54f2c9e4eb52fdf31a77bb74d78f94f0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

54f2c9e4eb52fdf31a77bb74d78f94f0_NeikiAnalytics.exe
Size

5.8MB
MD5

54f2c9e4eb52fdf31a77bb74d78f94f0
SHA1

2bbc74dd967174152c48f15f2803da2f041f1aa8
SHA256

6abc61d13cded9213dcae47aa1449914f584ee349945a2228d1400d03532dcfb
SHA512

aa6b4e5daf37ee7699168f63d60eac4b1823d2d443511e3eda834c925132586ee6fa8fec1b4fc898f29dcf88eaaf2e55c156b13afe927abae851883bda6d0797
SSDEEP

98304:DNDwSlUk9KPsUxfAdNmTVi+qkPZKOBuyaoY7cjGi+pFtFR:D1Uk9KmdNmTsOBuyaopjG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
54f2c9e4eb52fdf31a77bb74d78f94f0_NeikiAnalytics.exe

Files

54f2c9e4eb52fdf31a77bb74d78f94f0_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

7c83d2487314d4d103549c4ce6dac6d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DCB\CBT_Main\BuildResults\bin\Release\AdobeCollabSync.pdb

Imports

shlwapi

UrlIsW
StrCmpNW
PathRemoveFileSpecW
PathStripPathW
UrlCanonicalizeA
PathCreateFromUrlW
StrCmpNA

kernel32

GetThreadId
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateDirectoryW
ProcessIdToSessionId
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
QueryInformationJobObject
VerifyVersionInfoA
GetFileType
GetCurrentThreadId
GetCommandLineW
SystemTimeToTzSpecificLocalTime
WakeConditionVariable
GetProcessTimes
K32GetProcessMemoryInfo
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
CreateThreadpool
GetTempPathW
OpenProcess
GetExitCodeProcess
WaitNamedPipeW
WaitForMultipleObjects
GetOverlappedResult
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
CreateThread
TerminateProcess
GetCurrentProcessId
VerifyVersionInfoW
HeapSetInformation
GetProcessHeap
VerSetConditionMask
FindResourceA
SizeofResource
LockResource
LoadResource
GetModuleHandleExA
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetModuleHandleA
CloseThreadpool
CloseThreadpoolWork
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueueUserWorkItem
AreFileApisANSI
GetWindowsDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetModuleFileNameW
SetThreadErrorMode
GetThreadErrorMode
ResetEvent
ResumeThread
DuplicateHandle
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
CreateEventA
WaitForSingleObject
SwitchToThread
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetDriveTypeW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointer
MoveFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalAlloc
CreateSemaphoreA
GetSystemTimeAsFileTime
GetLocalTime
FileTimeToSystemTime
FindNextFileW
RemoveDirectoryW
CreateProcessW
MultiByteToWideChar
GetFileAttributesW
GetSystemDirectoryA
LoadLibraryA
lstrlenA
InitializeCriticalSectionAndSpinCount
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetDriveTypeA
HeapAlloc
HeapFree
WaitForSingleObjectEx
PeekNamedPipe
CancelIoEx
WaitForMultipleObjectsEx
CreateNamedPipeA
LoadLibraryExW
GetUserDefaultLCID
QueryPerformanceCounter
QueryPerformanceFrequency
CreateEventW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
QueryDosDeviceW
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualFree
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
GetStdHandle
WriteConsoleW
ExitProcess
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
SetEnvironmentVariableW
SetStdHandle
HeapSize
CreateWaitableTimerA
SetWaitableTimer
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
SetLastError
RaiseException
DecodePointer
OutputDebugStringA
lstrlenW
GetTickCount
Sleep
OpenMutexW
SetNamedPipeHandleState
GetLastError
CloseHandle
WriteFile
ReadFile
GetVolumeInformationW
CreateFileW
ReleaseSemaphore
SetThreadAffinityMask
OpenEventA
GlobalFree
SetFileAttributesW
TerminateThread
QueueUserAPC
GetQueuedCompletionStatus
DeviceIoControl
PostQueuedCompletionStatus
SleepEx
CreateIoCompletionPort
CreateWaitableTimerW
GetFileAttributesExW
GetFileSize
GlobalAlloc

user32

DispatchMessageA
GetForegroundWindow
FindWindowW
PostMessageW
LoadImageW
GetCursorPos
GetPropW
SetPropW
SetForegroundWindow
InsertMenuItemW
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
GetSystemMetrics
DestroyWindow
CreateWindowExW
RegisterClassW
CallWindowProcA
PostQuitMessage
DefWindowProcA
PostMessageA
GetMessageA
LoadStringW
GetWindowThreadProcessId
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage

advapi32

RegOpenKeyA
CryptSetHashParam
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegOpenKeyW
OpenThreadToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegDeleteTreeW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
TreeSetNamedSecurityInfoW
GetNamedSecurityInfoW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorSacl
GetAclInformation
GetAce
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptImportKey
ConvertSidToStringSidA

shell32

Shell_NotifyIconW
SHGetKnownFolderPath
SHQueryUserNotificationState
ShellExecuteA
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHFileOperationA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

sensapi

IsNetworkAlive

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
WSACreateEvent
WSAEventSelect
WSAIoctl
WSASocketA

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpEndRequestA
DetectAutoProxyUrl
InternetCrackUrlA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetCookieExA
InternetReadFile
InternetWriteFile
InternetSetOptionA
HttpSendRequestExA
InternetCloseHandle
HttpQueryInfoA

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetConnectionW
WNetGetResourceInformationW

crypt32

CryptProtectData
CryptUnprotectData

oleaut32

SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SysFreeString
SafeArrayCreateVector

netapi32

NetShareGetInfo

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpen
WinHttpQueryAuthSchemes
WinHttpSetOption

Exports

Exports

gudeCancel
gudeClearCache
gudeCreate
gudeDestroy
gudeDownload
gudeDownloadRangeToMemory
gudeDownloadToMemory
gudeErrorString
gudeHTTPStatusString
gudePause
gudeRegisterAddChunkHeaderCallback
gudeRegisterAddHeaderCallback
gudeRegisterAddParametersCallback
gudeRegisterCancellationCallback
gudeRegisterChunkErrorRetryCallback
gudeRegisterCompletionCallback
gudeRegisterErrorCallback
gudeRegisterLoggingCallback
gudeRegisterMonitorCallback
gudeRegisterPausedCallback
gudeRegisterProgressCallback
gudeRegisterRequestBodyCallback
gudeRegisterResponseBodyCallback
gudeRegisterResponseHeaderCallback
gudeRegisterSSLCertificatePolicyCallback
gudeRegisterSetServerTypeCallback
gudeRegisterSetTimeoutCallback
gudeRegisterStatusLineCallback
gudeResume
gudeSendRequest
gudeSetLogLevel
gudeSetMultipartUploadThreshold
gudeSetSystemProxyCredentials
gudeSetTargetDataRates
gudeSetWorkerPoolUpperLimit
gudeUpload
gudeUploadFromMemory
gudeVersion

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 887KB - Virtual size: 886KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 868KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c83d2487314d4d103549c4ce6dac6d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

sensapi

ws2_32

wininet

mpr

crypt32

oleaut32

netapi32

winhttp

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 887KB - Virtual size: 886KB

.data Size: 267KB - Virtual size: 285KB

.didat Size: 512B - Virtual size: 200B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 868KB - Virtual size: 872KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 887KB - Virtual size: 886KB

.data
Size: 267KB - Virtual size: 285KB

.didat
Size: 512B - Virtual size: 200B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 868KB - Virtual size: 872KB