423369de8339bf5222653ca307753770_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

423369de8339bf5222653ca307753770_NeikiAnalytics.exe
Size

4.5MB
MD5

423369de8339bf5222653ca307753770
SHA1

8adcc1562ddd921c0a712ca2870462afe1080a64
SHA256

ff93e2cfb1a673b3946f93f4802067046c4490cd5536851eadd980e615317b14
SHA512

9cb3c0ea32e669e43a8bab06ff07ffc9bf413b4ffdccfc3b6490459f78b38e9ba0c8e564a7e743f15f236c40e349c1105c223e6fdddc656e6fb35fe190485382
SSDEEP

49152:78a3mNoQTK3nReURFdWBZWvWRy3IvydAC8bUjEyCkzrfmHmYd8S6fEPczapl1Yrs:VWNshecq8v7AATzrfZYd8ukzmYeu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
423369de8339bf5222653ca307753770_NeikiAnalytics.exe

Files

423369de8339bf5222653ca307753770_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

36d06c8ee2b5466eba611da23d50df87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetCPInfo
ExitProcess
LCMapStringA
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
WideCharToMultiByte
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetProcessHeap
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
LCMapStringW
GetConsoleOutputCP
GetModuleHandleA
GetModuleFileNameA
UnmapViewOfFile
CloseHandle
CreateFileA
CreateFileMappingA
MapViewOfFile
GetFileSize
GetVersionExA
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
MultiByteToWideChar
FindResourceA
SizeofResource
LoadResource
LockResource
Sleep
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
GetEnvironmentVariableA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose

user32

GetParent
GetWindowTextA
SendMessageA
SetWindowLongA
GetDlgItem
DispatchMessageA
CallWindowProcA
PostMessageA
SetWindowTextA
GetSysColorBrush
RegisterClassA
SetWindowsHookExA
CallNextHookEx
WindowFromPoint
GetSystemMetrics
GetClassNameA
SetWindowPos
GetUpdateRect
BeginPaint
EndPaint
ScreenToClient
UnhookWindowsHookEx
LoadBitmapA
GetCursor
SetCursor
MapWindowPoints
GetMessageTime
GetCursorPos
GetAsyncKeyState
DrawTextA
FillRect
GetWindowRect
TrackPopupMenu
GetDC
ReleaseDC
CreatePopupMenu
AppendMenuA
DestroyMenu
GetSysColor
SetFocus
GetWindowLongA
GetDoubleClickTime
DestroyWindow
CreateWindowExA
ShowWindow
InvalidateRect
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
UnregisterClassA
DefWindowProcA
MessageBoxA
PeekMessageA

gdi32

CreateSolidBrush
DeleteObject
SelectObject
CreatePenIndirect
SetROP2
SelectClipRgn
CreateRectRgn
MoveToEx
LineTo
Polyline
Polygon
GetStockObject
Ellipse
SetPixel
GetPixel
ExtFloodFill
Arc
Pie
SetTextColor
CreateBrushIndirect
SetBkColor
GetTextExtentPoint32A
SetBkMode
DeleteDC
BitBlt
GetObjectA
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
GetCurrentObject
DPtoLP
CreateFontIndirectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

DragQueryFileA
ShellExecuteA

ole32

CoCreateInstance
OleInitialize
RevokeDragDrop
RegisterDragDrop
OleUninitialize

dae

_FicIsAlive@0
_FicDelete@4
_FicPersonalityDoIdle@0
_FicSDSDoneWithToken@4
_FicSDSGetTokenAndTaskVal@16
_FicSDSReserveName@12
_FicSDSGetNameId@12
_FicSDSFreeName@8
_FicSDSSetListenerManufacturer@8
_FicSDSSetListenerProtocol@8
_FicSDSSetListenerTask@8
_FicSDSSetListenerTaskVal@8
_FicSDSSetListenerLatestFlag@8
_FicNewServer@0
_FicSDSSetListenerGoal@8
_FicSDSSetListenerSubType@8
_FicSDSSetListenerType@8
_FicSDSSetListenerName@12
_FicPrepareForConnections@8
_FicPrepareForConnectionsStatus@4
_FicCreatePlugInSpec@16
_FicReactivateTalker@8
_FicDeactivateTalker@8
_FicReactivateListener@8
_FicDeactivateListener@8
_FicSDSDispatchToken@4
_FicNewObject@8
_FicFindStandardType@8
_FicSDSSetListenerCriticalFlag@8
_FicGestalt@8

