4adeed6ef6870347e239e968e5fc21079d8b170f21f1f2ba5027ef2c8ebeb2cc_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

4adeed6ef6870347e239e968e5fc21079d8b170f21f1f2ba5027ef2c8ebeb2cc_NeikiAnalytics
Size

1.5MB
MD5

5e103e645d10df2d711f935d672235e0
SHA1

d8f1b24bf8d697bacc3b8a47b42334a6e4a91e25
SHA256

4adeed6ef6870347e239e968e5fc21079d8b170f21f1f2ba5027ef2c8ebeb2cc
SHA512

fb20689782bd47d560c0ec90b5a82ee3dbc05b2a4f7f765605e4cb2cacd5f22482735f7b5055bb8d17075dc4f298919fc34e671cac0482cdfb39096ab0495bdd
SSDEEP

24576:LA5tiIPzQamGI59I0/9tbAGlNV2itYBdi0303Ef:Let8amGyI0FRvXrEA0E4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4adeed6ef6870347e239e968e5fc21079d8b170f21f1f2ba5027ef2c8ebeb2cc_NeikiAnalytics

Files

4adeed6ef6870347e239e968e5fc21079d8b170f21f1f2ba5027ef2c8ebeb2cc_NeikiAnalytics
.exe windows:5 windows x64 arch:x64

970b51c0d6e0e4c9a732f94842d9366e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetDevicePropertyW
SetupOpenInfFileA
SetupCloseInfFile
SetupGetLineByIndexA
SetupGetLineCountA
SetupGetLineTextA
SetupDiSetDeviceRegistryPropertyA
SetupDiOpenClassRegKey
SetupDiClassGuidsFromNameA
SetupGetStringFieldA
SetupCopyOEMInfA
SetupDiOpenDevRegKey
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

shlwapi

SHDeleteEmptyKeyA
SHDeleteValueA
SHDeleteKeyA
PathGetArgsA
PathRemoveArgsA
PathUnquoteSpacesA

newdev

DiUninstallDevice
UpdateDriverForPlugAndPlayDevicesA

userenv

GetProfilesDirectoryA

kernel32

GetCPInfo
GetOEMCP
GetACP
DecodePointer
LockResource
FreeLibrary
GetProcAddress
LocalFree
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcess
GetExitCodeProcess
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
Sleep
LoadResource
SizeofResource
FindClose
CloseHandle
FormatMessageA
LoadLibraryA
GetModuleFileNameA
CreateProcessA
GetEnvironmentVariableA
FindResourceW
FindResourceExW
GetWindowsDirectoryA
GetSystemWow64DirectoryA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
SetFileAttributesA
GetFileAttributesA
FindFirstFileA
FindNextFileA
CopyFileA
WideCharToMultiByte
ExpandEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentThreadId
GetModuleHandleExA
GetSystemDirectoryA
MoveFileExA
IsWow64Process
MultiByteToWideChar
QueryPerformanceCounter
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCommandLineA
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetSystemTimeAsFileTime
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetStdHandle
IsProcessorFeaturePresent
EncodePointer
OutputDebugStringW
IsDebuggerPresent
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetFileType
DeleteFileW
GetStringTypeW
GetFileAttributesExW
SetFileAttributesW
GetTimeZoneInformation
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadFile
ReadConsoleW
WriteConsoleW
CreateFileW
SetEndOfFile
SetEnvironmentVariableA

user32

FindWindowA
SendMessageA

advapi32

GetTraceLoggerHandle
OpenProcessToken
AdjustTokenPrivileges
PrivilegeCheck
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
LookupPrivilegeValueA
GetTraceEnableLevel

shell32

ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

wintrust

WinVerifyTrust

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

970b51c0d6e0e4c9a732f94842d9366e

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

shlwapi

newdev

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

wintrust

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 9KB - Virtual size: 18KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 9KB - Virtual size: 18KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB