733bc3e7fb0efb838ccc9d2df0083920_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

733bc3e7fb0efb838ccc9d2df0083920_NeikiAnalytics.exe
Size

1.4MB
MD5

733bc3e7fb0efb838ccc9d2df0083920
SHA1

50664d5cdd57de4705819ab65dc3f25407ec9b48
SHA256

05a746f2a5a13cf2ae3fef00899eaee1d96e18d934bc63f28a91a548cdc725da
SHA512

bdc58ca7c48463bf8ac37dc391535539a3f2ce0dbe58eb11b710b41e4efbb47dc3ebd19b2d0f5484494dbd3f29f74a9a0f79e9e5ca1948ac1e1454907566d2f8
SSDEEP

24576:YLYct7WEu2VsX92V5PeYtcv/fsGEqZkUOfLe:REZOtYNg/fo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
733bc3e7fb0efb838ccc9d2df0083920_NeikiAnalytics.exe

Files

733bc3e7fb0efb838ccc9d2df0083920_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

6e460465991f46c1f79f6589a0b89e34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragMove
ord6
CreateToolbarEx
ord17
ImageList_ReplaceIcon
ImageList_Create
_TrackMouseEvent
ImageList_Add
ord13
ord14
ord15
ImageList_Destroy
ImageList_AddMasked

winmm

PlaySoundA

wsock32

gethostname
inet_addr
gethostbyname

idle

?IdleUIGetLastInputTime@@YAKXZ
?IdleUITerm@@YAXXZ
?IdleUIInit@@YAHXZ

ygxa_2

_Toolbar_Startup@0
_Add_Toolbar_Button_Indirect@12

wininet

InternetGetCookieA
InternetSetCookieA

xmlparse

XML_SetCharacterDataHandler
XML_SetUserData
XML_ParserCreate
XML_ParserFree
XML_Parse
XML_SetElementHandler

pcre

ord17
ord15
ord18

yml

??1CYML@@QAE@XZ
?plainText@CYML@@QAEPADPBD@Z
?setFlags@CYML@@QAEXH@Z
??0CYML@@QAE@XZ
?HTMLize@CYML@@QAEPADPBD@Z
?setSmileyTable@CYML@@QAEXPAUSMILEY@@H@Z
?setSmileyPath@CYML@@QAEXHPBD@Z

kernel32

GetPrivateProfileStringA
CreateFileA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GlobalAlloc
FindResourceA
GetCurrentThreadId
SetLastError
GetLastError
MulDiv
GlobalUnlock
GlobalLock
lstrcmpA
lstrcpynA
GlobalFree
GlobalHandle
LockResource
LoadResource
GetDateFormatA
GetTimeFormatA
CreateEventA
SetEvent
SizeofResource
FindResourceExA
GetTickCount
WritePrivateProfileStringA
InitializeCriticalSection
DeleteCriticalSection
WinExec
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteFileA
WriteFile
ResetEvent
WaitForSingleObject
GetPrivateProfileIntA
CreateDirectoryA
GetFileAttributesA
CloseHandle
GetFileInformationByHandle
ReadFile
GetFileSize
FindClose
_lclose
OpenFile
FindFirstFileA
TerminateThread
CreateProcessA
GetStartupInfoA
CopyFileA
GetProcAddress
GetModuleHandleA
InterlockedDecrement
GetTempPathA
GetSystemInfo
GetTimeZoneInformation
GetTempFileNameA
GetSystemTime
lstrcpynW
RemoveDirectoryA
FindNextFileA
Sleep
FreeLibrary
LoadLibraryA
GetCommandLineA
IsBadReadPtr
SetFileAttributesA
GetLocalTime
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalMemoryStatus
_lread
_llseek
LocalFree
LocalAlloc
GlobalReAlloc
lstrcpyA
lstrcatA
CreateThread
InterlockedIncrement
IsDBCSLeadByte
CreateSemaphoreA
LoadLibraryExA
SetFilePointer
QueryPerformanceCounter
GetCurrentProcessId
lstrlenA
lstrcmpiA
CompareStringW
lstrlenW
CompareStringA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
TlsSetValue
GetACP
InterlockedExchange
SetUnhandledExceptionFilter
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsFree
TlsAlloc
GetOEMCP
GetCPInfo
TlsGetValue
ResumeThread
GetFileType
ExitProcess
LCMapStringA
LCMapStringW
TerminateProcess
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
GetWindowsDirectoryA