digiext

ord663
ord6234
ord6235
ord6239
ord6236
ord6240
ord6712
ord215
ord434
ord6703
ord7083
ord7084
ord6719
ord626
ord821
ord699
ord624
ord7046
ord1058
ord7010
ord501
ord7058
ord375
ord380
ord523
ord489
ord630
ord628
ord386
ord252
ord6500
ord719
ord2230
ord7130
ord6842
ord321
ord430
ord519
ord649
ord732
ord653
ord454
ord244
ord465
ord497
ord309
ord645
ord865
ord265
ord1150
ord7018
ord7034
ord7047
ord1053
ord361
ord433
ord634
ord717
ord260
ord7189
ord7185
ord7188
ord247
ord6708
ord1160
ord431
ord985
ord259
ord1047
ord6733
ord7186
ord5001
ord586
ord473
ord5002
ord7187
ord7
ord7002
ord6563
ord6562
ord224
ord860
ord982
ord983
ord582
ord1244
ord459
ord6713
ord693
ord688
ord868
ord456
ord6725
ord404
ord6740
ord6716
ord302
ord314
ord6724
ord1120
ord6728
ord387
ord721
ord458
ord7051
ord248
ord290
ord267
ord383
ord955
ord6526
ord239
ord305
ord389
ord289
ord316
ord455
ord707
ord235
ord288
ord242
ord301
ord250
ord521
ord229
ord238
ord961
ord532
ord542
ord756
ord802
ord755
ord520
ord518
ord7022
ord7011
ord7008
ord7009
ord7214
ord7213
ord7211
ord754
ord516
ord621
ord643
ord751
ord512
ord514
ord509
ord750
ord899
ord748
ord897
ord746
ord513
ord6722

dspmanager

GetDSPManager

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

dsi

_SResumeShell@4
_SPauseShell@4
_SStartShell@4
_SInitShell@4
_SSetControlLatch@8
_SGetControlLatch@8
_SSetLeftRightBit@8
_SExecute@8
_SChangePBits@16
_SChangeYBits@16
_SChangeXBits@16
_SGetPWord@12
_SGetYWord@12
_SGetXWord@12
_ResetDSP@4
_GetShellList@4
_DsiLoadShell@12
_DsiPrintf@4
_GetDSPList@4
_InitSADriver@0
_GetCardList@4
_GetClientList@4
_DsiSendMsg@4
_SSetInputDelay@8
_SSetOutputDelay@8
_SUpdateDSPPeripheral@4
_SGetDSPCodeInfo@12

Exports

Exports

NewPlugIn
WinPlugInClose
WinPlugInOpen
_PI_GetRoutineDescriptor

Sections

.text
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d06c8ee2b5466eba611da23d50df87

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

dae

digiext

dspmanager

version

dsi

Exports

Exports

Sections

.text Size: 772KB - Virtual size: 772KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 32KB - Virtual size: 32KB

.shared Size: 4KB - Virtual size: 4KB

.code Size: 112KB - Virtual size: 112KB

.idata Size: 12KB - Virtual size: 12KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 60KB - Virtual size: 60KB

.text
Size: 772KB - Virtual size: 772KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 32KB - Virtual size: 32KB

.shared
Size: 4KB - Virtual size: 4KB

.code
Size: 112KB - Virtual size: 112KB

.idata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 60KB - Virtual size: 60KB