13badc31a3fac65e32c3acaf909f04f0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

13badc31a3fac65e32c3acaf909f04f0_NeikiAnalytics.exe
Size

1.9MB
MD5

13badc31a3fac65e32c3acaf909f04f0
SHA1

c192e40a6cbba8b713a27541719c64b0fef11463
SHA256

47238b187c9d4a2dee1ab70cf1bdcdc103c9a3e39f490e84cf4bca775a18ff50
SHA512

9e7a4b994e3eca80a70348a530b384c2f9ca6a43bd5c0c7dbcd1a02fffa7d558bf7a595d8ea2ca9d06eba134ba7afb71e88dd25271258944c9e3b9a88ccf9cfd
SSDEEP

49152:psEjy0vwzR/We073ngxNbjMdFrIe78vH/:kQVngxNcTjYvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13badc31a3fac65e32c3acaf909f04f0_NeikiAnalytics.exe

Files

13badc31a3fac65e32c3acaf909f04f0_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

10b5faa274a46853ac2947fd82c3b002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TraceView.pdb

Imports

advapi32

OpenTraceW
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
EnableTrace
EnumerateTraceGuids
QueryAllTracesW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
ConvertSidToStringSidW
GetLengthSid
LookupAccountSidW

kernel32

CreateDirectoryW
RemoveDirectoryW
GetModuleHandleW
GetVersionExW
CompareStringOrdinal
LCMapStringEx
ReadFile
GetFileSizeEx
WriteFile
GetModuleFileNameW
SetEnvironmentVariableW
SetFilePointer
GetTempPathW
CreateFileW
FormatMessageW
OutputDebugStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentDirectoryW
LocalFree
AllocConsole
DeleteFileW
GetFileSize
CreateFileMappingW
MapViewOfFileEx
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetFileAttributesW
GetSystemInfo
MapViewOfFile
SetDllDirectoryW
GetDllDirectoryW
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForMultipleObjects
VirtualQuery
LoadLibraryW
SystemTimeToFileTime
GetCurrentProcessId
GlobalLock
ResetEvent
CloseHandle
GlobalFree
GlobalAlloc
TerminateThread
CreateMutexW
SetEvent
GetLastError
Sleep
GetExitCodeThread
CreateEventW
DuplicateHandle
ResumeThread
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
GetProcAddress
GetFileTime
SearchPathW
CopyFileW
LoadLibraryExW
InitializeCriticalSection
SetLastError
LoadResource
FindResourceExW
LockResource
FreeResource
SizeofResource
LocalAlloc
FindClose
FindNextFileW
FindFirstFileExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
DecodePointer
EncodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableA
GetEnvironmentVariableW
HeapDestroy
HeapReAlloc
HeapSize
GetCurrentProcess
CompareFileTime
GetProcessHeap
HeapAlloc
GlobalUnlock
HeapFree
GetDateFormatW
FreeLibrary
RaiseException

gdi32

GetBkColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
RectVisible
TextOutW
Escape
PtVisible
ExtTextOutW
GetCurrentObject
SelectObject
PatBlt
CreateSolidBrush
GetTextExtentPoint32W
GetObjectW
CreateFontIndirectW
CreateRectRgn

user32

ReleaseDC
InvalidateRect
DrawFrameControl
GetParent
GetDesktopWindow
GetClientRect
GetSysColor
SendMessageW
ScreenToClient
IsWindowVisible
GetDC
GetWindowRect
PostMessageW
LoadIconW
ClientToScreen
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMessagePos
LoadMenuW
GetDlgItem
RegisterWindowMessageW
GetTopWindow
IsWindow
GetWindow
LoadCursorW
UpdateWindow
EnableMenuItem
KillTimer
CheckMenuItem
SetClipboardData
DrawFocusRect
EmptyClipboard
CloseClipboard
CopyRect
SetTimer
OpenClipboard
FillRect
GetFocus
GetCursorPos
GetDCEx
ReleaseCapture
PtInRect
SetRectEmpty
SetCursor
SetCapture
LockWindowUpdate
RedrawWindow
OffsetRect
DrawTextW
DrawEdge
FrameRect
SetScrollPos
GrayStringW
BringWindowToTop
TabbedTextOutW
MoveWindow
EnableWindow
GetSystemMetrics
InflateRect
GetSystemMenu
PostThreadMessageW
TranslateMessage
DispatchMessageW
GetKeyState
GetWindowLongW

