Static task
static1
Behavioral task
behavioral1
Sample
3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
General
-
Target
3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.exe
-
Size
148KB
-
MD5
3b8db304a257ce2e12bee6c926abbfd0
-
SHA1
660db8fc2a45e0c49c49f246952a3d2e81f97915
-
SHA256
5574985413b1dac3c88faaa99ebcdaed798f4a2fe64dffcd4cf273c89d09ac5c
-
SHA512
8a00d2d35b79b02cd7488a9338ee2dbd50b06301627e9df140212db6f4d4a3785a6a694900e1dd135c2aea89f2f875de21d204c1cc22857987b141a12def7496
-
SSDEEP
3072:uFbXlJ9qM/2zyqxAaImNrSb6W8PVs41WaQKiJgHjyeLWBhR8uLIISO:0J9qK2rya/E6W89lHA8ynBhKE4
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.exe
Files
-
3b8db304a257ce2e12bee6c926abbfd0_NeikiAnalytics.exe.dll windows:4 windows x86 arch:x86
9ca6a21ca0ff0ea3c1dc40e354deefba
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CreateNamedPipeA
GetCurrentThreadId
GetCurrentProcess
Module32Next
GetLocalTime
GetFileSizeEx
VirtualFree
CreateDirectoryA
GetCommandLineA
GetProcAddress
CreateEventA
WaitForSingleObject
SetEvent
ConnectNamedPipe
SetFilePointer
GetTickCount
GetLastError
SetLastError
GetModuleHandleA
GetModuleFileNameA
VirtualProtect
IsBadReadPtr
CreateFileA
SetNamedPipeHandleState
WriteFile
WideCharToMultiByte
FlushFileBuffers
CloseHandle
lstrlenA
ReadFile
DisconnectNamedPipe
GetComputerNameA
GlobalAlloc
GlobalFree
WaitForMultipleObjects
TerminateThread
CopyFileA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
DeleteFileA
ResetEvent
GetEnvironmentVariableA
MoveFileExA
TerminateProcess
HeapAlloc
GetProcessHeap
HeapFree
FindResourceA
SizeofResource
LoadResource
OpenProcess
GetThreadContext
SetThreadContext
VirtualFreeEx
CreateToolhelp32Snapshot
Thread32First
Thread32Next
LoadLibraryA
VirtualAlloc
CreateThread
MultiByteToWideChar
Sleep
lstrcmpA
ReleaseMutex
CreateMutexA
GetVersionExA
HeapDestroy
HeapCreate
GetVolumeNameForVolumeMountPointW
TlsGetValue
TlsSetValue
TlsFree
UnmapViewOfFile
TlsAlloc
CreateEventW
CreateMutexW
CreateFileMappingW
MapViewOfFile
lstrcpyA
LocalFree
FindFirstFileA
FindNextFileA
OpenEventA
MoveFileA
GetSystemTime
FreeLibrary
GetFileSize
OpenThread
ResumeThread
SuspendThread
VirtualAllocEx
WriteProcessMemory
Module32First
ReadProcessMemory
FindClose
advapi32
FreeSid
EqualSid
OpenProcessToken
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegDeleteValueA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
LookupAccountSidA
ws2_32
closesocket
WSAGetLastError
send
socket
WSAIoctl
inet_ntoa
WSAStartup
WSACleanup
ntohs
gethostbyname
inet_addr
select
__WSAFDIsSet
recv
setsockopt
listen
bind
htons
ioctlsocket
connect
gethostbyaddr
htonl
crypt32
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCRLContext
CertGetCRLContextProperty
CertEnumCertificatesInStore
CertOpenStore
CryptEnumOIDInfo
CertFreeCRLContext
PFXExportCertStore
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFreeCertificateContext
CertSetCertificateContextProperty
CertGetNameStringW
CertGetEnhancedKeyUsage
CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertEnumSystemStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertAddCTLContextToStore
CertAddCRLContextToStore
gdi32
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
DeleteDC
DeleteObject
RestoreDC
SetViewportOrgEx
SaveDC
GdiFlush
SetRectRgn
CreateDIBSection
GetDIBits
shell32
SHGetFolderPathW
SHGetFolderPathA
shlwapi
PathMatchSpecA
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW
PathCombineA
user32
IntersectRect
EqualRect
IsWindow
GetWindowInfo
PostMessageW
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefMDIChildProcA
GetMenu
GetMenuItemCount
GetMenuState
HiliteMenuItem
MenuItemFromPoint
EndMenu
GetSubMenu
GetMenuItemRect
TrackPopupMenuEx
GetMenuItemID
SendMessageW
SetKeyboardState
PostThreadMessageW
RegisterWindowMessageW
GetDC
ReleaseDC
GetThreadDesktop
GetUserObjectInformationW
GetWindowThreadProcessId
GetClassNameW
IsCharAlphaNumericA
MessageBoxW
MessageBoxA
DialogBoxParamA
DialogBoxParamW
GetWindowTextA
GetWindowTextW
GetWindowLongA
FindWindowA
PostMessageA
OpenDesktopW
ole32
CLSIDFromString
CoInitialize
CoCreateInstance
StringFromGUID2
msvcrt
??3@YAXPAX@Z
_CxxThrowException
_stricmp
_adjust_fdiv
_initterm
abs
wcschr
_EH_prolog
??1type_info@@UAE@XZ
__CxxFrameHandler
fseek
ftell
fread
fwrite
freopen
_wcsdup
wcscpy
wcslen
_ftol
__mb_cur_max
_isctype
_pctype
gmtime
strftime
sscanf
mktime
_ltoa
qsort
strtoul
fopen
fgets
fclose
rename
strlen
memset
time
strncpy
_except_handler3
_local_unwind2
_snprintf
free
strcat
strcpy
calloc
memcpy
malloc
memmove
strcmp
strstr
strncmp
realloc
_strnicmp
sprintf
memcmp
atoi
atol
strchr
strtok
oleaut32
GetErrorInfo
Sections
.text Size: 92KB - Virtual size: 90KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