54699a1e2a908bce86e1ac1044d59d60_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

54699a1e2a908bce86e1ac1044d59d60_NeikiAnalytics.exe
Size

3.7MB
MD5

54699a1e2a908bce86e1ac1044d59d60
SHA1

b02b05e0b9fd676369cc46f52d2021e60c67cd98
SHA256

42c8b2151b33b840b18d06e6f27bb3974974aa32df108571bbcd2832cb836022
SHA512

98c01673ef3ca5f3565591799d9a56609af0f5912f686cdbee0b02e63671f03b5c00bc52cd8fcb7fc2ac49a3640d75d7975baae54a0f7b04734964127c83ab2d
SSDEEP

98304:YMKKBXt4hlRGIpfi9NnTscJkNP5AMHsgn:YMKKBXklwIoTzeNP5AMH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54699a1e2a908bce86e1ac1044d59d60_NeikiAnalytics.exe

Files

54699a1e2a908bce86e1ac1044d59d60_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

ab995440dcef77a68c0beaaa7bd404e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

DbgPrint
RtlRaiseException
vDbgPrintExWithPrefix

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
EnumResourceNamesW
FindResourceA
FindResourceW
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW

msvcrt

__dllonexit
_amsg_exit
_assert
_beginthread
_endthread
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_snprintf
_stat
_stricmp
_strnicmp
_unlock
_vsnprintf
_wcsicmp
_wfopen
_wopen
_wstat
_wtoi
abort
atoi
bsearch
calloc
exit
fclose
ferror
fflush
fmod
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
isalpha
isspace
iswctype
log10
malloc
memchr
memcmp
memcpy
memmove
memset
pow
puts
qsort
rand
realloc
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strncmp
strncpy
strtol
strtoul
time
toupper
vfprintf
vsprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsstr
wcstombs
_write
_read
_open
_getcwd
_fileno
_dup
_close

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

LoadRegTypeLib
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantInit

shlwapi

PathIsURLW
PathSearchAndQualifyW
UrlCreateFromPathW

urlmon

CoInternetCombineIUri
CoInternetCombineUrlEx
CreateAsyncBindCtx
CreateIUriBuilder
CreateURLMoniker
CreateURLMonikerEx2
CreateURLMonikerEx
CreateUri
RegisterBindStatusCallback

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
ntohs
recv
select
send
socket

user32

CharUpperBuffW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MSXML3_10
MSXML3_11
MSXML3_12
MSXML3_6
MSXML3_7
MSXML3_8
MSXML3_9

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab995440dcef77a68c0beaaa7bd404e9

Headers

File Characteristics

Imports

ntdll

kernel32

msvcrt

ole32

oleaut32

shlwapi

urlmon

ws2_32

user32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 3KB - Virtual size: 3KB

.rdata Size: 293KB - Virtual size: 293KB

.bss Size: - Virtual size: 8KB

.edata Size: 512B - Virtual size: 303B

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 178KB - Virtual size: 178KB

.reloc Size: 74KB - Virtual size: 74KB

.rossym Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 3KB - Virtual size: 3KB

.rdata
Size: 293KB - Virtual size: 293KB

.bss
Size: - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 303B

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 178KB - Virtual size: 178KB

.reloc
Size: 74KB - Virtual size: 74KB

.rossym
Size: 2.0MB - Virtual size: 2.0MB