user32

GetSystemMetrics
PostThreadMessageA
DestroyIcon
GetScrollInfo
AppendMenuA
SetCursorPos
SetMenuDefaultItem
RemoveMenu
ClientToScreen
DrawFocusRect
IsRectEmpty
SetScrollPos
GetScrollPos
GetMenu
GetKeyState
RegisterClassA
FindWindowA
AttachThreadInput
GetWindowThreadProcessId
TranslateMessage
SetWindowPlacement
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
GetClipboardData
IsClipboardFormatAvailable
IsWindowVisible
FlashWindow
PtInRect
CheckMenuItem
DrawTextExA
EqualRect
CreatePopupMenu
IsMenu
SetParent
CopyRect
SendMessageTimeoutA
IsIconic
PostQuitMessage
GetMenuItemID
SetRectEmpty
GetMessagePos
DrawEdge
GetWindowDC
GetCapture
SetThreadDesktop
CloseDesktop
EnumDesktopWindows
OpenDesktopA
EnumDesktopsA
GetProcessWindowStation
GetDlgCtrlID
EnumWindows
TranslateAcceleratorA
CallNextHookEx
DefDlgProcA
UnhookWindowsHookEx
IsDialogMessageA
GetMessageA
SetWindowsHookExA
LoadAcceleratorsA
GetMenuState
SetMenu
DrawMenuBar
DrawTextA
LoadIconA
MessageBoxA
GetMenuItemCount
GetMenuItemInfoA
GetCursorPos
TrackPopupMenu
GetSubMenu
GetSystemMenu
EnableMenuItem
GetMenuStringA
ModifyMenuA
SetMenuItemInfoA
InsertMenuItemA
DestroyMenu
LoadMenuA
DeleteMenu
GetForegroundWindow
InflateRect
CheckRadioButton
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
ScreenToClient
MoveWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
IsDlgButtonChecked
KillTimer
SetTimer
DialogBoxIndirectParamA
SetCursor
GetTopWindow
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
LoadCursorA
wsprintfA
RegisterClassExA
CreateWindowExA
CreateAcceleratorTableA
CharNextA
GetClassNameA
RedrawWindow
GetFocus
IsChild
GetWindow
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
ReleaseCapture
CreateDialogParamA
GetSysColor
GetActiveWindow
DefWindowProcA
DestroyAcceleratorTable
SetFocus
GetWindowPlacement
LoadBitmapA
SetDlgItemInt
GetDlgItemInt
SetForegroundWindow
CheckDlgButton
LoadStringA
EnableWindow
SetWindowTextA
DestroyWindow
IsWindow
GetDlgItem
SendDlgItemMessageA
GetDlgItemTextA
SetCapture
SetClassLongA
InsertMenuA
UpdateWindow
SetWindowPos
PostMessageA
SendMessageA
GetWindowLongA
SetWindowLongA
BringWindowToTop
DialogBoxParamA
EndDialog
SetDlgItemTextA
GetParent
ShowWindow
LoadImageA
UnregisterClassA
GetClassInfoExA

gdi32

StartPage
StartDocA
EnumFontFamiliesExA
GetNearestColor
EndDoc
CreatePatternBrush
CreateBitmap
SetPixel
CreatePen
GetPixel
GetBkColor
CreateFontA
GetDIBits
StretchDIBits
MoveToEx
LineTo
CreatePalette
SetBkMode
ExtTextOutA
CreateCompatibleDC
PatBlt
CreateCompatibleBitmap
DeleteDC
SelectObject
EndPage
DeleteObject
Rectangle
GetTextMetricsA
GetTextFaceA
LPtoDP
SelectPalette
RealizePalette
GetTextExtentPoint32A
TextOutA
SetBkColor
SetTextColor
CreateFontIndirectA
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
GetTextExtentPointA

comdlg32

PrintDlgA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
ChooseFontA

advapi32

RegCreateKeyA
RegEnumKeyExA
RegCreateKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegQueryInfoKeyA

shell32

SHBrowseForFolderA
ShellExecuteExA
SHGetMalloc
Shell_NotifyIconA
SHGetPathFromIDListA
ShellExecuteA

ole32

StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoTaskMemFree
CoRevokeClassObject
CoCreateGuid
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoRegisterClassObject
CoGetClassObject
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StringFromCLSID

oleaut32

SysStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
DispCallFunc
VariantCopy
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen

shlwapi

PathFileExistsA
PathFindExtensionA

urlmon

CreateURLMoniker

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e460465991f46c1f79f6589a0b89e34

Headers

File Characteristics

Imports

version

comctl32

winmm

wsock32

idle

ygxa_2

wininet

xmlparse

pcre

yml

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 156KB - Virtual size: 153KB

.data Size: 40KB - Virtual size: 100KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 156KB - Virtual size: 153KB

.data
Size: 40KB - Virtual size: 100KB

.rsrc
Size: 12KB - Virtual size: 10KB