5a6a9461ef24a57c84f267a00c9f4950_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5a6a9461ef24a57c84f267a00c9f4950_NeikiAnalytics.exe
Size

1.7MB
MD5

5a6a9461ef24a57c84f267a00c9f4950
SHA1

292141e4778a584a4c0d82bc94e0153cfeff7365
SHA256

450c8467cb43100bc98977870eb0754201c030cd7ce2a342acde7fcafe6efda0
SHA512

ebbaab9fab537ca81964a16379ba4f356c2abb9e53915ab61b38e3751cdb0fae864944f8c3b81632582fc7af23c0d27ac8df48f9a3e14d2b2ae283a212825e79
SSDEEP

24576:ZrVTF+rL89SGmu8k2NVaympyno7pvS/Lxa6zZR8rcXMhQeZkP9W1EI+0KKBHJ/5x:RVTF1wlbVaWwvEzZ2WFeZkP9aiKNOy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a6a9461ef24a57c84f267a00c9f4950_NeikiAnalytics.exe

Files

5a6a9461ef24a57c84f267a00c9f4950_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

ade60645c4e6eab00eaabcfff809bdbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Journal.pdb

Imports

advapi32

TraceMessage
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCreateKeyW
RegDeleteValueW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

FreeLibrary
CompareFileTime
FindFirstFileExW
GetStringTypeExW
InterlockedIncrement
InterlockedDecrement
LocalAlloc
InterlockedExchange
FindClose
RaiseException
LoadLibraryW
GetProcAddress
GetPrivateProfileSectionNamesW
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateFileW
WriteFile
CreateDirectoryW
GetFileAttributesExW
SetFileAttributesW
GetLocalTime
FindNextFileW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
ExpandEnvironmentStringsW
GetLongPathNameW
GetCalendarInfoW
FileTimeToSystemTime
GetFullPathNameW
GetDriveTypeW
GlobalReAlloc
Sleep
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
CloseHandle
WaitForMultipleObjects
LocalFileTimeToFileTime
GetModuleFileNameW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoW
GetNumberFormatW
GetUserDefaultLCID
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
SizeofResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteFileW
GlobalAlloc
lstrcmpW
GetSystemTime
GetComputerNameW
FindResourceW
LoadResource
SetLastError
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
CreateProcessW
lstrlenW
FormatMessageW
LocalFree
SetCurrentDirectoryW
CompareStringW
GetLastError
MulDiv
LockResource
SystemTimeToFileTime
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetTempPathW
GetFileAttributesW
HeapSetInformation
RegisterApplicationRestart
GetCurrentThreadId
GetSystemDirectoryW
FindFirstFileW
CopyFileW
GetUserDefaultUILanguage
LoadLibraryA

gdi32

DeleteObject
SetTextColor
SetBkColor
SetBkMode
GetStockObject
MoveToEx
LineTo
CreateRectRgnIndirect
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
BitBlt
SelectObject
GetObjectW
CreatePen
CopyEnhMetaFileW
DeleteEnhMetaFile
GetObjectA
SaveDC
SetLayout
RestoreDC
CombineRgn
FillRgn
PatBlt
SelectPalette
RealizePalette
GetDIBits
SetDCPenColor
GetTextExtentPoint32W
MaskBlt
GetTextMetricsW
CreateFontIndirectW
CreateFontW
GetCharWidthW
Rectangle
OffsetWindowOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
Polygon

user32

GetWindowPlacement
SetWindowPlacement
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
InsertMenuItemW
TrackPopupMenu
SetFocus
GetFocus
GetWindowRect
EnableWindow
SetRectEmpty
SendMessageW
CreateWindowExW
SetWindowPos
MoveWindow
GetDlgItem
SystemParametersInfoW
SendMessageTimeoutW
GetSystemMetrics
DestroyCursor
LoadImageW
GetWindowInfo
CopyRect
PtInRect
OffsetRect
IntersectRect
GetDlgCtrlID
CreatePopupMenu
DeleteMenu
AppendMenuW
CheckMenuItem
EnableMenuItem
GetMenuItemCount
GetMenuItemID
UnregisterPowerSettingNotification
GetSubMenu
InsertMenuW
ModifyMenuW
IsWindowEnabled
SetMenuItemBitmaps
LoadMenuW
PostMessageW
DrawMenuBar
GetSystemMenu
IsIconic
IsZoomed
GetClientRect
MapWindowPoints
ClientToScreen
GetDC
ReleaseDC
UpdateWindow
InvalidateRect
RedrawWindow
GetActiveWindow
SetActiveWindow
IsWindowVisible
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
WindowFromPoint
SetForegroundWindow
LoadStringW
GetDesktopWindow
GetSysColor
IsRectEmpty
SetRect
OpenClipboard
LockWindowUpdate
InflateRect
WaitForInputIdle
MessageBoxW
LoadIconW
MessageBeep
RegisterPowerSettingNotification
EqualRect
TrackPopupMenuEx
GetWindow
DestroyWindow
RegisterClassW
GetClassInfoW
GetWindowLongW
LoadBitmapW
SetCapture
DrawFrameControl
DefWindowProcW
UnionRect
IsChild
DrawFocusRect
SetWindowLongW
EndPaint
BeginPaint
ReleaseCapture
GetMessagePos
GetMessageTime
GetParent
FrameRect
ScreenToClient
SetDlgItemTextW
GetDlgItemTextW
GetKeyboardLayout
CharNextW
CharPrevW
TranslateAcceleratorW
ShowWindow
MapDialogRect
EnumChildWindows
LoadAcceleratorsW
GetNextDlgTabItem
CallWindowProcW
DispatchMessageW
TranslateMessage
PeekMessageW
PostQuitMessage
GetProcessDefaultLayout
SetCursor
GetCapture
GetScrollPos
SetScrollPos
SetCursorPos
GetKeyState
GetCursorPos
CheckDlgButton
IsDlgButtonChecked
DestroyIcon
CharLowerW
TrackMouseEvent
GetForegroundWindow
GetMonitorInfoW
MonitorFromRect
MonitorFromWindow
GetLastActivePopup
DestroyMenu
GetMenuStringW
FindWindowW
GetMenuItemRect
SetMenuItemInfoW
DrawEdge
GetAsyncKeyState
GetCursor
GetSysColorBrush
GetWindowDC
GetDoubleClickTime
FillRect
DrawTextW
SetWindowRgn
SetTimer
KillTimer
DrawIconEx
LoadCursorW
RemoveMenu

