71276d9e452dca7e522399c37de3f500_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

71276d9e452dca7e522399c37de3f500_NeikiAnalytics.exe
Size

322KB
MD5

71276d9e452dca7e522399c37de3f500
SHA1

046dd51d3c7233168660ec10f511d9c9dfc7cab6
SHA256

9268a186849bf84b7f15d87309411d70c2b3a127e9de7498470eef82946f8614
SHA512

e400b71fc43a47135f7a74803ad777fdea6904aef0a16b7965679d6df0dd60845dae26d20313a986ef43f534a36eebc803663cc150c0f1edcaa98934eb3cdfb1
SSDEEP

3072:IERZhqB1RSWrHjwzLmirnOOl8E8OBGD9ztX/uoRY/0nC6oPelJEX:LqB14WWX6Ol8DOBGFjRY/J6tY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71276d9e452dca7e522399c37de3f500_NeikiAnalytics.exe

Files

71276d9e452dca7e522399c37de3f500_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

32b1f16a86593c34a3e67cb125d75699

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Juegos\SSeMU\Source\MHP\MHPClient\Release\MHPClient.pdb

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileInformationByHandle
CreateFileW
SetFilePointer
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenMutexA
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
CreateMutexA
GetFullPathNameA
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
GlobalMemoryStatusEx
GetVersionExA
GetLastError
GetCurrentProcess
GetModuleHandleA
TerminateProcess
VirtualProtect
Sleep
SetEvent
CreateEventA
GetSystemInfo
GetVolumeInformationA
GetSystemDirectoryA
QueryDosDeviceW
GetLogicalDriveStringsW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
SetLastError
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetProcAddress
GetCurrentThread
OpenProcess
GetTickCount
CreateFileA
CloseHandle
GetFileSize
ReadFile
OpenFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
TerminateThread
TryEnterCriticalSection
GetSystemTimeAsFileTime

user32

GetWindowLongA
wsprintfA
wsprintfW
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
TranslateMessage
DispatchMessageA
GetMessageA
SetWindowsHookExA
EndPaint
GetClientRect
BeginPaint
UnregisterClassA
SendMessageA
SetWindowLongA
FindWindowExA
GetWindowThreadProcessId
LoadCursorA
PostQuitMessage
DefWindowProcA
LoadImageA
UpdateWindow
ShowWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA

gdi32

DeleteObject
CreateCompatibleDC
SelectObject
TextOutA
SetTextColor
SetBkMode
CreateFontA
DeleteDC
GetObjectA
GetStockObject
BitBlt

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

msvcp100

?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z

ws2_32

WSACreateEvent
socket
WSAStartup
WSACloseEvent
closesocket
WSAGetLastError
recv
send
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
connect
gethostbyname
inet_addr
htons
ntohs
getpeername

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetModuleInformation
GetProcessImageFileNameW

shlwapi

SHDeleteKeyA
PathRemoveFileSpecW

dbghelp

ImageRvaToSection

msvcr100

_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm
_encoded_null
_malloc_crt
_onexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_initterm_e
_lock
__dllonexit
_unlock
wcscpy_s
_stricmp
strcpy_s
wcsstr
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
rand
__CxxFrameHandler3
??3@YAXPAX@Z
memset
memcpy
memmove
_wfopen_s
fopen_s
malloc
fclose
fread
free

Exports

Exports

EntryProc

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32b1f16a86593c34a3e67cb125d75699

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

msvcp100

ws2_32

psapi

shlwapi

dbghelp

msvcr100

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 57KB - Virtual size: 59KB

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 57KB - Virtual size: 59KB

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 6KB - Virtual size: 6KB