f07721fe962739606c74138d5b178de0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f07721fe962739606c74138d5b178de0_NeikiAnalytics.exe
Size

4.7MB
MD5

f07721fe962739606c74138d5b178de0
SHA1

9d5d581ecbb16c880e3a4cf3a7185c07fb6d1063
SHA256

bf27a1dffd16cc2076b05b82b1c43e7ef27ee51ff16ae7d7f787a0428bfc26d3
SHA512

f0054b4c62033ccbb7c4168f87fab64b71a98585c79ebea9d59492136c4ac70507e5037ba4933c023644652acf84d614f18e5dcd82cfddb483bfa6da3160c858
SSDEEP

98304:7YLOYc1pvekqW51rqMiztrWtFvzKNMODCkIivkxx2e8IRfoxFo9kvi95RHweQ:kLgrr0BWtFvzKyUPcLX88fono9kvCu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f07721fe962739606c74138d5b178de0_NeikiAnalytics.exe

Files

f07721fe962739606c74138d5b178de0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

c705f4de7c1978e0b50c555d21bccf35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\scm_farm\zhcn_bvt\DataStores\Sword3\Source\Tools\Updater\GameUpdater\Win32\Release_2012\gameupdater.pdb

Imports

psapi

EnumProcesses
GetModuleFileNameExA

shlwapi

PathStripToRootA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathFindFileNameA
PathFileExistsA
StrFormatKBSizeA

wininet

InternetReadFile
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
HttpQueryInfoA
InternetOpenUrlA
HttpSendRequestA
DeleteUrlCacheEntry
InternetCloseHandle
InternetOpenA

urlmon

URLDownloadToFileA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetUserDefaultLCID
FindResourceExW
GetCPInfoExA
SetFileAttributesW
GetExitCodeProcess
ResetEvent
lstrlenA
CreateThread
GetExitCodeThread
GetPrivateProfileStringW
GetLocalTime
GetComputerNameA
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetPrivateProfileIntW
WritePrivateProfileStringW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
MoveFileExW
CopyFileW
GetSystemTime
CreateFileW
FindFirstFileW
FindNextFileW
GetFullPathNameW
CreateFileMappingW
CreateDirectoryW
GetDriveTypeW
DeleteFileW
SetFilePointerEx
GetFileAttributesExW
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
HeapQueryInformation
VirtualAlloc
RtlUnwind
GetCommandLineA
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetProfileIntA
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LCMapStringW
RaiseException
GetDiskFreeSpaceA
VirtualProtect
SearchPathA
SetEnvironmentVariableA
OutputDebugStringW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
ReadConsoleW
GetTimeZoneInformation
IsValidCodePage
GetStdHandle
EnumSystemLocalesW
IsValidLocale
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
WaitForSingleObject
GetDriveTypeA
InitializeCriticalSection
GetPrivateProfileIntA
Sleep
LeaveCriticalSection
CreateProcessA
GetSystemDirectoryA
MultiByteToWideChar
FindFirstFileA
GetLogicalDriveStringsA
GetLastError
GetProcAddress
EnterCriticalSection
SetFileAttributesA
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalMemoryStatusEx
GetSystemInfo
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
DeleteCriticalSection
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
lstrcpyA
GetACP
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetLocaleInfoW
CompareStringW
InterlockedExchange
GlobalFlags
GetVolumeInformationA
MoveFileA
lstrcmpiA
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
DecodePointer
EncodePointer
FileTimeToSystemTime
GlobalGetAtomNameA
lstrcmpA
CompareStringA
ResumeThread
SetThreadPriority
GetCurrentThreadId
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetVersion
OutputDebugStringA
GetFileAttributesW
FormatMessageA
MulDiv
GlobalSize
FindResourceW
GetCurrentProcessId
LocalReAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
SystemTimeToFileTime
SetFilePointer
SetCurrentDirectoryA
WinExec
GetCurrentDirectoryA
RemoveDirectoryA
GetFileTime
WaitForMultipleObjects
ReadFile
InterlockedIncrement
MoveFileExA
LocalFree
LocalAlloc
WideCharToMultiByte
OpenProcess
DeleteFileA
OpenEventW
CreateEventW
LockResource
CreateDirectoryA
TerminateProcess
SizeofResource
WriteFile
SetEvent
LoadResource
FreeResource
FindResourceA
CreateFileA
GetTickCount
InterlockedDecrement
LoadLibraryA
CopyFileA
FreeLibrary
CreateEventA
CloseHandle
GetVersionExA
GetDiskFreeSpaceExA
GetStringTypeW