mfc42u

ord2036
ord2440
ord1569
ord1230
ord283
ord472
ord3737
ord5871
ord6168
ord3701
ord3568
ord6437
ord1001
ord1085
ord2350
ord4470
ord802
ord6451
ord3016
ord289
ord613
ord3688
ord536
ord4273
ord942
ord860
ord4527
ord4334
ord4341
ord4883
ord4957
ord4954
ord6050
ord1718
ord364
ord4714
ord6212
ord6127
ord5031
ord2083
ord326
ord5277
ord4236
ord784
ord1833
ord3084
ord3062
ord355
ord2507
ord3494
ord483
ord2362
ord763
ord1912
ord6438
ord1231
ord3215
ord2559
ord2225
ord1258
ord1134
ord2144
ord1193
ord1562
ord1125
ord5945
ord1263
ord4197
ord1135
ord1761
ord542
ord2755
ord6565
ord5597
ord3092
ord5949
ord3093
ord1184
ord1941
ord1165
ord567
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord818
ord3000
ord2127
ord4282
ord3133
ord4331
ord1560
ord3658
ord3792
ord1172
ord2855
ord1834
ord4237
ord3649
ord2576
ord4215
ord2430
ord1637
ord674
ord800
ord4421
ord2116
ord1658
ord2641
ord5233
ord4072
ord4146
ord2873
ord2874
ord3398
ord5006
ord3345
ord4298
ord5097
ord5094
ord3054
ord2382
ord2715
ord4493
ord2858
ord5048
ord1143
ord4294
ord2854
ord5248
ord3865
ord2859
ord975
ord6191
ord2371
ord6195
ord6868
ord4155
ord540
ord641
ord793
ord656
ord6307
ord4166
ord538
ord5468
ord4118
ord1662
ord2385
ord2644
ord268
ord4158
ord535
ord2606
ord6205
ord2992
ord6211
ord3916
ord4219
ord2506
ord5867
ord366
ord861
ord4695
ord6266
ord5278
ord1930
ord3087
ord1130
ord1795
ord2862
ord2809
ord2520
ord3915
ord5651
ord5024
ord2810
ord4585
ord4279
ord6456
ord4508
ord4770
ord2422
ord6561
ord6611
ord5852
ord858
ord4124
ord4718
ord4451
ord4407
ord4584
ord4430
ord4604
ord617
ord296
ord5214
ord5215
ord4269
ord815
ord5285
ord561
ord3733
ord4616
ord5710
ord5303
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord5727
ord2504
ord2546
ord4480
ord6371
ord4692
ord1190
ord2717
ord1148
ord1594
ord5297
ord5499
ord2627
ord1131
ord5208
ord986
ord520
ord4154
ord2613
ord3917
ord816
ord1229
ord1150
ord562
ord5683
ord1202
ord6113
ord3621
ord2406
ord3566
ord1634
ord1633
ord5781
ord609
ord3592
ord4419
ord5276
ord1767
ord6048
ord4992
ord4847
ord4370
ord5261
ord1817
ord4233
ord4817
ord2820
ord795
ord652
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord4381
ord2391
ord4852
ord4947
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord2746
ord640
ord323
ord338
ord6325
ord1937
ord4268
ord2680
ord4717
ord5848
ord3069
ord5256
ord813
ord2879
ord4426
ord1719
ord3743
ord5236
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4884
ord4335
ord5070
ord4886
ord4364
ord4893
ord4582
ord4583
ord5977
ord4343
ord5047
ord560
ord4458
ord6303
ord521
ord711
ord413
ord4162
ord2400
ord2088
ord384
ord2442
ord6793
ord620
ord6741
ord2436
ord5244
ord6851
ord5275
ord6922
ord5230
ord6586
ord6585
ord6853
ord2381
ord4116
ord5467
ord4051
ord4358
ord2522
ord6150
ord6487
ord4263
ord5878
ord3870
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord616
ord4078
ord1857
ord4071
ord2857
ord807
ord554
ord3725
ord5058
ord6365
ord5080
ord4360
ord3290
ord2445
ord6142
ord6617
ord6193
ord2072
ord1704
ord1709
ord3614
ord1899
ord768
ord4829
ord5283
ord4848
ord4371
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord4253
ord4472
ord790
ord6024
ord3569
ord4390
ord2567
ord3605
ord489
ord2294
ord2634
ord4352
ord1775
ord4704
ord4736
ord3714
ord5436
ord6379
ord3716
ord5426
ord6928
ord5446
ord6390
ord4270
ord2070
ord1792
ord4222
ord2505
ord293
ord4846
ord4369
ord4428
ord692
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord2455
ord771
ord4425
ord2046
ord5284
ord1683
ord1900
ord1008
ord4229
ord324
ord1831
ord4224
ord3014
ord2508
ord361
ord2637
ord940
ord5568
ord2910
ord6865
ord2885
ord6278
ord5706
ord6279
ord927
ord496
ord4254
ord4433
ord537

