400cbf53d75de1ce891caafc63e43be0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

400cbf53d75de1ce891caafc63e43be0_NeikiAnalytics.exe
Size

75KB
MD5

400cbf53d75de1ce891caafc63e43be0
SHA1

5d7a0f7294a3ee130a6ed47063f595efccd64d49
SHA256

978f28ed4a18b95923aa1deebadfef21da46d873b958ff30dd0f54a92853f7d8
SHA512

dfa8b2be192e29ca6ed4fe78173e08830ad3d4766cd4bb4b1c01c6a06b012ff55a15171ddc51e6ae46aefc3bf85bd2fb7816a039e10ecf9b0096611f479a7ef2
SSDEEP

1536:H2wbRPDGDJKktJWnZy8nuGfH9XAxB0PBVVya5QqnrVVbjXucwlWnZnSwXQT:vbRiJZtCuSBAxqBaa5Qq/b2uxS60

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
400cbf53d75de1ce891caafc63e43be0_NeikiAnalytics.exe

Files

400cbf53d75de1ce891caafc63e43be0_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

8027711fff7cd627140cac0f8941e8ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
GetLastError
GetCurrentProcess
GetTempPathW
FindClose
FindFirstFileW
Process32NextW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
Process32FirstW
GetCurrentProcessId
GetVolumeInformationW
GetSystemDirectoryW
WideCharToMultiByte
CreateEventA
OpenEventA
GetVersionExW
LocalFree
CreateDirectoryW
DeleteFileW
CopyFileW
FindNextFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryW
GetTickCount
IsDebuggerPresent
CreateMutexA
CreateFileMappingA
MoveFileExW
GetTempPathA
CreateFileA
CreateThread
SetErrorMode
GetTimeZoneInformation
WTSGetActiveConsoleSessionId
GetVersion
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetComputerNameA
GetComputerNameW
Sleep
CreateFileMappingW
lstrcmpA
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
ReleaseMutex
ReadFile
CreateFileW
WriteFile
GetFileSize
WaitForSingleObject
CreateProcessW
CloseHandle
GetSystemTimeAsFileTime
VirtualQuery
HeapFree
HeapSize
HeapReAlloc
GetProcessHeap
VirtualProtect

user32

GetMessageW
EnumChildWindows
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
GetClassNameA
EnumWindows
SendMessageA
FindWindowW
SetWinEventHook
DefWindowProcW
GetWindowLongW
CreateWindowExW
GetSystemMetrics
SetParent
SetWindowLongW
PeekMessageW
RegisterClassExW

advapi32

CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
GetUserNameW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthority
GetSidSubAuthorityCount
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyA
CryptDestroyKey
CryptVerifySignatureW
RegOpenKeyA
RegDeleteValueW
CryptEncrypt

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
VariantInit
SysAllocString
VariantClear
SysAllocStringLen

shlwapi

wvnsprintfA
wvnsprintfW
PathFindFileNameW

rpcrt4

UuidCreate

psapi

EnumDeviceDrivers
GetDeviceDriverBaseNameW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

ws2_32

recv
setsockopt
WSAStartup
htons
ntohs
recvfrom
sendto
socket
gethostbyname
closesocket
ioctlsocket
__WSAFDIsSet
select
send
connect

urlmon

ObtainUserAgentString

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 57KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 256.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 256.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8027711fff7cd627140cac0f8941e8ee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

psapi

userenv

wtsapi32

ws2_32

urlmon

crypt32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 256.0MB

.rdata Size: 10KB - Virtual size: 256.1MB

.data Size: 2KB - Virtual size: 256.1MB

.reloc Size: 4KB - Virtual size: 256.1MB

.text
Size: 57KB - Virtual size: 256.0MB

.rdata
Size: 10KB - Virtual size: 256.1MB

.data
Size: 2KB - Virtual size: 256.1MB

.reloc
Size: 4KB - Virtual size: 256.1MB