7a8384d08ed563bbeeb865967e6a9690_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7a8384d08ed563bbeeb865967e6a9690_NeikiAnalytics.exe
Size

193KB
MD5

7a8384d08ed563bbeeb865967e6a9690
SHA1

14f98ce3fdf8efe873e63508d5f916fc71011bf1
SHA256

172a99936b695c29d2f7fffb536aeb93271ae1d0cb050d36afa5c3cd183fdd73
SHA512

24d345c01fd89219920dee3655c6bd0125a5eb5a95c9867e08be392e7842cbadb97008c5a9984e936b399751462381e0d4a2f588e81a07c8494a5587a8c1fd6a
SSDEEP

6144:/M+XC62ZlBB/9K4jF5b7ccyGodwzSLb1y:/M+S6OXBb3GMOy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a8384d08ed563bbeeb865967e6a9690_NeikiAnalytics.exe

Files

7a8384d08ed563bbeeb865967e6a9690_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

dfd8ce8881715eaed22bcfd6b87c2fbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
RemoveDirectoryW
GetFileTime
DeleteFileW
SetFileAttributesW
GetNativeSystemInfo
GetVersionExW
ExitProcess
LoadLibraryW
WTSGetActiveConsoleSessionId
lstrcpyW
GetCurrentThreadId
ReleaseMutex
IsBadReadPtr
VirtualAllocEx
WriteProcessMemory
GlobalLock
GlobalUnlock
WaitForMultipleObjects
TryEnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
GetTimeZoneInformation
GetThreadContext
SetThreadContext
GetProcessId
TlsGetValue
TlsSetValue
TerminateProcess
CreateMutexW
GetFileSizeEx
FindFirstFileW
SetErrorMode
GetComputerNameW
GetModuleFileNameW
lstrcatW
GetFileAttributesExW
OpenEventW
GetCurrentProcessId
MoveFileExW
GetVolumeNameForVolumeMountPointW
QueryPerformanceCounter
OpenMutexW
VirtualProtect
lstrcpynA
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
SetEndOfFile
GetUserDefaultUILanguage
GetHandleInformation
lstrcmpA
TerminateThread
GetEnvironmentVariableW
Thread32First
Thread32Next
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
OutputDebugStringA
SetFileTime
VirtualFree
CreateDirectoryW
SetFilePointerEx
lstrcmpiW
lstrcmpiA
ResumeThread
DuplicateHandle
CreateFileMappingW
CreateProcessW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
lstrcpyA
GetSystemTime
GetPrivateProfileIntW
GetFileAttributesW
GetPrivateProfileStringW
GetModuleHandleW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
CreateThread
DeleteCriticalSection
GetTickCount
FindNextFileW
FindClose
TlsAlloc
FlushFileBuffers
GetProcessHeap
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
CreateEventW
ResetEvent
EnterCriticalSection
SetLastError
LeaveCriticalSection
InitializeCriticalSection
SetEvent
lstrlenA
GetFileInformationByHandle
FileTimeToLocalFileTime
CloseHandle
LoadLibraryA
GetProcAddress
GetTempPathW
CreateFileW
ReadFile
HeapCreate
HeapDestroy
WriteFile
HeapFree
HeapAlloc
FreeLibrary
GetTempFileNameW
FileTimeToDosDateTime
LocalFree
GetLastError
ExpandEnvironmentStringsW
SetThreadPriority
lstrlenW
Sleep
WaitForSingleObject
GetCurrentThread
TlsFree

user32

DefDlgProcA
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
CallWindowProcA
EndMenu
CallWindowProcW
DefFrameProcW
RegisterClassA
GetShellWindow
EndPaint
GetUpdateRgn
GetWindowDC
FillRect
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
GetDCEx
DefMDIChildProcW
DefWindowProcA
GetMenuState
GetMenuItemCount
SystemParametersInfoW
TrackPopupMenuEx
GetMenuItemRect
RegisterClassExW
GetMenu
MenuItemFromPoint
OpenDesktopW
OpenInputDesktop
DefFrameProcA
DefDlgProcW
GetSubMenu
SetKeyboardState
GetMenuItemID
GetTopWindow
LoadImageW
WindowFromPoint
SetWindowLongW
GetWindow
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
GetClassNameW
SwitchDesktop
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
PostMessageW
MapVirtualKeyW
CharLowerW
CharToOemW
IsRectEmpty
GetWindowThreadProcessId
GetMessagePos
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
CharLowerA
GetSystemMetrics
TranslateMessage
GetKeyboardState
GetClipboardData
ToUnicode
GetMessageA
GetWindowRect
GetMessageW
SetCapture
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
SendMessageW
OpenWindowStationW
DrawIcon
GetIconInfo
MsgWaitForMultipleObjects
DispatchMessageW
ExitWindowsEx
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
ReleaseCapture
IsWindow
SendMessageTimeoutW
GetCursorPos
SetWindowPos
PeekMessageA
PeekMessageW
GetAncestor
GetWindowLongW
MapWindowPoints

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
GetLengthSid
ConvertSidToStringSidW
EqualSid
IsWellKnownSid
CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptDestroyKey
InitiateSystemShutdownExW
RegEnumKeyExW
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW

shlwapi

StrStrIW
StrStrIA
PathIsURLW
StrCmpNIA
UrlUnescapeA
PathAddExtensionW
PathAddBackslashW
PathRemoveBackslashW
PathCanonicalizeW
wvnsprintfA
wvnsprintfW
StrCmpNIW
PathMatchSpecW
PathUnquoteSpacesW
PathSkipRootW
PathIsDirectoryW
StrCmpNW
PathRemoveFileSpecW
PathFindFileNameW
SHDeleteKeyW
SHDeleteValueW
PathQuoteSpacesW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromGUID2
CLSIDFromString
CreateStreamOnHGlobal

gdi32

BitBlt
SetRectRgn
CreateDCW
CreateCompatibleDC
SaveDC
CreateDIBSection
GetDIBits
GetDeviceCaps
CreateCompatibleBitmap
SetViewportOrgEx
DeleteDC
GdiFlush
RestoreDC
SelectObject
DeleteObject

ws2_32

WSAGetLastError
WSASend
WSARecv
accept
listen
getsockopt
WSASetLastError
WSACreateEvent
WSACloseEvent
WSAIoctl
connect
WSAStartup
WSAEnumNetworkEvents
WSAEventSelect
shutdown
setsockopt
WSACleanup
bind
closesocket
send
getpeername
recvfrom
getaddrinfo
select
getsockname
sendto
recv
freeaddrinfo
socket

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

InternetQueryOptionW
InternetSetCookieA
InternetOpenA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetSetOptionA
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
InternetSetStatusCallbackA
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

msvcrt

_errno
memcpy
memset
memcmp
_ultoa
_purecall
memmove
strcmp
_wtoi
abs
_ultow
_except_handler3

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfd8ce8881715eaed22bcfd6b87c2fbd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

msvcrt

Sections

.text Size: 181KB - Virtual size: 181KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 181KB - Virtual size: 181KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 8KB