f0694164465248013f0bedbb6fa0b610_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f0694164465248013f0bedbb6fa0b610_NeikiAnalytics.exe
Size

1.4MB
MD5

f0694164465248013f0bedbb6fa0b610
SHA1

897df009d6641a09b4e9640b28c136689819797b
SHA256

b624858be2b353eb43e2fee9c4894b5fa96cf391e3b6a5480167923b540b3d59
SHA512

bc65510534b2e0d539cf56b5a7cf69ac0066b48a30e2123d5c1fcc29036968c6720faa00a38935603513e68e3a07873d4d8e7a08abc300a71a78ace4f967b38f
SSDEEP

12288:YhbaD5etyIkaNqNdUdZVfIex92/X1BaG:3aBkaNqNdUJgeeX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0694164465248013f0bedbb6fa0b610_NeikiAnalytics.exe

Files

f0694164465248013f0bedbb6fa0b610_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

32438dbee4177bac8a1bf64786b15f60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\kir-p4\rpcs96\drivers\krp4\src\code64\gr64\lib\amd64\rpcsgr.pdb

Imports

msvcrt

memset
wcscpy
_itow
wcsstr
_itoa
wcschr
atoi
strncmp
_strcmpi
_stricmp
_ltoa
_wtol
wcsncmp
memcmp
__C_specific_handler
strcmp
sprintf
wcsncpy
wcsrchr
_wcsicmp
_wtoi
_strnicmp
strlen
_wcsnicmp
memcpy
wcslen
wcscmp
wcscat
strcpy
strcat
malloc
free
_initterm
swprintf

ntdll

RtlCaptureContext
VerSetConditionMask
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GlobalFree
GlobalAlloc
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
Sleep
SetUnhandledExceptionFilter
MulDiv
LoadLibraryA
GetEnvironmentVariableW
SetEnvironmentVariableW
IsDBCSLeadByteEx
GetFileSize
CreateFileMappingW
GetLastError
GetWindowsDirectoryW
GetSystemDirectoryW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
GetFileTime
CreateFileW
WaitForSingleObject
DeleteFileW
FindClose
FindFirstFileW
ReadFile
WriteFile
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
GetProcAddress
GetCurrentThread
LoadLibraryW
LocalFree
LocalAlloc
GetACP
CreateMutexW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
GetVersionExW
VerifyVersionInfoW
SetFilePointer
UnmapViewOfFile
CompareFileTime
IsDBCSLeadByte
GlobalReAlloc
GetPrivateProfileStringA
GetPrivateProfileIntA
MapViewOfFile

winspool.drv

GetJobW
GetPrinterDriverW
GetPrinterDataW
GetPrinterW
SetPrinterDataW

mscms

OpenColorProfileW
CloseColorProfile
DeleteColorTransform
CreateColorTransformW

gdi32

EngStretchBlt
CLIPOBJ_bEnum
EngCopyBits
FONTOBJ_cGetGlyphs
PATHOBJ_vGetBounds
EngUnicodeToMultiByteN
STROBJ_vEnumStart
STROBJ_bEnum
FONTOBJ_pifi
EngTextOut
FONTOBJ_pxoGetXform
XFORMOBJ_iGetXform
EngGetCurrentCodePage
EngCreatePalette
EngDeletePalette
EngCreateBitmap
EngMarkBandingSurface
EngCreateDeviceSurface
EngAssociateSurface
EngDeleteSurface
EngQueryLocalTime
EngStretchBltROP
BRUSHOBJ_pvGetRbrush
PATHOBJ_vEnumStart
PATHOBJ_bEnum
EngStrokeAndFillPath
XFORMOBJ_bApplyXform
EngFindResource
EngUnlockSurface
EngLockSurface
CLIPOBJ_cEnumStart
EngDeletePath
CLIPOBJ_ppoGetPath
EngBitBlt
EngEraseSurface
BRUSHOBJ_pvAllocRbrush
EngStrokePath
EngFillPath
TranslateCharsetInfo

user32

LoadStringW

advapi32

OpenThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
FreeSid
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorOwner
GetUserNameW
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
AddAccessAllowedAce
ImpersonateSelf
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken

Exports

Exports

DllMain
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32438dbee4177bac8a1bf64786b15f60

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

winspool.drv

mscms

gdi32

user32

advapi32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 29KB - Virtual size: 31KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 110KB - Virtual size: 109KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 29KB - Virtual size: 31KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 110KB - Virtual size: 109KB

.reloc
Size: 21KB - Virtual size: 21KB