUserW
CheckTokenMembership
FreeSid
GetUserNameA
CreateWellKnownSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
SetEntriesInAclA
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameA

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFileExistsA

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC

ole32

StgCreateDocfile
CoCreateGuid

user32

SetProcessDPIAware
GetDesktopWindow
GetWindowTextLengthA
GetWindowTextW
ToAscii
GetRawInputData
PostQuitMessage
IsClipboardFormatAvailable
GetClipboardData
TranslateMessage
RegisterRawInputDevices
DefWindowProcA
GetForegroundWindow
CloseClipboard
DispatchMessageW
OpenClipboard
ShowWindow
wsprintfA
GetKeyboardState
RegisterClassExW
GetSystemMetrics
CreateWindowExW
GetDC
MapVirtualKeyW
PostMessageW
GetKeyState
GetMessageW

ws2_32

WSAGetLastError
WSACleanup
setsockopt
ioctlsocket
freeaddrinfo
htonl
getsockopt
WSARecv
WSAAddressToStringW
connect
ntohs
getsockname
WSAStartup
getaddrinfo
WSASocketW
WSASetLastError
listen
ntohl
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet

ntdll

RtlAdjustPrivilege

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
HeapReAlloc
LCMapStringW
WriteConsoleW
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
EncodePointer
InterlockedFlushSList
RtlUnwind
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocaleInfoEx
RaiseException
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
CreateDirectoryW
GetStartupInfoW
ReadFile
SetConsoleCtrlHandler
FindFirstFileW
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
CreateNamedPipeA
HeapFree
SetLastError
EnterCriticalSection
FindNextFileW
lstrlenW
GetStdHandle
WriteFile
RegisterWaitForSingleObject
TerminateProcess
RemoveDirectoryW
SetFileTime
WaitForMultipleObjects
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
FindClose
WaitForSingleObject
LocalAlloc
CreateFileW
GetCurrentThreadId
GetVersionExW
GetComputerNameExW
DisconnectNamedPipe
OpenProcess
PostQueuedCompletionStatus
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
CreateEventW
MultiByteToWideChar
ProcessIdToSessionId
Sleep
GetTickCount64
GetLastError
AttachConsole
Process32NextW
CreateFileA
SetEvent
GetDiskFreeSpaceExW
GetSystemDirectoryA
TerminateThread
TlsAlloc
DeleteFileW
Process32FirstW
CloseHandle
FreeConsole
GetSystemInfo
ResetEvent
GetWindowsDirectoryA
HeapAlloc
WriteConsoleInputW
QueueUserAPC
GetOverlappedResult
CreateWaitableTimerA
GlobalLock
UnregisterWaitEx
LocalFree
GetFileSize
DeleteCriticalSection
ExitProcess
VerSetConditionMask
GetComputerNameW
GetCurrentProcessId
GetProcessHeap
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
GetConsoleWindow
SleepEx
TlsGetValue
TlsFree
FormatMessageA
lstrcmpiW
CreateIoCompletionPort
GetTickCount
GlobalUnlock
AllocConsole
lstrcmpW
MoveFileW
VirtualQuery
GetDriveTypeW
GetFileTime
GenerateConsoleCtrlEvent
ConnectNamedPipe
InitializeCriticalSection
GetCurrentProcess
GetModuleFileNameW
LoadLibraryW
GetProcAddress
SetUnhandledExceptionFilter
QueryDosDeviceW
WriteProcessMemory
K32GetProcessImageFileNameW
GetSystemDirectoryW
ResumeThread
DuplicateHandle
GetNativeSystemInfo
VirtualProtectEx
GetThreadContext
DecodePointer

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9b24d667d416ef090f4b1917ad61687

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

gdi32

ole32

user32

ws2_32

ntdll

shell32

gdiplus

userenv

kernel32

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 11KB - Virtual size: 16KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 11KB - Virtual size: 16KB

.reloc
Size: 14KB - Virtual size: 13KB