mfc42u

ord1584
ord1840
ord899
ord4745
ord3760
ord6228
ord6448
ord5886
ord909
ord2109
ord2408
ord3783
ord286
ord1838
ord4857
ord1056
ord4181
ord4267
ord4429
ord6386
ord3397
ord3419
ord3410
ord1033
ord2130
ord1845
ord848
ord6581
ord2092
ord6886
ord3535
ord6440
ord4988
ord4365
ord1778
ord1067
ord4752
ord5663
ord2399
ord2393
ord5586
ord6812
ord4694
ord5712
ord4017
ord5570
ord5061
ord5229
ord4789
ord2670
ord2060
ord6814
ord3933
ord6351
ord5484
ord6632
ord6102
ord1966
ord6612
ord4131
ord6614
ord1736
ord5683
ord2457
ord2177
ord2140
ord5699
ord2906
ord665
ord4014
ord3099
ord5687
ord6437
ord1777
ord4771
ord5702
ord852
ord5406
ord5077
ord3098
ord2519
ord381
ord4553
ord1830
ord2516
ord314
ord1262
ord1040
ord5887
ord2975
ord4473
ord2846
ord2783
ord4523
ord6050
ord4436
ord1284
ord1122
ord1126
ord626
ord620
ord624
ord4375
ord3830
ord1825
ord1928
ord6887
ord867
ord3774
ord1806
ord4741
ord822
ord2586
ord2087
ord3743
ord4595
ord1942
ord2902
ord5402
ord4759
ord5659
ord4784
ord5674
ord2750
ord2405
ord5704
ord3141
ord5521
ord5524
ord4774
ord4364
ord890
ord4817
ord4633
ord3481
ord5420
ord2671
ord1674
ord1316
ord5839
ord3536
ord2920
ord2919
ord4461
ord2100
ord387
ord1799
ord1950
ord851
ord2776
ord4519
ord336
ord2461
ord1646
ord2898
ord4720
ord5244
ord4565
ord4331
ord2242
ord5226
ord5487
ord4996
ord4967
ord5123
ord4968
ord5426
ord3652
ord2518
ord372
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord4082
ord4083
ord4077
ord3164
ord4371
ord4770
ord1095
ord4743
ord832
ord2422
ord2023
ord4542
ord2589
ord2089
ord3751
ord1574
ord4599
ord2427
ord1647
ord2900
ord3790
ord3413
ord4860
ord6767
ord4721
ord5245
ord2517
ord337
ord2551
ord312
ord6832
ord5815
ord6821
ord5804
ord904
ord2106
ord408
ord2329
ord6880
ord1035
ord3894
ord1812
ord4544
ord2595
ord6691
ord1650
ord2903
ord2449
ord3820
ord1441
ord1463
ord4557
ord3920
ord984
ord525
ord1537
ord2661
ord3177
ord2665
ord1041
ord627
ord1404
ord2049
ord1483
ord2459
ord2876
ord2121
ord4623
ord2801
ord2781
ord1286
ord1287
ord2629
ord622
ord1471
ord6224
ord1005
ord5934
ord6223
ord567
ord3501
ord4747
ord912
ord2593
ord4257
ord6387
ord3319
ord3045
ord3418
ord3407
ord2111
ord3806
ord303
ord3742
ord1996
ord5610
ord1038
ord6846
ord618
ord1499
ord6184
ord2676
ord1677
ord6768
ord3647
ord3174
ord4609
ord2094
ord6021
ord621
ord1808
ord1064
ord660
ord6624
ord3068
ord2574
ord3310
ord5575
ord2706
ord6556
ord6806
ord2535
ord5656
ord5670
ord5701
ord4705
ord2455
ord4345
ord5838
ord4422
ord2404
ord837
ord1716
ord4363
ord3188
ord6235
ord321
ord4554
ord6225
ord1259
ord4567
ord4262
ord6395
ord3417
ord1847
ord921
ord426
ord4582
ord1771
ord1906
ord2097
ord4015
ord6393
ord5709
ord5227
ord999
ord5584
ord5585
ord5583
ord5304
ord5114
ord5382
ord4722
ord5246
ord5352
ord4699
ord549
ord2798
ord2789
ord3260
ord880
ord374
ord2849
ord4046
ord2497
ord3396
ord2643
ord3695
ord4779
ord2059
ord5082
ord4787
ord1698
ord5710
ord1003
ord2667
ord1365
ord2532
ord6200
ord559
ord4583
ord1908
ord2073
ord3998
ord2378
ord2324
ord1405
ord2412
ord1066
ord3468
ord5722
ord5725
ord4368
ord5066
ord5730
ord5711
ord6054
ord663
ord1053
ord647
ord4947
ord4806
ord2644
ord1036
ord6379
ord2133
ord613
ord551
ord4550
ord1949
ord4983
ord6815
ord4344
ord1787
ord4601
ord1624
ord6385
ord4598
ord1063
ord5724
ord5065
ord6053
ord2752
ord4214
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord659
ord3916
ord3761
ord1430
ord1498
ord1505
ord5195
ord1978
ord2384
ord4746
ord911
ord1774
ord6801
ord2425
ord2024
ord4543
ord2592
ord4027
ord3805
ord1261
ord1124
ord4236
ord5927
ord628
ord2657
ord528
ord3862
ord5467
ord6661
ord2583
ord4442
ord4621
ord6123
ord6243
ord6131
ord3879
ord3936
ord6520
ord1123
ord4427
ord2110
ord1022
ord2128
ord3884
ord3740
ord6127
ord3038
ord6099
ord6607
ord6609
ord6096
ord6599
ord4668
ord6603
ord6407
ord6577
ord6238
ord6133
ord6138
ord6015
ord6076
ord5896

