2a7c8133af0c34fcda6fe81ea58360e184777337e1e7db40c7289a1bc0e88b53_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2a7c8133af0c34fcda6fe81ea58360e184777337e1e7db40c7289a1bc0e88b53_NeikiAnalytics
Size

2.1MB
MD5

3184da47a8cfd0b2aff3c4fea031a4f0
SHA1

00a7224ce79d529cbedf0485434c33ba8d0ebffe
SHA256

2a7c8133af0c34fcda6fe81ea58360e184777337e1e7db40c7289a1bc0e88b53
SHA512

20f56e1971907fb0c18997afff44db2aac1bbf7ef9b4073c2bc41c2bd7f18341458331f4acbf773174e319ae94af5887052ee4e0b76aa315519f68652118a3f5
SSDEEP

49152:r0jsTyaYviaatFgXDIxx2+Gt3F+zx5RU:AIsiasFgTIn2+Gt1w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a7c8133af0c34fcda6fe81ea58360e184777337e1e7db40c7289a1bc0e88b53_NeikiAnalytics

Files

2a7c8133af0c34fcda6fe81ea58360e184777337e1e7db40c7289a1bc0e88b53_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

076a7d8dba99121d74cfe51dd43ac4b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\progs\Compiling\sumatrapdf\obj-rel\SumatraPDF-no-MuPDF.pdb

Imports

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
RegQueryValueExW
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptCreateHash
RegSetKeySecurity
RegOpenKeyExW
CryptDestroyHash
RegCloseKey
CryptHashData
RegEnumKeyW
OpenProcessToken
LookupPrivilegeValueW
SetFileSecurityW
SetFileSecurityA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA

kernel32

QueryPerformanceFrequency
LocalFree
SetFileAttributesW
GetUserDefaultUILanguage
ReadDirectoryChangesW
CreateFileW
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
CancelIo
GetTickCount
Sleep
DeleteCriticalSection
SetThreadExecutionState
GetSystemTime
GetLogicalDrives
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalDeleteAtom
GlobalAddAtomW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTempFileNameW
GetDriveTypeW
CreateDirectoryW
SetFileTime
WriteFile
ReadFile
WritePrivateProfileStringW
GetTempPathW
GetFileSizeEx
GetLongPathNameW
GetFileTime
GetFileAttributesExW
GetShortPathNameW
DeleteFileW
GetFileInformationByHandle
WideCharToMultiByte
MultiByteToWideChar
AllocConsole
CreateProcessW
SetConsoleScreenBufferSize
GetPrivateProfileStringW
FormatMessageA
LoadLibraryW
GetModuleFileNameW
GetStdHandle
GetProcAddress
GetConsoleScreenBufferInfo
GetVersion
lstrcpyW
InterlockedIncrement
RaiseException
OutputDebugStringW
GetThreadContext
VirtualQuery
GetCurrentThread
Thread32First
Thread32Next
OpenThread
GetModuleFileNameA
GetLastError
SuspendThread
ResumeThread
GetModuleHandleW
TryEnterCriticalSection
GetEnvironmentVariableW
GetExitCodeProcess
LocalFileTimeToFileTime
CreateFileA
SetFilePointer
SetConsoleCtrlHandler
MoveFileW
SetEndOfFile
FlushFileBuffers
GetFileType
GetFileAttributesA
CreateDirectoryA
SetFileAttributesA
DeviceIoControl
FindFirstFileA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
IsDBCSLeadByte
FreeLibrary
InterlockedCompareExchange
CreateEventA
InterlockedExchange
GetACP
GetTimeZoneInformation
LCMapStringW
CompareStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateProcessA
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
SetFilePointerEx
LoadLibraryExW
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryW
PeekNamedPipe
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetStringTypeW
SetLastError
GetOEMCP
IsValidCodePage
HeapSize
GetProcessHeap
GetCommandLineA
RtlUnwind
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
FindFirstFileExW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetPrivateProfileIntW
MulDiv
GetFileAttributesW
FormatMessageW
CopyFileW
QueryPerformanceCounter
InterlockedDecrement
MoveFileExW
WriteConsoleW
SetErrorMode
GetCommandLineW
ExitProcess
GetFullPathNameW
GetTimeFormatW
GetDateFormatW
LockResource
SizeofResource
LoadResource
FindResourceW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FindNextFileW
FindClose
FindFirstFileW
CreateThread
GetCurrentProcessId
CloseHandle
Module32NextW
GetCurrentThreadId
OutputDebugStringA
CreateToolhelp32Snapshot
GetSystemInfo
Module32FirstW
CreateEventW
GlobalMemoryStatusEx
GetEnvironmentVariableA
TerminateProcess
HeapCreate
HeapDestroy
GetVersionExW
SetEvent
WaitForSingleObject
HeapFree
GetCurrentProcess
SetUnhandledExceptionFilter
HeapAlloc
GetLocaleInfoA
HeapReAlloc
GetLocaleInfoW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetModuleHandleA

