34a07ae98e69c722842511e4cfecec60_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

34a07ae98e69c722842511e4cfecec60_NeikiAnalytics.exe
Size

52KB
MD5

34a07ae98e69c722842511e4cfecec60
SHA1

70251d296772293b8f70634d218cf49de92eadc9
SHA256

acffe232da209a33000034fe6bcbfd66a0b9c8e193800cc24dd402469f39c049
SHA512

6ddb6045ca18275d8691cdb76eca5a1003e3de3e63834acf081e6c8153fe6bd5ebec9b6e62b9e301eb9e7d50003d18cbf5f6813427b992d3d769b7abffefdbb4
SSDEEP

1536:nDiE0oNWV32G6CtoBscMujDFl9S+VoBCGU/QPC:nDHNiF6VBBjDFlBh/4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34a07ae98e69c722842511e4cfecec60_NeikiAnalytics.exe

Files

34a07ae98e69c722842511e4cfecec60_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

b9adc0bd08fa072c9d502bf5dc5be92f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
StrStrIW

dbghelp

SymGetModuleBase64
StackWalk64
SymFunctionTableAccess64
MiniDumpWriteDump

user32

SetFocus
PeekMessageW
GetThreadDesktop
GetWindow
WaitMessage
SendMessageW
DispatchMessageA
FindWindowExW
SetLayeredWindowAttributes
EnumChildWindows
GetDesktopWindow
SetWindowLongW
SetClassLongW
GetClassLongW
GetWindowInfo
GetParent
PostMessageW
OpenDesktopA
ScreenToClient
SetWindowsHookExW
GetUserObjectInformationA
SetThreadDesktop
UnhookWindowsHookEx
ActivateKeyboardLayout
GetMessagePos
CallWindowProcW
GetCaretBlinkTime
EndMenu
ReleaseCapture
HiliteMenuItem
DispatchMessageW
FlashWindow
IsWindow
GetMenuItemCount
SwitchDesktop
wsprintfW
GetCursorPos
GetDlgItem
GetMenuState
GetAncestor
GetWindowLongW
SetCursorPos
InvalidateRect
FlashWindowEx
TrackPopupMenuEx
GetMenuItemRect
GetMenu
GetCapture
MessageBeep
GetClientRect
FindWindowW
MenuItemFromPoint
OpenDesktopW
CloseClipboard
GetPriorityClipboardFormat
GetSubMenu
SetCapture
SetKeyboardState
GetMenuItemID
FillRect
TrackPopupMenu
GetSystemMenu
ClientToScreen
CallNextHookEx
GetPropW
IsWindowVisible
SendMessageTimeoutW
SetWindowPos
EndDialog
BringWindowToTop
GetPropA
AttachThreadInput
SetForegroundWindow
DialogBoxIndirectParamW
KillTimer
IsIconic
SetTimer
GetClassNameA
PrintWindow
IsClipboardFormatAvailable
WindowFromDC
GetClipboardData
GetWindowThreadProcessId
EmptyClipboard
OpenClipboard
CountClipboardFormats
SetClipboardData
CharUpperA
OpenInputDesktop
ReleaseDC
GetDC
SetPropA
DefWindowProcW
RedrawWindow
GetDCEx
GetWindowDC

kernel32

CreateThread
GetNativeSystemInfo
Beep
VirtualFree
Sleep
WriteFile
OpenProcess
GetTickCount
GetExitCodeProcess
SetEvent
CreateMutexW
GetHandleInformation
SetLastError
lstrcpyW
GetProcAddress
VirtualAlloc
OpenFileMappingW
GetLastError
CreateProcessW
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
OpenThread
ReleaseMutex
GetCurrentThreadId
lstrcatW
GlobalMemoryStatusEx
GetLocalTime
OpenMutexW
FlushFileBuffers
CreateFileW
GetSystemInfo
GetModuleFileNameW
lstrcmpiW
GetModuleHandleA
GetCurrentThread
VirtualProtect
CreateToolhelp32Snapshot
WaitForSingleObject
GetCurrentProcess
CloseHandle
SetUnhandledExceptionFilter
LocalFree
lstrlenA
GetComputerNameA
lstrlenW
SetErrorMode
GlobalLock
IsBadWritePtr
SetPriorityClass
ExitProcess
GlobalAlloc
lstrcpyA
GetCommandLineW
RtlUnwind
CreateRemoteThread
GetCommandLineA
VirtualFreeEx
TerminateThread
lstrcatA
ExitThread
FlushInstructionCache
VirtualAllocEx
GetExitCodeThread
Module32FirstW
OpenEventW
IsBadReadPtr
Module32NextW
WriteProcessMemory
SwitchToThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
HeapValidate
GetProcessHeaps
HeapSetInformation
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
GlobalUnlock
GlobalFree
GetModuleHandleW
GetVersionExW
lstrcmpiA

ntdll

ZwQueryInformationThread
RtlImageNtHeader
ZwOpenProcess
NtQueryVirtualMemory
memset
ZwQueryInformationProcess
RtlCreateUserThread
ZwUnmapViewOfSection
ZwQuerySystemInformation
ZwResumeThread
_aulldvrm

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegQueryValueExW
LookupPrivilegeValueW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
GetSecurityDescriptorSacl
RegOpenKeyExW
SetSecurityInfo

shell32

SHGetFolderPathW
ShellExecuteW

gdi32

GetViewportOrgEx
SetViewportOrgEx
CreateRectRgn
GetClipRgn
DeleteObject
SelectObject
GdiFlush
SelectClipRgn
BitBlt
GetDIBits
CreateSolidBrush
DeleteDC
CreateCompatibleDC
CreateDIBSection
RestoreDC
CreateCompatibleBitmap
SaveDC
SetDIBitsToDevice

comdlg32

GetOpenFileNameW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

winmm

PlaySoundW
waveOutWrite
sndPlaySoundA
sndPlaySoundW
waveOutOpen
PlaySoundA

uxtheme

GetThemeAppProperties
SetThemeAppProperties

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9adc0bd08fa072c9d502bf5dc5be92f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

dbghelp

user32

kernel32

ntdll

advapi32

shell32

gdi32

comdlg32

ole32

winmm

uxtheme

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 3KB