de45a57cfed6bd43c297d2af81b24900_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

de45a57cfed6bd43c297d2af81b24900_NeikiAnalytics
Size

1.6MB
MD5

de45a57cfed6bd43c297d2af81b24900
SHA1

0245971e6acaa7403379f42393519e28ae644d2a
SHA256

f2f1bbfb69e0041027442024507bb1a9e82ccafb08f6bee005d5014a96c80d54
SHA512

3dac4cd9f34f96e8af5a881f634187556ae1aae3fe4cb91d968b17317029b99614b4302e9f2f38dfb5c9cf1242e735a7d4b8a71652f395d714fe8c9a587f13f5
SSDEEP

24576:jdMP4wr1aa6HRQJurFHIwarvYrbTYcMPG6/IYnsSD8/I:GN1aaKQwrFowgwHTYfjnns8CI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de45a57cfed6bd43c297d2af81b24900_NeikiAnalytics

Files

de45a57cfed6bd43c297d2af81b24900_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

d1ee68d18e22f494c4bcdf665821e1bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\yxbox\trunk\bin\Win32\Release\gamestart\gamestart.pdb

Imports

wininet

InternetCheckConnectionW
GetUrlCacheEntryInfoW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetOpenW
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

kernel32

lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
GetModuleHandleA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
lstrlenA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
HeapFree
HeapAlloc
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetFileType
GetProcessHeap
SetStdHandle
RtlUnwind
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
GetDriveTypeA
SetEnvironmentVariableA
GetCurrentProcessId
SetLastError
LocalFree
FormatMessageW
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
ExitThread
CreateEventW
SetEvent
FileTimeToSystemTime
GetTickCount
UnmapViewOfFile
GetFileSize
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
WideCharToMultiByte
ResumeThread
GetCurrentThreadId
TerminateProcess
OpenProcess
GetCurrentProcess
GetShortPathNameW
GetFileAttributesW
FindNextFileW
CreatePipe
FindClose
GetStartupInfoW
GetExitCodeProcess
CreateProcessW
FindFirstFileW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetLastError
RaiseException
LeaveCriticalSection
GetModuleHandleW
LoadLibraryExW
FreeLibrary
FreeResource
GlobalUnlock
GlobalLock
CreateThread
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrlenW
GetModuleFileNameW
GetVersionExW
Sleep
InitializeCriticalSection
WaitForSingleObject
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
GetCommandLineW
DeleteFileW
CloseHandle
LockResource
LocalAlloc
GlobalFree
MultiByteToWideChar
CreateFileW
SizeofResource
GlobalAlloc
WriteFile
GetPrivateProfileStringW
LoadResource
FindResourceW
MulDiv
GetCurrentDirectoryA
LoadLibraryW
GlobalFlags
InterlockedCompareExchange

user32

RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterClipboardFormatW
IsDialogMessageW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
PeekMessageW
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetRectEmpty
ScreenToClient
SetCapture
SetFocus
GetCursorPos
ReleaseCapture
CallWindowProcW
DefWindowProcW
GetDesktopWindow
IsWindow
GetWindowThreadProcessId
MonitorFromWindow
SetWindowPos
GetMonitorInfoW
CharNextW
DestroyMenu
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
LoadIconW
GetClientRect
SetRect
IsRectEmpty
GetSysColorBrush
MoveWindow
CharUpperW
SetWindowTextW
CopyRect
UpdateLayeredWindow
GetDC
GetWindowLongW
ReleaseDC
SetWindowLongW
GetSystemMetrics
SetCursor
SetWindowRgn
SetTimer
GetWindowRect
LoadImageW
PostMessageW
KillTimer
LoadCursorW
PtInRect
wsprintfW
InvalidateRect
ShowWindow
IsWindowVisible
CloseWindow
SendMessageW
EnableWindow
UnhookWindowsHookEx
GetKeyState

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
SetBkColor
PtVisible
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteDC
CreateDIBSection
CreatePolygonRgn
BitBlt
DeleteObject
SelectObject
Escape
ExtTextOutW
TextOutW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetClipBox
SetMapMode
SetTextColor
RectVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes

oleaut32

SafeArrayDestroy
VariantCopy
VariantTimeToSystemTime
SysAllocStringLen
SysStringLen
VarUI4FromStr
SysFreeString
VariantChangeType
VariantInit
VariantClear
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

gdiplus

GdipCreatePath
GdipDeletePath
GdipGetFontSize
GdipAddPathString
GdipGetFamily
GdipGetFontStyle
GdipGetPathWorldBounds
GdipDrawRectangleI
GdipCreatePen1
GdipFillRectangleI
GdipSetSolidFillColor
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetStringFormatAlign
GdipSetImageAttributesWrapMode
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRect
GdipDeleteBrush
GdipCloneBrush
GdipGetImageHeight
GdipMeasureString
GdipDeleteFont
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDeleteFontFamily
GdipCreateSolidFill
GdipCreateFont
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateStringFormat
GdipGetImageWidth
GdipDeleteStringFormat
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint

ws2_32

WSAStartup
connect
select
WSAGetLastError
htons
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy

Sections

.text
Size: 649KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1ee68d18e22f494c4bcdf665821e1bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

ws2_32

iphlpapi

netapi32

snmpapi

Sections

.text Size: 649KB - Virtual size: 648KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 17KB - Virtual size: 34KB

.rsrc Size: 806KB - Virtual size: 806KB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 649KB - Virtual size: 648KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 17KB - Virtual size: 34KB

.rsrc
Size: 806KB - Virtual size: 806KB

.reloc
Size: 59KB - Virtual size: 59KB