user32

EnumDisplayMonitors
GetPropW
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
SetPropW
RemovePropW
OemToCharBuffA
CharToOemBuffW
OemToCharA
CharUpperW
CharToOemA
CharLowerA
CharUpperA
GetMenu
DrawFrameControl
HideCaret
LoadImageW
ShowCaret
SetClassLongW
DdeInitializeW
DdeCreateStringHandleW
DdeFreeStringHandle
DdeUninitialize
DdeCreateDataHandle
DdeClientTransaction
DdeConnect
DdeDisconnect
DdeFreeDataHandle
FindWindowW
TranslateAcceleratorW
SetTimer
GetMessageW
PostQuitMessage
IsIconic
SetCapture
KillTimer
IsZoomed
GetKeyState
GetFocus
TrackMouseEvent
SetParent
IsCharUpperW
GetCapture
TranslateMessage
LoadAcceleratorsW
GetForegroundWindow
GetScrollInfo
InvalidateRect
SystemParametersInfoW
SetWindowPos
GetMonitorInfoW
LoadBitmapW
IsWindow
ShowScrollBar
GetCursor
MessageBoxW
ReleaseCapture
ScreenToClient
MonitorFromRect
CloseClipboard
EmptyClipboard
OpenClipboard
GetMenuItemID
ModifyMenuW
CheckMenuRadioItem
RemoveMenu
InsertMenuW
UpdateWindow
CheckMenuItem
GetWindowTextLengthW
ShowWindowAsync
ReuseDDElParam
MessageBeep
FindWindowExW
PostMessageW
GetSystemMetrics
wsprintfA
GetMessagePos
CallWindowProcW
DestroyMenu
MapWindowPoints
SendMessageW
CreateWindowExW
CreatePopupMenu
RedrawWindow
SetWindowLongW
EnableMenuItem
AppendMenuW
GetWindowLongW
SetFocus
CreateMenu
SetForegroundWindow
TrackPopupMenu
GetWindowRect
DestroyWindow
IsCharAlphaNumericW
CharLowerW
MoveWindow
DefWindowProcW
ShowWindow
LoadIconW
RegisterClassExW
BeginPaint
GetClientRect
CopyImage
DrawTextW
FillRect
SetActiveWindow
SetCursor
EndPaint
LoadCursorW
GetWindow
EnableWindow
SetDlgItemTextW
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
GetSysColor
SendDlgItemMessageW
GetWindowDC
GetWindowInfo
MonitorFromWindow
GetDesktopWindow
GetCursorPos
AdjustWindowRectEx
SetClipboardData
IsWindowVisible
SetMenuItemInfoW
IsWindowUnicode
UnpackDDElParam
GetDC
SetMenu
ReleaseDC
EndDialog
GetDlgItem
GetParent
DialogBoxParamW
DialogBoxIndirectParamW
DispatchMessageW
GetScrollPos
SetScrollInfo

