d192ae0a66f31f84df8430145efdcfc0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d192ae0a66f31f84df8430145efdcfc0_NeikiAnalytics.exe
Size

2.2MB
MD5

d192ae0a66f31f84df8430145efdcfc0
SHA1

582a7c4aaefefb32d644c5079222f83b07af893f
SHA256

72ffcee30e47e34c55e7bd03c8f83641d03dd5fc6a018449cd9fbd846eef6d80
SHA512

85605e4eb1c894c7b997468862a3d781e49453df071fdf3e047873f64d9c9ca25be93e11e1ab2e87fc0c242c3859464b5c8676f9e20a4e2023259c97beb46539
SSDEEP

49152:Hrycu4XEJNS9s/bB31GVyb6abgbzHeNpqJQPtWPf:Hrycu4XEJNS9s/b9cVigfopqJQPtsf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d192ae0a66f31f84df8430145efdcfc0_NeikiAnalytics.exe

Files

d192ae0a66f31f84df8430145efdcfc0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

9b27e3204ff26fab0f28940a0e438efd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA

kernel32

GetACP
GetComputerNameA
GetComputerNameW
GetConsoleCP
GetConsoleOutputCP
GetCPInfoExW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentThread
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPriorityClass
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
IsBadReadPtr
IsDBCSLeadByteEx
IsValidLocale
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalAlloc
LocalFree
LocalSize
LockResource
lstrcmpA
lstrcmpiW
lstrlenW
MapViewOfFile
FreeResource
OpenFileMappingA
OpenFileMappingW
OpenProcess
QueryPerformanceFrequency
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetLastError
SetNamedPipeHandleState
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapReAlloc
GetOEMCP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetEnvironmentVariableA
TlsAlloc
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetVersion
GetStartupInfoA
RtlUnwind
FormatMessageW
FormatMessageA
FlushInstructionCache
FindResourceW
FindResourceA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitThread
ExitProcess
EnumSystemLocalesW
EnumCalendarInfoW
DuplicateHandle
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetCommandLineW
LoadLibraryW
GetConsoleMode
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar

user32

SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageW
SendMessageTimeoutA
SendMessageA
ScreenToClient
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClassW
RegisterClassA
PostThreadMessageW
PostThreadMessageA
PostQuitMessage
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
MsgWaitForMultipleObjects
MessageBeep
SetRect
LoadImageW
LoadImageA
LoadCursorW
KillTimer
IsWindowVisible
IsWindowUnicode
IsIconic
IsDialogMessageW
InvalidateRect
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetSystemMenu
GetSysColorBrush
GetMessageW
GetMessageA
GetKeyState
GetIconInfo
GetFocus
GetDC
GetCursorPos
GetClientRect
SetWindowLongW
SetTimer
SetWindowPos
SetWindowTextA
SetWindowTextW
WindowFromPoint
UnregisterClassA
TranslateMessage
SystemParametersInfoW
LoadStringW
ShowWindow
CallWindowProcA
CallWindowProcW
CharLowerBuffW
CharNextW
CharUpperBuffW
CharUpperW
CloseClipboard
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyWindow
GetClassNameA
GetCapture
FrameRect
FindWindowA
FillRect
EnumWindows
EnableWindow
DrawTextW
DrawTextA
DrawIconEx
DrawFrameControl
DrawFocusRect
DispatchMessageW
EmptyClipboard

gdi32

StartPage
TextOutW
StartDocW
StartDocA
SetTextColor
SetMapMode
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
MoveToEx
LineTo
GetTextMetricsW
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetStockObject
GetRgnBox
GetObjectW
GetDeviceCaps
GdiFlush
EndPage
EndDoc
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePen
CreateFontW
TextOutA
CreateFontA

advapi32

ControlService
StartServiceW
SetSecurityDescriptorDacl
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
QueryServiceStatus
OpenServiceW
OpenSCManagerW
OpenProcessToken
InitializeSecurityDescriptor
GetUserNameW
GetUserNameA
GetTokenInformation
FreeSid
CreateServiceW
CloseServiceHandle

shell32

CommandLineToArgvW

oleaut32

VariantCopy
VariantClear
VariantChangeType
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
VariantInit

ws2_32

recvfrom
recv
select
htons
ioctlsocket
sendto
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
inet_addr

Sections

.text
Size: 760KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_SHORT3
Size: 996KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b27e3204ff26fab0f28940a0e438efd

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

oleaut32

ws2_32

Sections

.text Size: 760KB - Virtual size: 757KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 492KB - Virtual size: 492KB

_SHORT3 Size: 996KB - Virtual size: 1000KB

.text
Size: 760KB - Virtual size: 757KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 492KB - Virtual size: 492KB

_SHORT3
Size: 996KB - Virtual size: 1000KB