5557347b1b7483143efae9c28f10d930_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5557347b1b7483143efae9c28f10d930_NeikiAnalytics.exe
Size

349KB
MD5

5557347b1b7483143efae9c28f10d930
SHA1

eb096a059dc4d6c22783695fb81f1b07633583c2
SHA256

b502f8a34812761bc73f22a9fa2c778a1aa0a8b610cc6d78dbe6023bb65ab45f
SHA512

cb718c7579f83cc9f4952856af2f52ed37277c35b9f1427b5be9491d71b9453293762c3705231ec894d6a301bf23d7a14ed4f51b2552f88eb04091c42005288c
SSDEEP

6144:xmWDVahPevzRCvi3gYy2JZjU9Y8U8HzmYsAZGY1IUKKkWTBYb6YEc:xmWMhPevzRCviQcZjC88Hzhs4GLVKkW1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5557347b1b7483143efae9c28f10d930_NeikiAnalytics.exe

Files

5557347b1b7483143efae9c28f10d930_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

7e591dfdc893022ceb9201a1d705a458

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

SCardReleaseContext
SCardListReadersA
SCardDisconnect
SCardFreeMemory
SCardEstablishContext
SCardConnectA

sensapi

IsNetworkAlive

iphlpapi

GetTcpTable

dbghelp

MiniDumpWriteDump

msvcrt

strchr
isprint
fclose
fseek
realloc
fwrite
fread
fopen
strncpy
_except_handler3
sprintf
atoi
strtol
_strrev
_snprintf
exit
malloc
calloc
free
strstr
memset
memcpy

psapi

GetModuleFileNameExA

netapi32

NetQueryDisplayInformation
NetApiBufferFree

dnsapi

DnsFlushResolverCache

wininet

HttpAddRequestHeadersA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
HttpQueryInfoA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
HttpAddRequestHeadersW

ws2_32

connect
WSAStartup
select
shutdown
recv
ioctlsocket
WSAGetLastError
WSASetLastError
inet_addr
htons
closesocket
gethostbyname
ntohs
accept
listen
__WSAFDIsSet
socket
bind
htonl
setsockopt
recvfrom
getpeername
inet_ntoa
send

shell32

ord680
SHGetFolderPathA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderPathA
ExtractIconExA

shlwapi

StrNCatA
StrStrA
PathCombineW
StrCmpNIA
PathAppendA
PathMakeSystemFolderA
StrToIntA
StrStrIW
PathAddBackslashA
PathFileExistsA
PathFindFileNameA
PathIsDirectoryA
StrStrIA
StrChrIA
PathMatchSpecW

ntdll

ZwQuerySystemInformation
ZwSetInformationProcess
ZwClose
ZwOpenProcess
ZwQueryInformationProcess
RtlImageNtHeader
RtlCreateUserThread

kernel32

GetCommandLineA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
GetDriveTypeA
SetThreadPriority
SetCurrentDirectoryA
GetLogicalDriveStringsA
GetCurrentDirectoryA
GetProcessHeap
HeapValidate
ResetEvent
GetFileSize
FindFirstFileW
WideCharToMultiByte
GetFileAttributesW
CreateFileW
lstrlenW
FindNextFileW
FileTimeToLocalFileTime
DeleteFileW
SetFileAttributesW
VirtualFree
CreateEventA
FileTimeToDosDateTime
lstrlenA
VirtualAlloc
GetVersionExA
CopyFileA
lstrcatW
GetTempPathW
lstrcmpW
lstrcatA
FileTimeToSystemTime
GetTempFileNameW
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
SwitchToThread
LocalFree
Module32Next
LoadLibraryA
VirtualAllocEx
GetHandleInformation
Module32First
GetProcessTimes
CreateRemoteThread
VirtualQuery
GetPrivateProfileStringA
GetShortPathNameA
GetFileAttributesA
GetVersionExW
VirtualProtect
GetThreadPriority
InterlockedExchange
FlushInstructionCache
ResumeThread
FindFirstChangeNotificationA
FindNextChangeNotification
TerminateThread
WinExec
MoveFileA
ExitThread
GetCommandLineW
HeapSize
GetVolumeInformationA
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetLastError
SetLastError
GetProcAddress
IsDebuggerPresent
WriteProcessMemory
Sleep
GetTickCount
GetEnvironmentVariableA
GetCurrentProcess
AddVectoredExceptionHandler
GetCurrentThreadId
GetCurrentProcessId
GetSystemDefaultLangID
Process32First
GetTimeFormatA
GetDateFormatA
OpenProcess
GetTimeZoneInformation
Process32Next
CreateToolhelp32Snapshot
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
lstrcpynA
GetTempFileNameA
WaitForMultipleObjects
GetTempPathA
GetSystemTime
CreateFileA
SetFilePointer
MoveFileExA
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
SetErrorMode
SetEvent
OpenMutexA
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GlobalLock
GlobalAlloc
CreateProcessA
MultiByteToWideChar
GlobalUnlock
GlobalFree
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
OpenFileMappingA
CreateMutexA
GetComputerNameA
CloseHandle

user32

GetWindowDC
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
CharUpperA
GetSystemMetrics
GetDC
SetCaretBlinkTime
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
DestroyIcon
FindWindowA
SetClipboardData
OpenClipboard
GetDesktopWindow
EmptyClipboard
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
CloseClipboard
SendMessageW
IsWindowVisible
IsWindow
GetLastActivePopup
PostMessageW
IsIconic
MapVirtualKeyW
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
PostMessageA
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetCursor
GetMenuItemCount
DefMDIChildProcW
DestroyCursor
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
DispatchMessageW
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
GetUserObjectInformationA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
PtInRect
GetFocus
RealChildWindowFromPoint
GetClassNameA
GetCursorPos
GetWindowTextW
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii
FindWindowW
MenuItemFromPoint

gdi32

GetClipRgn
BitBlt
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
GetObjectA
CreateRectRgn
DeleteDC
CreateDIBSection
GetDIBits
GdiFlush
OffsetRgn
CreateCompatibleBitmap
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetDeviceCaps

advapi32

SetNamedSecurityInfoA
OpenThreadToken
AdjustTokenPrivileges
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteValueA
RegFlushKey
RegSetValueExA
RegCloseKey
GetTokenInformation
GetUserNameA
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e591dfdc893022ceb9201a1d705a458

Headers

DLL Characteristics

File Characteristics

Imports

winscard

sensapi

iphlpapi

dbghelp

msvcrt

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

Sections

.text Size: 282KB - Virtual size: 282KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 69KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 69KB

.reloc
Size: 18KB - Virtual size: 17KB