gdi32

SetTextColor
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectW
BitBlt
AbortDoc
EndDoc
StartDocW
SetMapMode
CreateDCW
GetDeviceCaps
StartPage
DeleteDC
SetBkColor
SetWorldTransform
GetObjectW
SetDIBits
CreateCompatibleBitmap
GetDIBits
LineTo
SetGraphicsMode
MoveToEx
CreateDIBitmap
CreateRectRgn
StretchBlt
SetBkMode
SelectObject
EndPage
SelectClipRgn
Rectangle
SetStretchBltMode
CreateRoundRectRgn
CreatePen
RoundRect
TextOutW
GetStockObject
GetTextExtentPoint32W
DeleteObject

comdlg32

PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

shell32

ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
DragAcceptFiles
SHAddToRecentDocs
SHChangeNotify
SHGetFileInfoW
SHBindToParent

gdiplus

GdipCreateFontFamilyFromName
GdipCreatePen2
GdipCreateLineBrushFromRect
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipDrawRectangleI
GdipSetPenMode
GdipGetPathWorldBoundsI
GdipSetPenMiterLimit
GdipTransformPath
GdipClonePath
GdipStartPathFigure
GdipClosePathFigure
GdipAddPathLine
GdipDeleteBrush
GdipGetGenericFontFamilySansSerif
GdipCloneBrush
GdipCreateSolidFill
GdipAlloc
GdipDrawString
GdipGetFontHeight
GdiplusShutdown
GdipCreateStringFormat
GdipDeletePen
GdipGetImageEncoders
GdipCreateImageAttributes
GdipGetImageEncodersSize
GdipDisposeImageAttributes
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipSetWorldTransform
GdipSetImageAttributesWrapMode
GdipCreateFont
GdipDeleteFontFamily
GdipDeleteFont
GdipGetClip
GdipFree
GdipSetClipRegion
GdipDrawLine
GdipDrawRectangle
GdipDrawImageRectRect
GdipGetFontSize
GdipGetFontStyle
GdipSetTextRenderingHint
GdipFillRectangle
GdipSetClipRectI
GdipImageGetFrameCount
GdipInvertMatrix
GdipCreateMatrix
GdipSetPropertyItem
GdipFillEllipseI
GdipDeleteStringFormat
GdipGetImageWidth
GdipGetLogFontW
GdipDrawLineI
GdipFillRectangleI
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipSetCompositingQuality
GdipCreateRegion
GdipCloneStringFormat
GdipDeleteMatrix
GdipSaveImageToFile
GdipTransformMatrixPoints
GdiplusStartup
GdipAddPathRectangleI
GdipWindingModeOutline
GdipDrawPath
GdipDeleteGraphics
GdipDeletePath
GdipCreateFromHDC
GdipFillPath
GdipCreatePath
GdipCreatePen1
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetDC
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipCloneImage
GdipReleaseDC
GdipSetStringFormatFlags
GdipCloneBitmapAreaI
GdipScaleMatrix
GdipGetStringFormatFlags
GdipGetImageHeight
GdipMeasureString
GdipCreateBitmapFromStream
GdipBitmapSetResolution
GdipGetRegionBounds
GdipSetSmoothingMode
GdipBitmapUnlockBits
GdipTranslateMatrix
GdipSetStringFormatMeasurableCharacterRanges
GdipSetPageUnit
GdipDeleteRegion
GdipRotateMatrix
GdipMeasureCharacterRanges
GdipGetPropertyItemSize

ole32

CoCreateInstance
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
OleInitialize

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_Draw

winspool.drv

OpenPrinterW
DocumentPropertiesW
GetPrinterW
ClosePrinter
ord203

wininet

InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetConnectW
InternetReadFile
InternetOpenUrlW
InternetOpenW
HttpSendRequestA

oleaut32

VariantInit
VariantClear
SysAllocString

shlwapi

StrStrW
StrStrIW
PathIsRelativeW
SHDeleteValueW
SHDeleteKeyW
PathAppendW
SHSetValueW
StrRStrIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

