351689f1a16d6d0f21a3a53fa60d3640_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

351689f1a16d6d0f21a3a53fa60d3640_NeikiAnalytics.exe
Size

3.2MB
MD5

351689f1a16d6d0f21a3a53fa60d3640
SHA1

103fd2cab8a680839a37e76bcb39b7a6a8f81548
SHA256

8b81811ed6f1f324872d4b620895bf8dfd2c4900e06e7427e0fe5a13a6fdd469
SHA512

87f899aeaffc760634325b521e702bbdaaa5ac86b1211e3fa10cf83e4b3695c32c15981072fb262fd74adf7e1fd48d37c44ec826596eabdcfbd075ffa4850dd2
SSDEEP

49152:LOEAGIVXimb7zprI8Ww+BXV5/J7KSRLXf1S1Q9TdJ3NEd+0EP3PFnjquTyCTFB/z:LOEALXiQzlYwgltU4zOqNmE3Vk+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
351689f1a16d6d0f21a3a53fa60d3640_NeikiAnalytics.exe

Files

351689f1a16d6d0f21a3a53fa60d3640_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

bea2cf4f046a26431404847336a2c0b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\depot\ghost\gss2.0\ghost\ghost\src\core\vs2005\win32\release\Ghost32.pdb

Imports

kernel32

GetVersionExA
GetProcessHeap
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
ExitProcess
CloseHandle
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetCommandLineA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
FreeLibrary
LoadLibraryA
SetStdHandle
CreateFileA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalAlloc
ReadProcessMemory
GetEnvironmentVariableW
LocalFileTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
HeapAlloc
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetConsoleCtrlHandler
RtlUnwind
HeapFree
GetLastError
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
InterlockedDecrement
SetConsoleMode
ReadConsoleInputA
ResumeThread
ExitThread
InterlockedCompareExchange
GetOverlappedResult
GetFileSize
GetLogicalDriveStringsA
SetErrorMode
GetSystemInfo
GetProcessWorkingSetSize
SetProcessWorkingSetSize
VirtualLock
DeviceIoControl
CreateThread
GetDateFormatA
InterlockedIncrement
FormatMessageA
FreeConsole
GlobalMemoryStatus
IsDBCSLeadByteEx
GetLogicalDrives
FindClose
FindNextFileA
FileTimeToLocalFileTime
GetFileAttributesA
GetDiskFreeSpaceA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
GetBinaryTypeA
GetVolumeInformationA
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
FindFirstFileA
SetFileTime
SetFileAttributesA
BackupSeek
BackupRead
QueryPerformanceFrequency
CreateEventA
ResetEvent
WaitForSingleObject
SetEvent
DefineDosDeviceW
CreateFileW
VirtualQuery
IsBadWritePtr
GetThreadContext

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

bind
accept
WSASetLastError
recvfrom
WSAAddressToStringA
sendto
WSASocketA
WSACloseEvent
htons
htonl
recv
WSACreateEvent
WSAWaitForMultipleEvents
ioctlsocket
WSAEnumNetworkEvents
WSASend
inet_ntoa
WSAStartup
WSACleanup
gethostname
gethostbyname
closesocket
socket
connect
WSAGetLastError
listen
inet_addr
setsockopt
WSAEventSelect
getsockopt
getsockname
ntohl
WSASendTo
send
WSARecvFrom
WSARecv
WSAIoctl
shutdown

imm32

ImmDisableIME

imagehlp

ImageRemoveCertificate
ImageGetCertificateHeader

user32

SetWindowTextW
RegisterClassA
CreateWindowExA
GetDC
GetDesktopWindow
GetWindowRect
AdjustWindowRect
GetUpdateRect
ValidateRect
DefWindowProcA
CharToOemA
ExitWindowsEx
DispatchMessageA
TranslateMessage
PeekMessageA
SetCursor
LoadCursorA
ScreenToClient
GetCursorPos
FindWindowExW
DestroyWindow
ReleaseDC
GetKeyState
ToAscii
GetKeyboardState
TrackMouseEvent
SetCapture
GetCapture
SetFocus
GetFocus
ReleaseCapture
SetWindowPos

gdi32

CreateSolidBrush
GetPixel
StretchDIBits
CreatePalette
SelectPalette
RealizePalette
SelectObject
DeleteObject

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

ole32

OleRun
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 236KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bea2cf4f046a26431404847336a2c0b5

Headers

File Characteristics

PDB Paths

Imports

kernel32

rpcrt4

version

ws2_32

imm32

imagehlp

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 680KB - Virtual size: 680KB

.data Size: 236KB - Virtual size: 655KB

.rsrc Size: 12KB - Virtual size: 12KB

.2rdata Size: 76KB - Virtual size: 76KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 680KB - Virtual size: 680KB

.data
Size: 236KB - Virtual size: 655KB

.rsrc
Size: 12KB - Virtual size: 12KB

.2rdata
Size: 76KB - Virtual size: 76KB