1f8b08a05d01ca3638246df223a2a6f0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1f8b08a05d01ca3638246df223a2a6f0_NeikiAnalytics.exe
Size

5.3MB
MD5

1f8b08a05d01ca3638246df223a2a6f0
SHA1

be98b0868ade5c5cfe64a88c77f055c291c2e9f1
SHA256

94da7313740b02652012b99933cff65eb0262f1f90676762b3da97998e3c21b7
SHA512

ec2978cdc81307ad1dffae547ab66e2fb97b26ec15246c259f112dab709ee2c3163fee86990ff5c7b1d4e6a4071533731b5bec3248125a5e21a95873bca03cf0
SSDEEP

98304:WqDlCZYdsYPZ1z6ed2rZIQ5oa7WALv6JYkNL0tUp3l3sQGhLubr/:Wqcqz1zP2IQ5f7P+Sml5GhKb7

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f8b08a05d01ca3638246df223a2a6f0_NeikiAnalytics.exe

Files

1f8b08a05d01ca3638246df223a2a6f0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

59c0575c5050463b43abb78382b16d49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
GetFileSize
ReadFile
WideCharToMultiByte
lstrlenA
GetCurrentProcess
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetCurrentThreadId
GetModuleHandleW
GetModuleFileNameW
SetFilePointer
GetTempPathW
WriteFile
FlushInstructionCache
SetLastError
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
MultiByteToWideChar
CopyFileW
Sleep
Process32NextW
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetTimeZoneInformation
GetCurrentDirectoryW
CreateFileA
GetFullPathNameA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetCommandLineW
WriteProcessMemory
VirtualAllocEx
InterlockedIncrement
CreateProcessW
lstrcatW
lstrcpyW
GetModuleHandleA
GetLastError
DeleteFileW
SetFileAttributesW
GetSystemDirectoryW
GetProcAddress
LoadLibraryW
CloseHandle
DeviceIoControl
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrlenW
CreateFileW
FindFirstFileExA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
ExitProcess
CreateThread
ExitThread
GetACP
ExpandEnvironmentStringsA
LoadLibraryA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
GetTickCount
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
InterlockedExchange
GetStringTypeW
InitializeCriticalSection
EncodePointer
DecodePointer
SleepEx
GetVersionExA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

CloseWindow
PostQuitMessage
MessageBoxW
SendMessageW
PostMessageW
DestroyWindow
SetTimer
LoadIconW
GetWindowRect
SetWindowPos
UnregisterClassA
SystemParametersInfoW
ShowWindow
IsDialogMessageW
ReleaseDC
GetSystemMetrics
SetWindowLongW
GetDlgItem
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetForegroundWindow
GetDC
GetAsyncKeyState
CreateDialogParamW
MessageBoxTimeoutW
BringWindowToTop
MessageBoxW
CharUpperBuffW

gdi32

DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

CryptReleaseContext
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptCreateHash
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
StgCreateStorageEx
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx

skinhu

SkinH_AttachResEx
SkinH_SetAero

ntdll

RtlUnwind

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage

psapi

GetModuleFileNameExW

wldap32

ord32
ord50
ord60
ord143
ord211
ord30
ord26
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord22
ord46

ws2_32

getsockname
setsockopt
WSAIoctl
send
ntohs
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
bind
gethostname
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv

Sections

.text
Size: - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c0575c5050463b43abb78382b16d49

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

skinhu

ntdll

gdiplus

psapi

wldap32

ws2_32

Sections

.text Size: - Virtual size: 366KB

.rdata Size: - Virtual size: 68KB

.data Size: - Virtual size: 20KB

.vmp0 Size: - Virtual size: 1.3MB

.vmp1 Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 512B - Virtual size: 224B

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: - Virtual size: 366KB

.rdata
Size: - Virtual size: 68KB

.data
Size: - Virtual size: 20KB

.vmp0
Size: - Virtual size: 1.3MB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 224B

.rsrc
Size: 26KB - Virtual size: 25KB