libmupdf

pdf_new_dict
fz_new_device
xps_bound_page_quick_and_dirty
pdf_dict_gets
pdf_array_len
fz_calloc
fz_round_rect
pdf_resolve_indirect
xps_close_document
fz_new_buffer
pdf_dict_get_val
pdf_to_ucs2_buf
pdf_from_ucs2
fz_matrix_expansion
fz_free_text_sheet
fz_transform_rect
fz_free_device
fz_free_link_dest
pdf_to_name
pdf_open_document_with_stream
fz_moveto
fz_begin_group
fz_throw_imp
pdf_file_update_end
fz_free_context
pdf_array_get
pdf_dict_puts_drop
pdf_to_str_len
fz_strdup
fz_javascript_supported
xps_run_page
pdf_load_outline
pdf_new_string
pdf_is_array
fz_md5_init
pdf_obj_mark
fz_find_device_colorspace
pdf_lookup_dest
fz_image_to_pixmap
fz_new_stream
pdf_dict_get_key
pdf_parse_link_dest
fz_new_text_sheet
xps_lookup_link_target_obj
fz_rotate
fz_pixmap_bbox
pdf_copy_dict
pdf_dict_dels
pdf_dict_getp
pdf_is_real
pdf_has_permission
pdf_load_stream
pdf_to_gen
pdf_new_obj_from_str
pdf_new_bool
pdf_crypt_key
fz_new_draw_device
pdf_crypt_revision
pdf_count_pages
fz_open_file_w
xps_load_outline
pdf_new_rect
pdf_is_name
fz_free_display_list
xps_bound_page
fz_clear_pixmap_with_value
fz_open_buffer
pdf_authenticate_password
pdf_array_push
xps_open_document_with_stream
fz_new_bbox_device
fz_free_path
pdf_to_real
pdf_js_supported
fz_free
pdf_is_stream
fz_md5_update
xps_count_pages
fz_new_display_list
pdf_load_name_tree
fz_close
pdf_to_rect
fz_new_context
pdf_to_num
pdf_file_spec_to_str
pdf_to_bool
pdf_free_page
fz_fill_path
pdf_needs_password
fz_intersect_bbox
fz_seek
pdf_run_page_with_usage
fz_var_imp
fz_closepath
fz_end_group
pdf_is_int
fz_drop_buffer
fz_new_text_page
fz_scale
pdf_bound_page
pdf_load_page
fz_clone_stream
fz_new_gdiplus_device
fz_bbox_covering_rect
xps_load_page
pdf_crypt_version
fz_new_link
fz_free_outline
pdf_new_indirect
gzread
gzopen_w
gzclose
crc32
inflateInit2_
inflate
inflateEnd
deflateEnd
deflate
deflateInit2_
jpeg_start_decompress
jpeg_CreateDecompress
jpeg_destroy_decompress
jpeg_resync_to_restart
jpeg_read_header
jpeg_finish_decompress
jpeg_read_scanlines
jpeg_std_error
gzerror
gztell
gzopen
gzseek
fz_drop_pixmap
pdf_run_page
fz_tell
fz_convert_pixmap
fz_transform_point
fz_intersect_rect
fz_lineto
pdf_to_str_buf
fz_run_display_list
pdf_dict_len
fz_md5_final
pdf_is_indirect
pdf_is_dict
fz_free_text_page
fz_translate
pdf_file_update_append
pdf_dict_getsa
fz_push_try
pdf_dict_put
fz_invert_matrix
pdf_new_array
fz_new_text_device
pdf_close_document
pdf_cache_object
xps_extract_doc_props
fz_new_list_device
xps_free_doc_props
fz_new_path
pdf_drop_obj
fz_concat
pdf_obj_unmark
fz_read_all
fz_warn_imp
fz_new_pixmap_with_bbox
pdf_to_int
pdf_lex
pdf_file_update_start_w

urlmon

CoInternetGetSession

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

076a7d8dba99121d74cfe51dd43ac4b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

comdlg32

shell32

gdiplus

ole32

comctl32

winspool.drv

wininet

oleaut32

shlwapi

version

libmupdf

urlmon

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 70KB - Virtual size: 131KB

.rsrc Size: 138KB - Virtual size: 138KB

.reloc Size: 114KB - Virtual size: 113KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 70KB - Virtual size: 131KB

.rsrc
Size: 138KB - Virtual size: 138KB

.reloc
Size: 114KB - Virtual size: 113KB