0dcd0752fd7048fddf9ff41b7ae6b470_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0dcd0752fd7048fddf9ff41b7ae6b470_NeikiAnalytics.exe
Size

216KB
MD5

0dcd0752fd7048fddf9ff41b7ae6b470
SHA1

1f0e11d3b1d43b1800779b780d2727b82fd02f5a
SHA256

72d439dfb9c2ea1ef5d06e572d47fc3c88a40fd8be2baf281cca9a1f19ffa749
SHA512

f50bc5e06f72ded669f377c9e6e0d0a04f1a846ee8b7872d22208a2e3430a196daa4f5591c00fefb57f67b2bfa06207aec70cb3c4c8f8a37048932e28e43de71
SSDEEP

6144:Q2qqDLJLuqii0D+xr6fsifJfH7FUcvbz/1Uf2cxzEuvK61lh5:QzqnJCRi0D46H7acvbbYtmO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dcd0752fd7048fddf9ff41b7ae6b470_NeikiAnalytics.exe

Files

0dcd0752fd7048fddf9ff41b7ae6b470_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

6ab070541be028158e93ba2e362cfa3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetNativeSystemInfo
GetThreadContext
SetThreadContext
GetProcessId
GetCurrentProcess
FlushFileBuffers
CreateMutexW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
CreateProcessW
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
GetUserDefaultUILanguage
lstrcpynW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
GlobalUnlock
GlobalLock
CreateThread
GetSystemTime
ResetEvent
SetLastError
GetLastError
SetFileAttributesW
CreateRemoteThread
ReleaseMutex
DeleteFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
MoveFileExW
SetThreadPriority
TlsSetValue
GetCurrentThread
TlsGetValue
CreatePipe
ReadFile
WriteFile
HeapCreate
SetHandleInformation
WTSGetActiveConsoleSessionId
CreateFileW
CreateDirectoryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileIntW
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
ExpandEnvironmentStringsW
TerminateProcess
OpenProcess
WriteProcessMemory
LocalFree
GetCurrentProcessId
DuplicateHandle
OpenEventW
GetFileAttributesExW
lstrcmpiW
GetProcAddress
ExitThread
GetModuleFileNameW
GetVersionExW
Sleep
VirtualFreeEx
GetModuleHandleW
SetEvent
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetFileAttributesW
IsBadReadPtr
VirtualFree
CloseHandle
WaitForMultipleObjects
CreateEventW
GetLocalTime
GetTickCount
WaitForSingleObject
lstrcmpiA
Thread32First

user32

CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
GetMessageA
RegisterClassExA
SetCapture
DefDlgProcW
DefFrameProcA
OpenInputDesktop
GetCapture
SetCursorPos
GetThreadDesktop
PeekMessageA
DefWindowProcA
GetCursorPos
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
RegisterClassW
EndMenu
CallWindowProcW
GetMessagePos
DefFrameProcW
RegisterClassA
GetSystemMetrics
EndPaint
SetProcessWindowStation
CreateDesktopW
GetIconInfo
DrawIcon
MapVirtualKeyW
GetWindowThreadProcessId
MapWindowPoints
IsWindow
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
GetClassNameW
SystemParametersInfoW
GetMenuState
GetMenuItemCount
PeekMessageW
HiliteMenuItem
GetUpdateRgn
GetMessageW
GetWindowDC
GetShellWindow
GetWindowRect
GetParent
GetClassLongW
GetWindowLongW
GetAncestor
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
IntersectRect
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
CharLowerBuffA
TranslateMessage
GetKeyboardState
SetWindowPos
CallWindowProcA
SendMessageTimeoutW
GetClipboardData
ToUnicode
GetDC
CharLowerW
CharToOemW
ExitWindowsEx
GetKeyboardLayoutList
MessageBoxA
RegisterClassExW

advapi32

IsWellKnownSid
GetLengthSid
InitiateSystemShutdownExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
EqualSid
RegDeleteValueW
RegEnumValueW
CreateProcessAsUserA
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertSidToStringSidW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
FreeSid
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData

shlwapi

wvnsprintfA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
StrCmpNIA
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathQuoteSpacesW
PathUnquoteSpacesW
PathFindFileNameW
StrCmpNIW
StrStrIW
StrStrIA
PathIsURLW
PathRemoveBackslashW
PathRenameExtensionW
PathRemoveFileSpecW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

GetDeviceCaps
SaveDC
CreateCompatibleDC
SetRectRgn
SelectObject
DeleteObject
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
RestoreDC

ws2_32

freeaddrinfo
recv
sendto
select
getaddrinfo
recvfrom
getpeername
WSAGetLastError
send
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
WSAEventSelect
getsockname
accept
closesocket
WSASend
inet_addr
listen
WSASetLastError
socket
bind
gethostbyname

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

HttpSendRequestW
GetUrlCacheEntryInfoW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionA
InternetQueryOptionW
InternetOpenA
InternetCrackUrlA
InternetSetStatusCallbackA
InternetConnectA
InternetQueryOptionA
InternetCloseHandle
HttpEndRequestW
HttpSendRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetSetFilePointer
InternetGetCookieA
InternetReadFile
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFileExA
HttpOpenRequestA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ab070541be028158e93ba2e362cfa3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 204KB - Virtual size: 204KB

.data Size: 2KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 204KB - Virtual size: 204KB

.data
Size: 2KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 8KB