3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.exe
Size

148KB
MD5

3b8db304a257ce2e12bee6c926abbfd0
SHA1

660db8fc2a45e0c49c49f246952a3d2e81f97915
SHA256

5574985413b1dac3c88faaa99ebcdaed798f4a2fe64dffcd4cf273c89d09ac5c
SHA512

8a00d2d35b79b02cd7488a9338ee2dbd50b06301627e9df140212db6f4d4a3785a6a694900e1dd135c2aea89f2f875de21d204c1cc22857987b141a12def7496
SSDEEP

3072:uFbXlJ9qM/2zyqxAaImNrSb6W8PVs41WaQKiJgHjyeLWBhR8uLIISO:0J9qK2rya/E6W89lHA8ynBhKE4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.exe

Files

3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

9ca6a21ca0ff0ea3c1dc40e354deefba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateNamedPipeA
GetCurrentThreadId
GetCurrentProcess
Module32Next
GetLocalTime
GetFileSizeEx
VirtualFree
CreateDirectoryA
GetCommandLineA
GetProcAddress
CreateEventA
WaitForSingleObject
SetEvent
ConnectNamedPipe
SetFilePointer
GetTickCount
GetLastError
SetLastError
GetModuleHandleA
GetModuleFileNameA
VirtualProtect
IsBadReadPtr
CreateFileA
SetNamedPipeHandleState
WriteFile
WideCharToMultiByte
FlushFileBuffers
CloseHandle
lstrlenA
ReadFile
DisconnectNamedPipe
GetComputerNameA
GlobalAlloc
GlobalFree
WaitForMultipleObjects
TerminateThread
CopyFileA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
DeleteFileA
ResetEvent
GetEnvironmentVariableA
MoveFileExA
TerminateProcess
HeapAlloc
GetProcessHeap
HeapFree
FindResourceA
SizeofResource
LoadResource
OpenProcess
GetThreadContext
SetThreadContext
VirtualFreeEx
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LoadLibraryA
VirtualAlloc
CreateThread
MultiByteToWideChar
Sleep
lstrcmpA
ReleaseMutex
CreateMutexA
GetVersionExA
HeapDestroy
HeapCreate
GetVolumeNameForVolumeMountPointW
TlsGetValue
TlsSetValue
TlsFree
UnmapViewOfFile
TlsAlloc
CreateEventW
CreateMutexW
CreateFileMappingW
MapViewOfFile
lstrcpyA
LocalFree
FindFirstFileA
FindNextFileA
OpenEventA
MoveFileA
GetSystemTime
FreeLibrary
GetFileSize
OpenThread
ResumeThread
SuspendThread
VirtualAllocEx
WriteProcessMemory
Module32First
ReadProcessMemory
FindClose

advapi32

FreeSid
EqualSid
OpenProcessToken
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegDeleteValueA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
LookupAccountSidA

ws2_32

closesocket
WSAGetLastError
send
socket
WSAIoctl
inet_ntoa
WSAStartup
WSACleanup
ntohs
gethostbyname
inet_addr
select
__WSAFDIsSet
recv
setsockopt
listen
bind
htons
ioctlsocket
connect
gethostbyaddr
htonl

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCRLContext
CertGetCRLContextProperty
CertEnumCertificatesInStore
CertOpenStore
CryptEnumOIDInfo
CertFreeCRLContext
PFXExportCertStore
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFreeCertificateContext
CertSetCertificateContextProperty
CertGetNameStringW
CertGetEnhancedKeyUsage
CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertEnumSystemStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertAddCTLContextToStore
CertAddCRLContextToStore

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
DeleteDC
DeleteObject
RestoreDC
SetViewportOrgEx
SaveDC
GdiFlush
SetRectRgn
CreateDIBSection
GetDIBits

shell32

SHGetFolderPathW
SHGetFolderPathA

shlwapi

PathMatchSpecA
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW
PathCombineA

user32

IntersectRect
EqualRect
IsWindow
GetWindowInfo
PostMessageW
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefMDIChildProcA
GetMenu
GetMenuItemCount
GetMenuState
HiliteMenuItem
MenuItemFromPoint
EndMenu
GetSubMenu
GetMenuItemRect
TrackPopupMenuEx
GetMenuItemID
SendMessageW
SetKeyboardState
PostThreadMessageW
RegisterWindowMessageW
GetDC
ReleaseDC
GetThreadDesktop
GetUserObjectInformationW
GetWindowThreadProcessId
GetClassNameW
IsCharAlphaNumericA
MessageBoxW
MessageBoxA
DialogBoxParamA
DialogBoxParamW
GetWindowTextA
GetWindowTextW
GetWindowLongA
FindWindowA
PostMessageA
OpenDesktopW

ole32

CLSIDFromString
CoInitialize
CoCreateInstance
StringFromGUID2

msvcrt

??3@YAXPAX@Z
_CxxThrowException
_stricmp
_adjust_fdiv
_initterm
abs
wcschr
_EH_prolog
??1type_info@@UAE@XZ
__CxxFrameHandler
fseek
ftell
fread
fwrite
freopen
_wcsdup
wcscpy
wcslen
_ftol
__mb_cur_max
_isctype
_pctype
gmtime
strftime
sscanf
mktime
_ltoa
qsort
strtoul
fopen
fgets
fclose
rename
strlen
memset
time
strncpy
_except_handler3
_local_unwind2
_snprintf
free
strcat
strcpy
calloc
memcpy
malloc
memmove
strcmp
strstr
strncmp
realloc
_strnicmp
sprintf
memcmp
atoi
atol
strchr
strtok

oleaut32

GetErrorInfo

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ca6a21ca0ff0ea3c1dc40e354deefba

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

crypt32

gdi32

shell32

shlwapi

user32

ole32

msvcrt

oleaut32

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 20KB - Virtual size: 145KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 20KB - Virtual size: 145KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 12KB - Virtual size: 8KB