cc13a5166d9eb8b1d66f9c13a1f142e0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cc13a5166d9eb8b1d66f9c13a1f142e0_NeikiAnalytics.exe
Size

116KB
MD5

cc13a5166d9eb8b1d66f9c13a1f142e0
SHA1

01859139daa6b3a2f95ba45ad26d21515676328e
SHA256

8ac783c7b7f302321546f26d55403c418e84aa25ece2ddfb3eed7e4b00e60e56
SHA512

46113acd2d8f5977a6359d3ba122b37febbe61e31de0dd57adc587a395642beebd1a236edb10411ad72efaefae46fa0b3e93859b3585ae1e3598419a4b44b1a5
SSDEEP

3072:jM/++Ik8sjyVsU//2oJ9dwZTXVxkf9+iU2:jRk8sxUHrJHMTXVCf9+iU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc13a5166d9eb8b1d66f9c13a1f142e0_NeikiAnalytics.exe

Files

cc13a5166d9eb8b1d66f9c13a1f142e0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

cc18373b1a5b0fa6beba037ebe51e37d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpW
StrCatW
StrCpyW
StrRChrW
StrCpyNW
StrDupW
PathMatchSpecW
StrStrIW
StrStrA
StrCmpIW
PathFindFileNameW

psapi

GetProcessImageFileNameA

userenv

DestroyEnvironmentBlock
GetProfilesDirectoryW
CreateEnvironmentBlock

ws2_32

closesocket
socket
gethostbyname
bind
WSAStartup
inet_addr
ntohs

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryHeaders
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReceiveResponse

kernel32

CreateFileW
ExitProcess
GetCommandLineW
SetLastError
ReadFile
GetFileTime
GetSystemTime
SystemTimeToFileTime
GetFileSize
DeleteFileW
LocalAlloc
SetEndOfFile
SetFileTime
RemoveDirectoryW
WriteFile
GetModuleHandleExA
GetModuleFileNameA
GetShortPathNameW
lstrcmpiA
SetFilePointer
OpenMutexW
CreateMutexW
HeapFree
GetCurrentProcess
lstrlenW
lstrlenA
GetModuleHandleA
GetVersion
GetLastError
CloseHandle
HeapAlloc
GetProcAddress
GetComputerNameW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
lstrcpyW
GetTickCount
GetComputerNameA
LoadLibraryA
LocalFree
lstrcatW
HeapReAlloc
GetCurrentThreadId
lstrcmpA
IsSystemResumeAutomatic
GetCommandLineA
Sleep
FindFirstFileW
VirtualProtect
FindNextFileW
OutputDebugStringA
SetEnvironmentVariableW
GetEnvironmentVariableA
FindClose
GetSystemDirectoryW
TerminateThread
lstrcpyA
GetSystemInfo
CreateThread
SetEnvironmentVariableA
GlobalMemoryStatusEx
CreateEventA
ExpandEnvironmentStringsW
GetFileAttributesW
lstrcmpW
GetLogicalDrives
TerminateProcess
WaitForMultipleObjects
DeleteAtom
WaitForSingleObject
ExitThread
OpenProcess
ProcessIdToSessionId
FindAtomW
CreateProcessW
GetExitCodeProcess
SetEvent
SetProcessPriorityBoost
SetPriorityClass
GetModuleFileNameW
SetThreadPriority
GetEnvironmentVariableW
GetCurrentThread
GlobalAlloc
GlobalFree
IsBadReadPtr
VirtualFree
VirtualAlloc
MultiByteToWideChar
CreateFileMappingW
MapViewOfFile
WriteProcessMemory
ResumeThread
GetExitCodeThread
VirtualProtectEx
GetThreadContext
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
SetErrorMode

user32

GetMessageTime
GetCapture
GetMessagePos
ExitWindowsEx
CountClipboardFormats
CreatePopupMenu
wsprintfA
GetMenuCheckMarkDimensions
GetClipboardSequenceNumber
GetShellWindow
CreateMenu
wsprintfW
GetForegroundWindow
GetDoubleClickTime
GetClipboardOwner
GetClipboardViewer
GetMessageExtraInfo
CloseClipboard
GetProcessWindowStation
DestroyCaret
GetKBCodePage
GetInputState
GetActiveWindow
GetCursor
GetFocus
ReleaseCapture
GetDesktopWindow
GetCaretBlinkTime
GetDialogBaseUnits

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
CheckTokenMembership
FreeSid
OpenProcessToken
SetSecurityDescriptorDacl
SetFileSecurityW
SetEntriesInAclW
InitializeSecurityDescriptor
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
ConvertSidToStringSidW
RegOpenKeyA
SetTokenInformation
CreateProcessAsUserW
GetLengthSid
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
LookupPrivilegeValueA
GetUserNameW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyA
GetUserNameA
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegQueryValueExA
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetSidSubAuthority
CreateWellKnownSid
RegSetValueExA

shell32

ShellExecuteExW
SHChangeNotify

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc18373b1a5b0fa6beba037ebe51e37d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

userenv

ws2_32

winhttp

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 43KB - Virtual size: 44KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 43KB - Virtual size: 44KB

.reloc
Size: 4KB - Virtual size: 3KB