198738e2c19b0c245021642f10be98d0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

198738e2c19b0c245021642f10be98d0_NeikiAnalytics.exe
Size

3.4MB
MD5

198738e2c19b0c245021642f10be98d0
SHA1

8bee91bd2bf2566c2c9234c8dca39c9873836357
SHA256

57d566f84abfbbc1391ea651e8ad57f8a643c3ee6af68be0f86c766044cd016c
SHA512

af1d19057a2c8bc990f071765bc309098a756b6af7a944b23cc2d8ea21531fbd9276503022336e52c4fc38ca9ef10b5f70878a6c8f1b861ba7e7e0f810114c2f
SSDEEP

49152:7CG8qJpuUcmUmujq2r8gr/vrhLO+vKXjZJP7IIFWdzWQECq8r37UncPYkxKdvbqV:75CbhLaj3WHEsr37zwDdje

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
198738e2c19b0c245021642f10be98d0_NeikiAnalytics.exe

Files

198738e2c19b0c245021642f10be98d0_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

d0863185a7786da5eaf51b8cb7a09165

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NisSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

__p___argc
_exit
_c_exit
_cexit
__p___wargv
_register_thread_local_exe_atexit_callback
exit
abort
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_crt_atexit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
terminate
_errno
_register_onexit_function
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

_wfsopen
_wfopen
feof
fgetws
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
fclose
_get_stream_buffer_pointers
fwrite
fgetpos
fseek
fsetpos
setvbuf
fflush
ungetc
fgetc
__stdio_common_vsprintf_s
fputc
__stdio_common_vsnwprintf_s
_fseeki64
__stdio_common_vswprintf_s
_fsopen
_set_fmode
__p__commode

api-ms-win-crt-convert-l1-1-0

_itow_s
wcstoll
wcstoull
strtof
strtol
_wtoi
_i64toa_s
wcstol
wcstod
_ui64tow_s
strtod
strtoll
_ui64toa_s
_i64tow_s
_wcstod_l

api-ms-win-crt-heap-l1-1-0

_malloc_base
_callnewh
free
realloc
malloc
_recalloc
_set_new_mode
_free_base
_calloc_base
calloc

api-ms-win-crt-string-l1-1-0

wcsncmp
isalpha
strcpy_s
strnlen
memset
tolower
isspace
wcsnlen
__strncnt
isupper
_wcsdup
iswspace
_isctype_l
_stricmp
wcscpy_s
strcspn
iswupper
towupper
towlower
wcsncpy_s
iswlower
islower
iswxdigit
iswdigit
iswascii
isdigit
_wcsicmp
wcstok_s
wcscmp

api-ms-win-crt-math-l1-1-0

ceil
frexp
log2
pow
powf
ldexp

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
_configthreadlocale
___lc_locale_name_func
localeconv
_free_locale
setlocale
_unlock_locales
_lock_locales
___lc_collate_cp_func
_create_locale
__pctype_func

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

kernel32

GetFileSizeEx
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
MultiByteToWideChar
RaiseException
FreeLibrary
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
SetEvent
TerminateProcess
GetCurrentProcess
DeleteFiber
CreateFiberEx
ConvertFiberToThread
IsThreadAFiber
ConvertThreadToFiber
SwitchToFiber
WideCharToMultiByte
SetErrorMode
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitOnceExecuteOnce
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
DuplicateHandle
Sleep
GetCurrentThread
RtlPcToFileHeader
EncodePointer
DecodePointer
GetStringTypeW
InitializeCriticalSectionEx
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
SleepConditionVariableCS
GetSystemTimeAsFileTime
InitializeSListHead
RtlLookupFunctionEntry
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalFree
CloseThreadpoolWork
GetThreadPreferredUILanguages
GetUserPreferredUILanguages
GetSystemPreferredUILanguages
SetThreadPreferredUILanguages
GetProcessId
GetPackageFullName
CreateMutexW
GetSystemInfo
UnmapViewOfFile
GetFileInformationByHandleEx
FindFirstFileExW
WaitForThreadpoolWorkCallbacks
CloseThreadpool
CreateFile2
GetFileAttributesExW
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpool
SubmitThreadpoolWork
GetTickCount
DeviceIoControl
LockResource
FindResourceW
CreateFileW
WaitForThreadpoolIoCallbacks
CopyFile2
MapViewOfFile
CloseThreadpoolIo
CreateFileMappingW
ResetEvent
GetSystemDirectoryW
GetPackagesByPackageFamily
GetVersionExW
CancelIoEx
ExpandEnvironmentStringsW
QueryFullProcessImageNameW
CreateEventW
QueryUnbiasedInterruptTime
CreateThreadpoolIo
CancelThreadpoolIo
StartThreadpoolIo
CreateDirectoryW
SwitchToThread
AcquireSRWLockShared
ReleaseSRWLockShared
GetProcessTimes
GetFileAttributesW
FindClose
FindNextFileW
GetLongPathNameW

oleaut32

VarUI4FromStr

advapi32

ImpersonateLoggedOnUser
RevertToSelf
RegGetValueW
RegSetKeyValueW
RegOpenCurrentUser
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegQueryValueExW
CloseServiceHandle
ControlService
StartServiceW
OpenServiceW
OpenSCManagerW
RegisterTraceGuidsW
GetTraceEnableFlags
OpenProcessToken
OpenThreadToken
EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoRevertToSelf
CoImpersonateClient

user32

UnregisterClassA
CharNextW

api-ms-win-core-winrt-l1-1-0

RoInitialize

bcrypt

BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptCreateHash

normaliz

IdnToAscii

crypt32

CryptUnprotectMemory
CryptBinaryToStringW

ws2_32

ntohs
htonl
inet_ntop

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA

mpclient

MpConfigClose
MpConfigGetValueAlloc
MpHandleClose
MpNotificationRegister
MpManagerOpen
MpFreeMemory
MpConfigUninitialize
MpConfigOpen
MpConfigInitialize
MpClientUtilExportFunctions
MpUtilsExportFunctions

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wremove
_wrmdir
_wrename
_unlock_file

shell32

SHGetKnownFolderPath
ord171

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathAllocCombine

shlwapi

PathFindFileNameW

api-ms-win-core-realtime-l1-1-1

QueryInterruptTimePrecise

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpWriteData
WinHttpConnect
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpSetStatusCallback

ntdll

RtlGetVersion

api-ms-win-crt-utility-l1-1-0

rand_s

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetGetJoinInformation

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 586KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0863185a7786da5eaf51b8cb7a09165

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

kernel32

oleaut32

advapi32

ole32

user32

api-ms-win-core-winrt-l1-1-0

bcrypt

normaliz

crypt32

ws2_32

api-ms-win-core-libraryloader-l1-2-0

mpclient

api-ms-win-crt-filesystem-l1-1-0

shell32

api-ms-win-core-path-l1-1-0

shlwapi

api-ms-win-core-realtime-l1-1-1

winhttp

ntdll

api-ms-win-crt-utility-l1-1-0

version

netapi32

slc

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 457KB - Virtual size: 456KB

.data Size: 586KB - Virtual size: 631KB

.pdata Size: 72KB - Virtual size: 71KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 457KB - Virtual size: 456KB

.data
Size: 586KB - Virtual size: 631KB

.pdata
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 576KB - Virtual size: 580KB