dbee293aa3a879065722a776cb0f95e0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dbee293aa3a879065722a776cb0f95e0_NeikiAnalytics.exe
Size

1.4MB
MD5

dbee293aa3a879065722a776cb0f95e0
SHA1

af6ebb5b7f876380504205130e59c2dbf53db6b3
SHA256

ee878a7afd645a73545c43d2924a084a297d472c1f30533a0de1c7ff9962e47d
SHA512

5205403da0fde2214cc4dee9d61e22d618b3046982e0d2f693494363467d1c79af0209bf14fe869c7ce519ac026c1823a618c8feb2565b9d6da9651455254493
SSDEEP

24576:SYLLxQodTsBuP1HNpGGhptBnrPwTXJ+VEVr8szgVqTzyp/NtpkonUDqyrEH7so:PLVQ4I8HfbTqfYqgVqTWp/NtK6UDqR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbee293aa3a879065722a776cb0f95e0_NeikiAnalytics.exe

Files

dbee293aa3a879065722a776cb0f95e0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

e171e82bd78c7fde19fae38bfba6002d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\source\ezPDFWSLauncher_Lee\Release_CDC\ezPDFWSLauncher.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetFileSize
ReadFile
SetEndOfFile
GetCurrentDirectoryW
WaitNamedPipeA
GetProcAddress
LoadLibraryA
GetCurrentProcess
CloseHandle
TerminateProcess
OpenProcess
GetLocalTime
DeleteCriticalSection
DeleteFileA
GetLastError
GetModuleFileNameA
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
WriteFile
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
SetStdHandle
FlushFileBuffers
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryExW
SetFilePointerEx
ReadConsoleW
GetModuleFileNameW
HeapSize
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GetFullPathNameW
CreateFileA
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
FlushConsoleInputBuffer
SetLastError
SetFilePointer
GetSystemTimeAsFileTime
CreateFileW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
ResumeThread
HeapReAlloc
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetTimeZoneInformation
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount

user32

GetForegroundWindow
GetWindowThreadProcessId
FindWindowA
GetParent
GetWindow
WaitForInputIdle
SetForegroundWindow
SetFocus
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ControlService
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey
OpenSCManagerA
CreateProcessAsUserA
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
StartServiceA
CreateServiceA
DeleteService
OpenServiceA
CloseServiceHandle
RegCreateKeyExA

wtsapi32

WTSEnumerateSessionsA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

getaddrinfo
WSAGetLastError
htons
ntohs
getsockname
bind
freeaddrinfo
closesocket
send
recv
accept
listen
WSASetLastError
socket
setsockopt
gethostname
WSAWaitForMultipleEvents
gethostbyname
WSAResetEvent
WSACreateEvent
WSACleanup
getprotobyname
WSAEventSelect
WSAEnumNetworkEvents
select
inet_addr
WSAStartup
WSAIoctl
ioctlsocket
WSASetEvent
WSACloseEvent
connect
shutdown

crypt32

CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertAddEncodedCertificateToStore

Sections

.text
Size: 975KB - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e171e82bd78c7fde19fae38bfba6002d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

wtsapi32

userenv

ws2_32

crypt32

Sections

.text Size: 975KB - Virtual size: 974KB

.rdata Size: 300KB - Virtual size: 299KB

.data Size: 56KB - Virtual size: 74KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 975KB - Virtual size: 974KB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 56KB - Virtual size: 74KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 49KB - Virtual size: 49KB