259dbae4264e5c9452a18e38d97facf0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

259dbae4264e5c9452a18e38d97facf0_NeikiAnalytics.exe
Size

727KB
MD5

259dbae4264e5c9452a18e38d97facf0
SHA1

8000c4b4336d4bf307cc81e1996e8740f7e21745
SHA256

a2ca543a0ad9b7462290c2ec52e7595e904ce1d1361aa1ea1912e061141fda51
SHA512

7012096f7fe2a12c7c7440ab56f4cbb05456c51af3819e62a60ea80d8846d4a96d4d9224ea27d603ec57b0621d29de8c5f75b47a838e32322fb690b50a37749c
SSDEEP

3072:3VP9Je5Wwb+KLzvxOAjSr8ED0B83A4VI1iQ/vz2g/yNGarAXI:35aAwygjxNO3AsZQ/ag4trAXI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
259dbae4264e5c9452a18e38d97facf0_NeikiAnalytics.exe

Files

259dbae4264e5c9452a18e38d97facf0_NeikiAnalytics.exe
.exe windows:1 windows x86 arch:x86

2d5a33fe61b0236c70cfa1b4e38617ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetTextMetricsA
MoveToEx
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextColor

kernel32

CloseHandle
CreateFileA
CreateProcessA
DeleteFileA
EnumResourceNamesA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetCurrentDirectoryA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetVersionExA
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalReAlloc
LoadLibraryA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
FormatMessageA
FreeLibrary
RtlMoveMemory

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CheckRadioButton
ClientToScreen
CreateAcceleratorTableA
CreateDialogIndirectParamA
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DeleteMenu
DestroyAcceleratorTable
DestroyIcon
DestroyWindow
DialogBoxIndirectParamA
DispatchMessageA
DrawMenuBar
EnableWindow
FillRect
GetClientRect
GetDC
GetDlgCtrlID
GetDlgItem
GetMenu
GetMenuItemInfoA
GetSysColor
GetSysColorBrush
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InsertMenuItemA
IsDialogMessageA
IsWindow
LoadIconA
LoadImageA
MapDialogRect
MessageBoxA
PeekMessageA
PostMessageA
RedrawWindow
ReleaseDC
ScreenToClient
SendMessageA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TranslateAccelerator
TranslateMessage
ChildWindowFromPointEx
DestroyCursor
DialogBoxParamA
EnableMenuItem
EnumWindows
GetSystemMenu
GetWindow
GetWindowPlacement
MapVirtualKeyA
keybd_event

shell32

ShellExecuteA

comctl32

InitCommonControls
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetIcon
ImageList_LoadImageA
CreateToolbarEx
CreateStatusWindowA

wininet

InternetOpenA
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA

sigrid

INITGRID

..\ft\dwin

CREATEHANDCURSOR
PREFILLLOGIN
SETSECURITY
CREATEADMINACCOUNT
ATTACHMENU
ATTACHMENUSP
GETOSVERSIONINFO
SHOWHIDELASTNINE
SHOWHIDEAPPTS
SHOWHIDEMSGS

..\ft\comfunc1

SETACTIVE
COMFUNC1

dwin

SETTOOLTIP

..\ft\fileio

FILEIO

..\ft\tax103

TAX103

..\ft\formsel

FORMSEL

..\ft\de

DE_INIT

..\ft\validate

VALIDATE_INIT

Exports

Exports

CENTERCHILD
DECRYPT00
DECRYPT01
DECRYPT99
DELREGKEY
MAINERRHANDLER

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 577KB - Virtual size: 577KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d5a33fe61b0236c70cfa1b4e38617ad

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

user32

shell32

comctl32

wininet

sigrid

..\ft\dwin

..\ft\comfunc1

dwin

..\ft\fileio

..\ft\tax103

..\ft\formsel

..\ft\de

..\ft\validate

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 126KB

.data Size: 10KB - Virtual size: 11KB

.link Size: 5KB - Virtual size: 5KB

.rsrc Size: 577KB - Virtual size: 577KB

.rloc Size: 6KB - Virtual size: 6KB

.text
Size: 126KB - Virtual size: 126KB

.data
Size: 10KB - Virtual size: 11KB

.link
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 577KB - Virtual size: 577KB

.rloc
Size: 6KB - Virtual size: 6KB