msvcrt

memchr
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
strcmp
_wcsdup
_ismbblead
___mb_cur_max_func
memcmp
___lc_codepage_func
strtoul
wcscmp
strtok_s
_splitpath_s
strrchr
strstr
printf
___lc_handle_func
__pctype_func
setlocale
___lc_collate_cp_func
_unlock
_lock
memmove
memcpy
memset
__crtLCMapStringW
sprintf_s
abort
_wsetlocale
__crtCompareStringW
strcpy_s
fgets
_vscprintf
fprintf
strncpy_s
vfprintf
fopen
vsprintf_s
strncmp
_vsnprintf
swscanf
wcstol
wcstok_s
iswspace
wcschr
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
calloc
memmove_s
wcsrchr
memcpy_s
_wtempnam
strchr
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
realloc
towlower
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wtol
strnlen
wcstoul
__C_specific_handler
malloc
vfwprintf
__wargv
_wfullpath
fputs
_errno
swprintf_s
fwrite
_wfreopen
_vsnwprintf_s
_getch
fputws
_wsplitpath_s
_wmakepath_s
_wcsicmp
__argc
_wfsopen
exit
wprintf
free
fgetws
wcsstr
_wfopen
fclose
wcsncpy_s
wcscat_s
wcscpy_s
??_V@YAXPEAX@Z
_purecall
_wtoi
__CxxFrameHandler3
_commode
__iob_func
fputwc
_snwprintf_s
wcscspn
wcsnlen
_vsnwprintf
wcsspn

comctl32

ImageList_GetBkColor
ord17
ImageList_DrawEx
ImageList_Draw
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_GetIconSize

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoUninitialize
IIDFromString
CoInitializeEx

oleaut32

VariantClear
SysAllocString
SysFreeString

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc

imagehlp

SymSetOptions
SymInitialize
SymGetLineFromAddr64
SymGetTypeInfo
SymGetSymbolFile
SymGetOptions
SymEnumTypesByName
SymRegisterCallback64
SymCleanup
SymFromAddr
SymFindFileInPath
MakeSureDirectoryPathExists
SymUnloadModule64

tdh

TdhLoadManifest
TdhGetEventInformation
TdhGetEventMapInformation
TdhEnumerateProviders

ntdll

RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
NtReadFile
NtSetInformationFile
NtWriteFile

Sections

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 593KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 210KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10b5faa274a46853ac2947fd82c3b002

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

comctl32

ole32

oleaut32

shell32

imagehlp

tdh

ntdll

Sections

.text Size: 456KB - Virtual size: 455KB

.rdata Size: 593KB - Virtual size: 592KB

.data Size: 210KB - Virtual size: 256KB

.pdata Size: 14KB - Virtual size: 14KB

.didat Size: 512B - Virtual size: 128B

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 456KB - Virtual size: 455KB

.rdata
Size: 593KB - Virtual size: 592KB

.data
Size: 210KB - Virtual size: 256KB

.pdata
Size: 14KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 128B

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 596KB - Virtual size: 600KB