e8350902cb53a514a6efa4544c3ef000_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e8350902cb53a514a6efa4544c3ef000_NeikiAnalytics.exe
Size

239KB
MD5

e8350902cb53a514a6efa4544c3ef000
SHA1

64568a5e8b13391442911e2b5d131e2db7c1333f
SHA256

45c4f243ae456b0d39d612a162e18af252a9bbfd5febd24245581ee95ad8bc4e
SHA512

66e30a48e7b60891b4c366b8967e90727981901d259c07b692ad4c586e700778a935897954c23f9867dd76da54e0a46aa0aee0a54e3cbd32bcdbb73469c0c930
SSDEEP

6144:1kRdzOz6x5wKdheofmoXgrJewmlitBFLaOujG85aCqK2Pct99DuZTthd:b6/wKdhNXgrkZcFLaOujGA9qN0K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8350902cb53a514a6efa4544c3ef000_NeikiAnalytics.exe

Files

e8350902cb53a514a6efa4544c3ef000_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

31fab38f9e35c3ba206912cfdcafca26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\dwyne\Documents\Careers\Programming\Code Projects\VC6 Onflow\onflow source (02 17, 2022)\Windows32\Stub\release\Stub.pdb

Imports

kernel32

GetTempPathA
GetLastError
LocalFree
FormatMessageA
GetTempFileNameA
LoadLibraryExA
GetModuleFileNameA
SizeofResource
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
FindResourceA
GetCurrentThreadId
GetModuleHandleA
MultiByteToWideChar
DisableThreadLibraryCalls
RaiseException
IsDBCSLeadByte
LoadResource
DecodePointer
GetModuleHandleW
WideCharToMultiByte
lstrcmpiA
MulDiv
GetShortPathNameA
CopyFileA
LockResource
DeleteFileA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CreateProcessA
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
GetFileAttributesExW
DeleteFileW
LCMapStringW
CompareStringW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStringTypeW
HeapReAlloc
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
FindClose
GetWindowsDirectoryA
lstrcpyA
Sleep
CreateFileA
WriteFile
CloseHandle
FreeLibrary
lstrcatA
GetSystemDirectoryA
lstrlenA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
SetStdHandle
CreateFileW
GetTimeZoneInformation
GetCPInfo
VirtualQuery
VirtualProtect
GetSystemInfo
ReadFile
HeapSize
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

SendMessageA
SetCursor
LoadCursorA
MessageBoxA
LoadStringA
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
RegisterClassExA
CharNextA
GetKeyState
GetFocus
DestroyWindow
GetDC
SetWindowPos
EqualRect
SetWindowRgn
UnionRect
ShowWindow
IsWindow
GetClassInfoExA
OffsetRect
SetWindowLongA
CallWindowProcA
IsChild
GetWindowLongA
DefWindowProcA
CreateWindowExA
IntersectRect
SetFocus
CharNextW
GetClientRect
UnregisterClassA
PtInRect

gdi32

SaveDC
SetWindowOrgEx
CreateRectRgnIndirect
GetDeviceCaps
DeleteDC
SetViewportOrgEx
RestoreDC
LPtoDP
CreateDCA
SetMapMode

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA

ole32

CreateOleAdviseHolder
CoTaskMemFree
WriteClassStm
StringFromGUID2
OleRegEnumVerbs
CoTaskMemRealloc
OleRegGetUserType
OleSaveToStream
CoCreateInstance
CoTaskMemAlloc
OleRegGetMiscStatus

oleaut32

UnRegisterTypeLi
LoadRegTypeLi
VariantInit
LoadTypeLi
SysFreeString
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocString
OleCreatePropertyFrame
SysStringLen
SysAllocStringLen
VariantChangeType
VariantClear
VarUI4FromStr

Exports

Exports

CanPatchOnDemand
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
PatchOnDemand
Play_From_File
Private_Destroy
Private_DestroyStream
Private_HandleEvent
Private_Initialize
Private_New
Private_NewStream
Private_Print
Private_SetWindow
Private_Shutdown
Private_StreamAsFile
Private_URLNotify
Private_Write
Private_WriteReady
Stub_Force_Serialize
get_URL

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31fab38f9e35c3ba206912cfdcafca26

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 10KB