msvcp60

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

msvcrt

iswupper
iswpunct
_CIlog
towupper
iswlower
wcsncmp
swscanf
calloc
__CxxFrameHandler3
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
malloc
__RTDynamicCast
wcstoul
_ultow
_purecall
_ltow
qsort
_itow
_CIpow
wcsrchr
tolower
strstr
_wtol
_ftol2
iswspace
wcschr
memmove
_wcsnicmp
ceil
free
memcpy
_wcsicmp
_wtoi
_vsnwprintf
_ftol2_sse
memset
towlower

atl

ord31
ord30

ntdll

EtwTraceMessage
WinSqmIsOptedIn
WinSqmIncrementDWORD

comctl32

CreatePropertySheetPageW
ImageList_AddMasked
ImageList_Draw
ImageList_SetBkColor
ImageList_Replace
ImageList_GetIconSize
ImageList_Destroy
ImageList_GetImageInfo
ImageList_Create
ImageList_Remove
ImageList_Add
ImageList_GetImageCount
ImageList_ReplaceIcon
ord345

shell32

SHGetFileInfoW
SHAppBarMessage
ShellAboutW
SHGetDesktopFolder
SHSetLocalizedName
SHCreateDirectoryExW
SHGetMalloc
SHGetFolderPathW
SHPathPrepareForWriteW
SHGetFolderLocation
SHBrowseForFolderW
SHGetSettings
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFolderPathAndSubDirW
SHFileOperationW
ShellExecuteW
SHAddToRecentDocs

shlwapi

PathAddBackslashW
PathFindExtensionW
PathIsDirectoryW
PathFindFileNameW
StrRetToBufW
PathAppendW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCompactPathExW
PathFileExistsW
PathStripPathW
SHDeleteValueW
PathCombineW
PathIsUNCServerW
PathGetCharTypeW
PathRenameExtensionW
PathUnquoteSpacesW
PathFindSuffixArrayW
StrToIntW
StrChrW
PathIsNetworkPathW
PathStripToRootW
StrFormatByteSizeW
PathRemoveBackslashW
PathCommonPrefixW
PathAddExtensionW
StrToInt64ExW
PathCompactPathW
SHDeleteKeyW
PathGetDriveNumberW

ole32

CoCreateInstance
PropVariantClear
GetHGlobalFromStream
CreateStreamOnHGlobal
PropVariantCopy
CoTaskMemFree
StgOpenStorageEx
StgCreateStorageEx
CoGetClassObject
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
VarR8FromStr
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarBstrFromI4
VarBstrFromBool
SystemTimeToVariantTime
VariantClear

uxtheme

OpenThemeData
GetThemeSysFont
GetThemeColor
IsThemeActive
GetThemeSysColorBrush
CloseThemeData
DrawThemeBackground

gdiplus

GdipCloneBrush
GdipCreateBitmapFromGraphics
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFontFromLogfontA
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCloneBitmapAreaI
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipGetDC
GdipReleaseDC
GdipDrawString
GdipCreateFontFromDC

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 874KB - Virtual size: 874KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ade60645c4e6eab00eaabcfff809bdbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcp60

msvcrt

atl

ntdll

comctl32

shell32

shlwapi

ole32

oleaut32

uxtheme

gdiplus

slc

Sections

.text Size: 797KB - Virtual size: 797KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 874KB - Virtual size: 874KB

.reloc Size: 81KB - Virtual size: 82KB

.text
Size: 797KB - Virtual size: 797KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 874KB - Virtual size: 874KB

.reloc
Size: 81KB - Virtual size: 82KB