7bbf4fc2d6ca424c4894ef5f406df690_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7bbf4fc2d6ca424c4894ef5f406df690_NeikiAnalytics.exe
Size

1.2MB
MD5

7bbf4fc2d6ca424c4894ef5f406df690
SHA1

d9b69607c5d84f0df2a08bdc5186885b832419a1
SHA256

2c21dfed04f46a906948b95fffb273ca9961b219fbded6742cc7a07cc912c28b
SHA512

90aad12f196847c2fe1d4f469d222bdfe5a094383378f8c83138b102582673b5447998ea35fc6bae0d0c08ca63ba3eaafe2090e338bed54e5403e98ebe66853f
SSDEEP

24576:MzL/clqGFOMc65VRr9D3IjhwffYLNiI3Kp0g5tu:uLNlu5r9bL3YLUI3Kp0Uu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bbf4fc2d6ca424c4894ef5f406df690_NeikiAnalytics.exe

Files

7bbf4fc2d6ca424c4894ef5f406df690_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

59996fac2c2baf399340d540f13f1bf9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sandbox\99113\SMS\S24EvMon\Win32\Release\S24EvMon.pdb

Imports

setupapi

CM_Connect_MachineA
CM_Disconnect_Machine
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiChangeState
CM_Get_DevNode_Status_Ex
SetupDiGetDeviceInstanceIdA
SetupDiSetClassInstallParamsA

iphlpapi

IpRenewAddress
GetAdaptersInfo
SendARP
IpReleaseAddress
GetPerAdapterInfo
GetInterfaceInfo

intstngs

??0CIntelSettings@@QAE@W4IT_SETTING_LOC@@KH@Z
??1CIntelSettings@@QAE@XZ
?GetSetting@CIntelSettings@@QAEJW4INTEL_SETTING@@PAH@Z

netapi32

DsGetDcNameA
NetApiBufferFree

wintrust

WinVerifyTrust

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

kernel32

WideCharToMultiByte
GetLastError
GetVersion
lstrlenW
GetVolumeInformationA
lstrcmpA
SetStdHandle
GetStdHandle
CreatePipe
GetCurrentProcess
DuplicateHandle
GetExitCodeProcess
PeekNamedPipe
GlobalAlloc
GlobalLock
GlobalFree
DefineDosDeviceA
GlobalUnlock
WaitForMultipleObjects
GetVersionExA
CreateMutexA
ReleaseMutex
OpenFileMappingA
OpenMutexA
InterlockedDecrement
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetModuleHandleA
SetDllDirectoryA
FindFirstFileA
FindNextFileA
FindClose
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
TlsGetValue
TlsSetValue
MultiByteToWideChar
InterlockedExchange
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
OutputDebugStringA
WaitForMultipleObjectsEx
GetOverlappedResult
CancelIo
DeviceIoControl
GetCurrentThreadId
GetTickCount
CreateProcessA
GetModuleFileNameA
DebugBreak
WriteFile
CreateFileA
GetFileSize
ReadFile
GetExitCodeThread
ResetEvent
SetEvent
ExitThread
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CreateThread
LocalAlloc
CreateEventA
PulseEvent
GetComputerNameA
EnterCriticalSection
LeaveCriticalSection
GetSystemPowerStatus
TerminateThread
CloseHandle
FindResourceA
LoadResource
LockResource
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
TlsAlloc
TlsFree
GlobalHandle
SizeofResource
Sleep
FormatMessageA
LocalFree
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
RaiseException
SetLastError
MulDiv
GlobalSize
CopyFileA
GetCurrentProcessId
SetThreadPriority
ResumeThread
SuspendThread
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
GetModuleFileNameW
GlobalReAlloc
GetStartupInfoA
LocalReAlloc
InterlockedIncrement
GetAtomNameA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GlobalFlags
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
MoveFileA
DeleteFileA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetShortPathNameA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocalTime
ExitProcess
GetCommandLineA
GetProcessHeap
GetDateFormatA
HeapSize
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetTimeFormatA

user32

SetPropA
GetClassNameA
GetClassLongA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
GetSysColorBrush
ReleaseDC
GetDC
CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
ScrollWindowEx
ClientToScreen
GetDesktopWindow
InflateRect
GetMenuItemInfoA
DestroyMenu
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
UnregisterClassA
SetCursor
ShowOwnedPopups
DeleteMenu
DestroyIcon
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDialogBaseUnits
GetPropA
ScreenToClient
EqualRect
DeferWindowPos
CopyRect
GetScrollInfo
GetDlgItem
PtInRect
SetWindowPlacement
GetDlgCtrlID
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetForegroundWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
SetActiveWindow
BeginDeferWindowPos
AdjustWindowRectEx
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
EnumWindows
GetWindowInfo
GetWindowTextA
LoadStringA
RegisterDeviceNotificationA
LoadIconA
LoadCursorA
RegisterClassExA
UnregisterDeviceNotification
PeekMessageA
wsprintfA
PostMessageA
SetProcessDefaultLayout
InvalidateRect
GetWindowLongA
EndDeferWindowPos
GetClientRect
GetMenu
GetClassInfoExA
GetClassInfoA
CharLowerA
SendMessageA
CreateWindowExA
TranslateMessage
DispatchMessageA
PostQuitMessage
RegisterClassA
SetScrollInfo
CharLowerW
CharUpperA
CharUpperW
KillTimer
SetTimer
PostThreadMessageA
GetMessageA
RegisterWindowMessageA
SetWindowLongA
DefWindowProcA
GetSysColor

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
GetDeviceCaps
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsA
GetClipBox
GetDCOrgEx
CreateDCA
CopyMetaFileA
CreatePatternBrush

advapi32

DeregisterEventSource
RegQueryValueA
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyExA
GetUserNameA
RegDeleteValueA
CloseServiceHandle
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
OpenSCManagerA
ReportEventA
RegisterEventSourceA
GetCurrentHwProfileA
RegEnumKeyA
SetServiceStatus
ChangeServiceConfig2A
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ConvertSidToStringSidA
RegNotifyChangeKeyValue
RegCreateKeyA

shell32

ShellExecuteExA
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetSpecialFolderLocation
ExtractIconA

ole32

CoUninitialize
StringFromCLSID
CoTreatAsClass
ReadClassStg
ReadFmtUserTypeStg
SetConvertStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CreateBindCtx
ReleaseStgMedium
CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoInitialize
CoTaskMemAlloc

oleaut32

SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysStringLen
SysAllocStringByteLen
SysFreeString
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
CreateErrorInfo
SafeArrayGetElemsize
SysStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
GetErrorInfo
SetErrorInfo
SafeArrayUnaccessData

iwmsprov

PulseIntelIWmsEvent
PulseIntelQosEvent

shlwapi

PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA

ws2_32

htonl
inet_addr
WSACleanup
WSAAddressToStringA
WSAStartup
htons

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

Sections

.text
Size: 724KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59996fac2c2baf399340d540f13f1bf9

Headers

File Characteristics

PDB Paths

Imports

setupapi

iphlpapi

intstngs

netapi32

wintrust

secur32

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iwmsprov

shlwapi

ws2_32

oleacc

winspool.drv

comdlg32

Sections

.text Size: 724KB - Virtual size: 720KB

.rdata Size: 132KB - Virtual size: 130KB

.data Size: 24KB - Virtual size: 145KB

.rsrc Size: 312KB - Virtual size: 310KB

.text
Size: 724KB - Virtual size: 720KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 24KB - Virtual size: 145KB

.rsrc
Size: 312KB - Virtual size: 310KB