54201b70526429b3391fded99dd5b360_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

54201b70526429b3391fded99dd5b360_NeikiAnalytics.exe
Size

824KB
MD5

54201b70526429b3391fded99dd5b360
SHA1

114ff0570dca71e92fab41cf606d43de5d7ee515
SHA256

cf2c81d66b27812e63446cbe15a09d1485ce76e24695dd6b34b8e0bd692bc1f5
SHA512

53b25c22525493f5655ca4b563feea4222f4cd2c54c78f638d92414031d3a3a1c6d47ce7a315db71e9523150cb0f15dcd02e483a88a969f915e0714e878ff8d7
SSDEEP

24576:D7WzW5v1kM8BpDLQqIK15sEwzCHwcIVa5w2/5eE:fWA118nPIKozcf/IE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
54201b70526429b3391fded99dd5b360_NeikiAnalytics.exe

Files

54201b70526429b3391fded99dd5b360_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

86754fbddf0cdf7b878fb371822067ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetVersionExA
WideCharToMultiByte
CreateFileW
CreateFileA
CreateFileMappingA
SizeofResource
LoadResource
FindResourceW
GetFullPathNameA
lstrcmpiA
HeapAlloc
GetProcessHeap
HeapFree
DisableThreadLibraryCalls
FindResourceA
LockResource
EnterCriticalSection
GetTickCount
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
UnmapViewOfFile
GetFileSize
MapViewOfFile
GetLastError
FormatMessageA
LocalFree
WriteFile
GetModuleHandleA
LoadLibraryA
GetProcAddress
FatalAppExitA
DebugBreak
GetProfileIntA
OutputDebugStringA
IsProcessorFeaturePresent
GetSystemInfo
GlobalMemoryStatus

user32

SetWindowLongA
GetWindowLongA
ClientToScreen
GetClientRect
MessageBoxA
DefWindowProcA

ole32

CreateStreamOnHGlobal

d3d9

Direct3DCreate9

winmm

timeGetTime

ddraw

DirectDrawCreateEx

gdiplus

GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipLoadImageFromStream
GdipAlloc
GdipFree

engine

?get_jpg_image@@YAPAUKSGImageContent@@QBDI@Z
?release_image@@YAXPAUKSGImageContent@@@Z
?SprReleaseHeader@@YAXPAUSPRHEAD@@@Z
?SprGetHeader@@YAPAUSPRHEAD@@PBDAAPAUSPROFFS@@@Z
?SprGetFrame@@YAPAUSPRFRAME@@PAUSPRHEAD@@H@Z
?SprReleaseFrame@@YAXPAUSPRFRAME@@@Z
?g_GetMainHWnd@@YAPAUHWND__@@XZ
??0KPakFile@@QAE@XZ
?Open@KPakFile@@QAEHPBD@Z
?Read@KPakFile@@QAEKPAXI@Z
??1KPakFile@@QAE@XZ
?Close@KPakFile@@QAEXXZ
?g_FindDebugWindow@@YAPAUHWND__@@PAD0@Z
TGetSecondVisibleCharacterThisLine
?g_FileName2Id@@YAKPAD@Z
?SaveBuffer32@KBmpFile24@@SAHPADPAXHHH@Z
TIsCharacterNotAlowAtLineHead
?g_DebugLog@@YAXPADZZ

msvcrt

_setjmp3
isdigit
isspace
_CIpow
floor
_CIasin
longjmp
exit
_strdup
setlocale
atof
tolower
isalnum
isalpha
isxdigit
strncmp
toupper
memmove
qsort
fread
fseek
fwrite
fclose
strncpy
tmpfile
printf
_fpclass
_isnan
ceil
_CItanh
_CIsinh
_CIfmod
_CIexp
_CIcosh
_stricmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
_vsnprintf
_snprintf
_EH_prolog
_controlfp
_finite
_CIacos
sprintf
wcscmp
atoi
free
malloc
_ftol
_purecall
??2@YAPAXI@Z
__CxxFrameHandler
_except_handler3

gdi32

DeleteObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

CreateRepresentShell
RepresentIsModuleRecommended

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86754fbddf0cdf7b878fb371822067ab

Headers

File Characteristics

Imports

kernel32

user32

ole32

d3d9

winmm

ddraw

gdiplus

engine

msvcrt

gdi32

advapi32

Exports

Exports

Sections

.text Size: 660KB - Virtual size: 659KB

.rdata Size: 100KB - Virtual size: 96KB

.data Size: 40KB - Virtual size: 47KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 660KB - Virtual size: 659KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 40KB - Virtual size: 47KB

.reloc
Size: 20KB - Virtual size: 19KB