user32

DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
WaitMessage
PostThreadMessageA
GetSystemMenu
IsZoomed
GetComboBoxInfo
LoadMenuW
TrackMouseEvent
GetKeyNameTextA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
MonitorFromPoint
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
LoadImageW
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
MapVirtualKeyA
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
LoadCursorW
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
CreateDialogIndirectParamA
InvalidateRect
CopyAcceleratorTableA
SetTimer
DeleteMenu
ShowOwnedPopups
IntersectRect
IsIconic
CopyImage
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
FillRect
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
CharUpperA
DestroyIcon
MapDialogRect
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
DestroyCursor
SetCursorPos
SetRect
SetParent
GetTopWindow
GetClassNameA
GetClassLongA
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
LockWindowUpdate
SetClassLongA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
KillTimer
CreateMenu
MoveWindow
SetDlgItemTextA
DialogBoxParamA
LoadCursorA
GetSystemMetrics
EndDialog
GetDlgItem
BeginPaint
GetWindowRect
ScreenToClient
SetCursor
EndPaint
DispatchMessageA
PostMessageA
ShowWindow
DefWindowProcA
ReleaseDC
PeekMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
TranslateMessage
GetDC
GetClientRect
LoadIconA
RegisterClassExA
UpdateLayeredWindow
DestroyWindow
MessageBoxA
RegisterClassA
UpdateWindow
PostQuitMessage
GetMessageA
LoadStringA
wsprintfA
UnhookWindowsHookEx
SendMessageA
EnableWindow
IsWindowEnabled
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
GetMenuState
GetSubMenu
GetWindowRgn
DrawIcon
IsDialogMessageA
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
GetSysColor
GetSysColorBrush
GetWindowTextA
GetWindowTextLengthA
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsWindow
GetClassInfoExA
GetClassInfoA
CallWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
LoadBitmapW
SetMenuItemInfoA

gdi32

ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
Escape
SetRectRgn
DPtoLP
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetObjectA
SetBkColor
CreateBitmap
CreateDCA
CopyMetaFileA
GetStockObject
BitBlt
DeleteDC
CreateDIBSection
GetDeviceCaps
CreateCompatibleDC
TextOutA
GetTextMetricsA
SelectObject
DeleteObject
SetBkMode
PatBlt
SetTextColor
CreateFontA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegDeleteKeyW
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderPathW
SHAppBarMessage
SHBrowseForFolderA
ShellExecuteA
DragFinish
DragQueryFileA
SHGetDesktopFolder

ole32

IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
OleDraw
OleCreate
OleUninitialize
OleInitialize
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
RevokeDragDrop

oleaut32

SysStringLen
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VarBstrFromDate
VariantInit
VariantClear
SysFreeString
GetErrorInfo
SysAllocString

setupapi

SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

msimg32

TransparentBlt
AlphaBlend

uxtheme

GetThemeColor
DrawThemeParentBackground
DrawThemeText
CloseThemeData
DrawThemeBackground
GetCurrentThemeName
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetThemePartSize
OpenThemeData

ws2_32

WSARecv
ntohl
WSAStartup
WSACleanup
WSASocketA
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
closesocket
setsockopt
WSAEnumNetworkEvents
WSASend
inet_ntoa
ntohs
gethostbyname
inet_addr
WSAConnect
htons

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c705f4de7c1978e0b50c555d21bccf35

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

shlwapi

wininet

urlmon

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

setupapi

msimg32

uxtheme

ws2_32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 399KB - Virtual size: 399KB

.data Size: 30KB - Virtual size: 65KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 441KB - Virtual size: 440KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 399KB - Virtual size: 399KB

.data
Size: 30KB - Virtual size: 65KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 441KB - Virtual size: 440KB