373fa9cf410ccde32e1c7921d32db590_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

373fa9cf410ccde32e1c7921d32db590_NeikiAnalytics.exe
Size

79KB
MD5

373fa9cf410ccde32e1c7921d32db590
SHA1

950bc07998c2a6e4f33ad7c0fc881687dcbd8fe7
SHA256

a10790002585972e2f6e322de14f8086202b185f3d43ec09b182344f2c0fd5cb
SHA512

86af30dc8b9daeb84ca7df4fbc2870c91f1945b2ee826a8cc58d2a81331d14bcab5136b0871b5e34d29befe57f1cecd478df246cd9ee7d3d3a81dda0fb415307
SSDEEP

1536:GQqpEdFjRbBp+a59smDjwDKEdmfq0jjAt4udHBW2J2uKkUT:GQq6Ry49smvwNU8t4J2JT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
373fa9cf410ccde32e1c7921d32db590_NeikiAnalytics.exe

Files

373fa9cf410ccde32e1c7921d32db590_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

65ef2000af422830a9412eaaad13e281

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
GetFullPathNameA
GetSystemDirectoryA
GetVersion
CreateProcessW
lstrcatW
lstrcpyW
lstrlenW
ReleaseMutex
CreateMutexA
GetVersionExA
GlobalAddAtomA
CreateEventA
CreateFileMappingA
GlobalDeleteAtom
GlobalFindAtomA
CreateFileW
SetLastError
WideCharToMultiByte
LocalFree
FormatMessageA
UnmapViewOfFile
GetModuleFileNameW
lstrcmpW
OpenProcess
Process32Next
ProcessIdToSessionId
Process32First
CreateToolhelp32Snapshot
TerminateThread
GetExitCodeThread
ExpandEnvironmentStringsW
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
lstrcpyA
lstrcatA
MulDiv

user32

MsgWaitForMultipleObjects
TranslateMessage
FindWindowA
CharLowerW
PeekMessageA
DispatchMessageA
CharPrevA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcA
LoadBitmapA
GetMessagePos
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
SetWindowPos
IsWindowEnabled
SetClassLongA
GetSystemMenu
EnableMenuItem
GetWindowRect
EndDialog
RegisterClassA
SystemParametersInfoA
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
ScreenToClient
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

ShellExecuteA
SHBrowseForFolderA
ShellExecuteW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
SHGetFileInfoA
SHGetFolderPathW

advapi32

RegDeleteValueW
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

ole32

CLSIDFromProgID
StringFromCLSID
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
CoInitializeEx

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
DeleteUrlCacheEntry
HttpQueryInfoA
InternetCloseHandle

msvcrt

free
memset
rand
srand
malloc
realloc
_except_handler3
memcmp
strrchr
strlen
strstr
strcat
strcpy
rename
remove
fclose
fwrite
strncmp
fgets
fopen
strcmp
strncpy
memcpy

oleaut32

VariantClear
VariantInit

shlwapi

PathAppendW
PathFileExistsW

Sections

.text
Size: 48KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/DIALOG/102
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/111
.rsrc/GROUP_ICON/103
.rsrc/ICON/1.ico
.rsrc/ICON/2.ico
.rsrc/ICON/3.ico
.rsrc/ICON/4.ico
.rsrc/MANIFEST/1
.xml
.text

Sharing

General

Malware Config

Signatures

Files

65ef2000af422830a9412eaaad13e281

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

wininet

msvcrt

oleaut32

shlwapi

Sections

.text Size: 48KB - Virtual size: 4.0MB

.rdata Size: 7KB - Virtual size: 4.1MB

.data Size: 4KB - Virtual size: 4.1MB

.ndata Size: - Virtual size: 4.2MB

.rsrc Size: 18KB - Virtual size: 4.3MB

.text
Size: 48KB - Virtual size: 4.0MB

.rdata
Size: 7KB - Virtual size: 4.1MB

.data
Size: 4KB - Virtual size: 4.1MB

.ndata
Size: - Virtual size: 4.2MB

.rsrc
Size: 18KB - Virtual size: 4.3MB