4b301012808c56ca5a9a65a23bd78390_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4b301012808c56ca5a9a65a23bd78390_NeikiAnalytics.exe
Size

2.0MB
MD5

4b301012808c56ca5a9a65a23bd78390
SHA1

07ab7c31f31eb13e2cd82f6dd7dadb3d3c3de60a
SHA256

9e62046c783dbf9b8091dc35ce807b8393c18acc903f72f1702085abe2bbb9a5
SHA512

685ece27770985be9f7a591dc04db44f658696cae67a71d26ab9a63e46791b4af2e8743594cb12660ba637f1b781102e9d6f939dbbc42262d67c7d06fbb12255
SSDEEP

49152:ULdDj1GeAl1qAwgCDvdJn2yjl24ToynwN/Fo:UFQvCmyjl24M1N/Fo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b301012808c56ca5a9a65a23bd78390_NeikiAnalytics.exe

Files

4b301012808c56ca5a9a65a23bd78390_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

f90ff4255fa8fdd9c905c2c44b113e13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\home\nightly\distact-build-area\FNP-11.11.1.0\tier1\FNP\Service\Build\_release-Windows-NT4-x86_64-main\FNPLicensingService.exe.pdb

Imports

kernel32

FlushFileBuffers
SetEndOfFile
GetCurrentProcess
HeapAlloc
HeapFree
RaiseException
RtlPcToFileHeader
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
HeapSize
ExitProcess
GetOEMCP
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
RtlVirtualUnwind
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCPInfo
GetLocaleInfoA
GlobalFlags
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeLibrary
GetModuleHandleA
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsAlloc
TlsGetValue
LocalAlloc
FindResourceA
LoadResource
LockResource
SizeofResource
MoveFileA
DeleteFileA
RemoveDirectoryA
GetFileAttributesExA
CreateFileW
GetFileAttributesA
FormatMessageA
GetCurrentThreadId
GetTickCount
GetLocalTime
OpenMutexA
Sleep
LocalFree
SetLastError
GetTempPathA
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
WaitForSingleObject
CreateEventA
ConnectNamedPipe
GetOverlappedResult
DisconnectNamedPipe
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetProcAddress
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CreateNamedPipeA
ResumeThread
SuspendThread
SetEvent
GetModuleFileNameA
ReleaseMutex
CreateMutexA
WaitForSingleObjectEx
CreateThread
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
GetDriveTypeA
QueryDosDeviceA
GetSystemDirectoryA
WriteFile
GetVersionExA
SetFilePointer
ReadFile
CreateFileA
DeviceIoControl
CloseHandle
lstrlenA
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
GetStdHandle
MultiByteToWideChar

user32

IsWindow
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
RemovePropA
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
wsprintfA
GetPropA
SetPropA
GetClassLongPtrA
GetClassNameA
GetClassLongA
GetCapture
LoadIconA
WinHelpA
SetWindowTextA
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
PostQuitMessage
PostMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
SetBkColor
SetTextColor
GetDeviceCaps
CreateBitmap
GetClipBox

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
GetNamedSecurityInfoA
GetAce
EqualSid
SetNamedSecurityInfoA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
RegDeleteValueA
SetSecurityDescriptorDacl
CopySid
IsValidSid
GetLengthSid
SetServiceStatus
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
QueryServiceConfigA
RegEnumKeyExA
RegDeleteKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f90ff4255fa8fdd9c905c2c44b113e13

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

oleaut32

oleacc

Sections

.text Size: 727KB - Virtual size: 726KB

.textidx Size: 100KB - Virtual size: 99KB

.rdata Size: 398KB - Virtual size: 398KB

.data Size: 89KB - Virtual size: 116KB

.pdata Size: 64KB - Virtual size: 64KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 727KB - Virtual size: 726KB

.textidx
Size: 100KB - Virtual size: 99KB

.rdata
Size: 398KB - Virtual size: 398KB

.data
Size: 89KB - Virtual size: 116KB

.pdata
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 592KB - Virtual size: 596KB