6f58667760a17df286581d32282e73b0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6f58667760a17df286581d32282e73b0_NeikiAnalytics.exe
Size

214KB
MD5

6f58667760a17df286581d32282e73b0
SHA1

4697bbe8e1a2d827ed772aca27b845d1bd58a78c
SHA256

e917723cd656ee04818a655a380354cfd6bb9494a416728adeb17e245304602a
SHA512

395f1fb8319a514b91a7efad7534cfe845c7ca63f2d8fe2d9fc842ba0722af377f1ae52125e6e5e345b5900f844f57213edc0d3dd15c75a2bba44f3e4db4bb4f
SSDEEP

6144:axiOP+MrRmD+PQXhEHlIxJKqM01FloHJh7GIA4wvi:nm+4arHlgJNGIA4wvi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f58667760a17df286581d32282e73b0_NeikiAnalytics.exe

Files

6f58667760a17df286581d32282e73b0_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

af2081d1056ee4896a31fd709d669211

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules
GetMappedFileNameA
GetModuleFileNameExA

shlwapi

PathRemoveArgsA
PathRemoveBlanksW
PathRemoveArgsW
StrChrW
StrCmpNIW
StrTrimW
StrRChrW
StrChrA
StrRChrA
PathStripPathA
StrDupA
PathRemoveBlanksA

ntdll

_strupr
_wcsnicmp
_strnicmp
NtQuerySystemInformation
NtQueryInformationFile
NtQueryObject
RtlEqualUnicodeString
RtlCompareUnicodeString
RtlInitUnicodeString
memcmp
NtResumeProcess
NtSuspendProcess
NtSetContextThread
NtGetContextThread
ZwQueryInformationProcess
RtlNtStatusToDosError
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
__C_specific_handler
memset
memcpy
ZwQueryKey

ws2_32

WSAStringToAddressW
WSACleanup
WSAStartup
htonl
socket
shutdown
setsockopt
send
select
recv
htons
ioctlsocket
connect
closesocket

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CryptQueryObject

kernel32

SetEvent
GetComputerNameW
FreeLibrary
GetProcAddress
GetVersion
LoadLibraryA
GetCurrentProcessId
CreateEventA
GetModuleHandleA
VirtualProtect
GetCurrentProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrcmpA
lstrcpyA
lstrlenA
SetLastError
lstrcmpiW
lstrcpyW
lstrcatA
lstrcatW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FindClose
VirtualAlloc
VirtualFree
VirtualAllocEx
OpenProcess
WaitForSingleObject
GetFileSize
GetCurrentThreadId
SetFilePointer
GetModuleFileNameA
OpenThread
GetCurrentThread
TerminateThread
GetTickCount
SleepEx
ReleaseMutex
TerminateProcess
SetUnhandledExceptionFilter
SetErrorMode
WaitForMultipleObjects
CreateMutexA
IsBadStringPtrA
ExpandEnvironmentStringsW
GetVersionExA
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetModuleHandleW
CloseHandle
Sleep
ResumeThread
SuspendThread
GetThreadContext
WriteProcessMemory
VerLanguageNameW
GetLocaleInfoW
GetSystemTimeAsFileTime
GetProcessTimes
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
DuplicateHandle
SetFilePointerEx
SetEndOfFile
WriteFile
GetFileInformationByHandle
GetProcessId
MulDiv
GetSystemWindowsDirectoryA
SystemTimeToFileTime
GetSystemTime
GetTempPathW
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
LoadLibraryW
GetEnvironmentVariableW
lstrcpynW
ReadProcessMemory
GetLastError
CreateThread
SwitchToThread
VirtualProtectEx
lstrcmpW
OpenEventA
CreateFileW
FindFirstFileW
ReadFile
FindNextFileW
lstrcmpiA
CreateFileA

user32

WindowFromPoint
GetThreadDesktop
FindWindowExA
ActivateKeyboardLayout
SendMessageA
SendMessageTimeoutA
PostMessageA
DefWindowProcA
CallWindowProcA
EmptyClipboard
GetClipboardData
SetClipboardData
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
wsprintfA
IsWindow
WindowFromDC
UnhookWindowsHookEx
SetWindowsHookExA
GetAncestor
GetWindowInfo
CallNextHookEx
GetClassNameA
FindWindowA
GetParent
SetClassLongPtrA
GetClassLongPtrA
SetWindowLongPtrA
GetWindowLongPtrA
FillRect
ScreenToClient
ClientToScreen
GetClientRect
RedrawWindow
MenuItemFromPoint
GetMenuItemRect
EndMenu
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetSystemMenu
GetMenuState
HiliteMenuItem
GetMenu
SetKeyboardState
SetLayeredWindowAttributes
PrintWindow
GetDC
ReleaseDC
wsprintfW
GetUserObjectInformationA
GetDoubleClickTime
SetWindowPos
GetSystemMetrics
GetMenuItemInfoA
GetMenuDefaultItem
GetWindowRect
MapWindowPoints
IsRectEmpty
GetWindow
SetThreadDesktop
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
DestroyWindow
ShowWindow
CreateDialogIndirectParamW
EndDialog
ExitWindowsEx
GetKeyState
CreatePopupMenu
DestroyMenu
AppendMenuA
AttachThreadInput
IsWindowVisible
IsIconic
BringWindowToTop
SetFocus
SetActiveWindow
SetForegroundWindow
CloseClipboard
PtInRect
EnumChildWindows
GetLastActivePopup
GetGUIThreadInfo
RealChildWindowFromPoint
DrawEdge
GetWindowTextA
GetScrollBarInfo
CreateDesktopA
EnumDesktopWindows
CloseDesktop
RegisterWindowMessageA
GetDesktopWindow
GetWindowLongA
SetWindowLongA
IntersectRect
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayout
ToAscii
VkKeyScanA
VkKeyScanExA
VkKeyScanExW
MapVirtualKeyA
MapVirtualKeyExA
ChildWindowFromPointEx
SetWinEventHook
UnhookWinEvent
RegisterClassA
CreateWindowExA
MoveWindow
CharUpperBuffW
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
GetSysColor
SendNotifyMessageA
OpenClipboard
GetWindowThreadProcessId

gdi32

SetBkColor
SetBkMode
CreateFontA
SetDIBColorTable
SetTextColor
ExtTextOutA
SetWindowOrgEx
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetClipBox
SelectClipRgn
GetViewportOrgEx
GetClipRgn
DeleteObject
CreateRectRgn
GetSystemPaletteEntries
GetRegionData
GdiFlush
DeleteDC
GetDeviceCaps
CombineRgn
CreateBitmap
CreatePatternBrush
GetDIBits
GetStockObject
CreateDIBSection
SelectObject

advapi32

RegOpenKeyExW
RegCloseKey
OpenProcessToken
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExW

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VncStartServer
VncStopServer

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af2081d1056ee4896a31fd709d669211

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

ntdll

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 21KB - Virtual size: 24KB

.pdata Size: 6KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 21KB - Virtual size: 24KB

.pdata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB