9fb01b7afe9dc6a5d9d6e56c60648070_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9fb01b7afe9dc6a5d9d6e56c60648070_NeikiAnalytics.exe
Size

2.7MB
MD5

9fb01b7afe9dc6a5d9d6e56c60648070
SHA1

c03c89c9f93b026d3fd63dd5fea15cc25fb38174
SHA256

b0eea10cb90f9c00fe2daa7e70e21a209f100c09beac1fc0ecdc181837921492
SHA512

c8e806acebd2f61daf60e26cea0e2013df92338ebba88f98706c46a0af7c0fb230d01fd0812c4823ebfbfc85584150ab9c6a98b148379628990232caa1e841f5
SSDEEP

49152:t2AuAiYQ7UDnbTAxIskVik82DIJHUpW4eIgbFBPpW4eIgbFBP0O97:AAuAiYmUDnbMW3iAYUpvyZpvyN0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fb01b7afe9dc6a5d9d6e56c60648070_NeikiAnalytics.exe

Files

9fb01b7afe9dc6a5d9d6e56c60648070_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

934d7261c6da921854334bbc83df025d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Repositories\NBG\VampireStories\Project.Win32\Release\Incredible Dracula. Chasing Love CE.pdb

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTexture
D3DXGetImageInfoFromFileInMemory
D3DXMatrixMultiply
D3DXMatrixScaling
D3DXMatrixOrthoLH
D3DXMatrixTranslation
D3DXCreateTextureFromFileInMemoryEx

openal32

alcCreateContext
alcCloseDevice
alDeleteBuffers
alcOpenDevice
alSourcef
alSourcePlay
alSourcei
alGenBuffers
alListenerfv
alSourceStop
alSourcePause
alBufferData
alcMakeContextCurrent
alGetSourcei
alSourceRewind
alSourceQueueBuffers
alGetError
alGetSourcef
alGenSources
alSourceUnqueueBuffers

winmm

timeGetTime
timeBeginPeriod

psapi

GetProcessMemoryInfo

kernel32

EncodePointer
DecodePointer
IsProcessorFeaturePresent
LoadLibraryExA
GetModuleFileNameA
FormatMessageA
ExitProcess
CreateThread
ReleaseMutex
CreateMutexA
GetProcAddress
GetVersionExW
LoadLibraryW
GetModuleHandleW
SetThreadExecutionState
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
RaiseException
DeleteFileA
DeleteFileW
FindNextFileW
SetCurrentDirectoryW
FindClose
GetCurrentDirectoryW
CreateDirectoryA
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
IsDebuggerPresent
GetModuleFileNameW
Sleep
CreateMutexW
GetLastError
CloseHandle
SetConsoleTextAttribute
WaitForSingleObject
CreateProcessA
GetStdHandle
AllocConsole
GetCurrentProcess

user32

EnumWindows
GetSystemMetrics
GetClassLongW
GetWindowThreadProcessId
SetActiveWindow
SetForegroundWindow
SetFocus
ShowWindow
UpdateWindow
FindWindowA
LoadCursorW
SetCursor
GetActiveWindow
DispatchMessageW
DefWindowProcW
ToUnicode
SetWindowTextW
AdjustWindowRectEx
CreateWindowExW
SetWindowPos
SetWindowLongW
ReleaseDC
PeekMessageW
SetClassLongW
LoadIconW
RegisterClassExW
GetForegroundWindow
GetKeyboardState
ShowCursor
TranslateMessage
GetDC
GetClientRect
ShowWindowAsync
SystemParametersInfoW

gdi32

GetDeviceCaps

shell32

SHGetSpecialFolderPathW
ShellExecuteA

msvcp120

?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??Bid@locale@std@@QAEIXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Winerror_map@std@@YAPBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy
_Mtx_init
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xbad_function_call@std@@YAXXZ
?_BADOFF@std@@3_JB
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Release@_Pad@std@@QAEXXZ
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
??1_Pad@std@@QAE@XZ
??0_Pad@std@@QAE@XZ
_Xtime_get_ticks
_Thrd_detach
_Thrd_sleep
_Xtime_diff_to_millis2
_Mtx_unlock
xtime_get
_Mtx_lock
?_Xinvalid_argument@std@@YAXPBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z

msvcr120

isupper
iscntrl
islower
isxdigit
fscanf
tmpfile
_pclose
_popen
clearerr
rename
_mktime64
tmpnam
system
clock
_except1
strftime
setlocale
_difftime64
strrchr
localeconv
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CxxFrameHandler3
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
memcmp
atan
exp
log
abs
fabs
qsort
sqrt
pow
sin
cos
_CRT_RTC_INITW
_CIatan2
_CIcosh
_CIfmod
_CIsinh
_CItanh
_CxxThrowException
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_setjmp3
isalpha
memmove
_fseeki64
fread
_purecall
??3@YAXPAX@Z
ftell
fclose
exit
??2@YAPAXI@Z
printf
??_V@YAXPAX@Z
?terminate@@YAXXZ
?wait@Concurrency@@YAXI@Z
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
_errno
strtol
strtod
memchr
wcstol
__iob_func
fprintf
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
_localtime64
atoi
atof
fflush
fwrite
towlower
fseek
fopen
freopen
_ftelli64
sprintf
free
malloc
strstr
strchr
_wfopen
ferror
longjmp
rand
srand
fputc
_unlock_file
ungetc
fgetpos
fgetc
fsetpos
setvbuf
_lock_file
memcpy_s
feof
ldexp
realloc
getenv
memset
calloc
memcpy
floor
strerror
modf
frexp
abort
_gmtime64
remove
getc
ceil
_HUGE
isalnum
isdigit
toupper
strspn
_time64
strcoll
strpbrk
fgets
isgraph
isspace
ispunct
tolower

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rtc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

934d7261c6da921854334bbc83df025d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

d3dx9_43

openal32

winmm

psapi

kernel32

user32

gdi32

shell32

msvcp120

msvcr120

shlwapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 333KB - Virtual size: 333KB

.data Size: 138KB - Virtual size: 163KB

.CRT Size: 2KB - Virtual size: 1KB

.rtc Size: 512B - Virtual size: 112B

.rsrc Size: 489KB - Virtual size: 488KB

.reloc Size: 124KB - Virtual size: 124KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 333KB - Virtual size: 333KB

.data
Size: 138KB - Virtual size: 163KB

.CRT
Size: 2KB - Virtual size: 1KB

.rtc
Size: 512B - Virtual size: 112B

.rsrc
Size: 489KB - Virtual size: 488KB

.reloc
Size: 124KB - Virtual size: 124KB