5f22ae73bf4c22b94940af50edead600_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5f22ae73bf4c22b94940af50edead600_NeikiAnalytics.exe
Size

95KB
MD5

5f22ae73bf4c22b94940af50edead600
SHA1

486bb7df74de23b7709068497c5c1dfc8870e76a
SHA256

c358ca1afe9761e8c11cddcda7fbac0405632deb7b439f7995b8e95aff9989d9
SHA512

4eaed855b47a7f18de673194065985208a8461793b4ffae61d0038a44dec2a3af727ba3dc6dae11a4f8ffbffaa954bcd0add87f67fb881cdb7ff7337d5d6fb93
SSDEEP

1536:UwvmTtvsnnusLRJ5qoTlGTI0FRbxXCR8FwKbpEjfZ2tJOTDY8n:FEkRJ5qYlGpFRbi8F3baDoJY9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f22ae73bf4c22b94940af50edead600_NeikiAnalytics.exe

Files

5f22ae73bf4c22b94940af50edead600_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

03be192b86f869d37450a395f3012269

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\trash\code\work\rfb\trunk\bin\Debug\inj_x86.pdb

Imports

user32

IsWindow
GetMenuItemCount
SwitchDesktop
EnumChildWindows
GetCursorPos
FlashWindow
GetDlgItem
GetMenuState
SetLayeredWindowAttributes
GetAncestor
GetWindowLongW
SetCursorPos
InvalidateRect
FlashWindowEx
GetAsyncKeyState
TrackPopupMenuEx
GetMenuItemRect
GetMenu
GetKeyboardState
GetCapture
SendMessageW
GetWindow
GetClientRect
FindWindowW
MenuItemFromPoint
OpenDesktopW
GetThreadDesktop
GetDesktopWindow
GetSubMenu
GetKeyState
SetCapture
SetKeyboardState
GetMenuItemID
FillRect
TrackPopupMenu
GetSystemMenu
ClientToScreen
CallNextHookEx
GetPropW
IsWindowVisible
SendMessageTimeoutW
SetWindowPos
EndDialog
BringWindowToTop
HiliteMenuItem
AttachThreadInput
SetForegroundWindow
DialogBoxIndirectParamW
KillTimer
IsIconic
SetTimer
GetClassNameA
PrintWindow
ReleaseCapture
WindowFromDC
EndMenu
GetCaretBlinkTime
CallWindowProcW
GetMessagePos
WaitMessage
DispatchMessageA
SetWindowsHookExW
UnhookWindowsHookEx
ActivateKeyboardLayout
ReleaseDC
GetDC
DispatchMessageW
GetWindowTextW
DefWindowProcW
RedrawWindow
SetWindowLongW
GetDCEx
SetPropA
GetPropA
GetWindowDC
SetThreadDesktop
GetUserObjectInformationA
PeekMessageW
ScreenToClient
OpenDesktopA
PostMessageW
GetParent
GetWindowThreadProcessId
GetWindowInfo
CharUpperA
OpenInputDesktop
SetClipboardData
CountClipboardFormats
OpenClipboard
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
GetPriorityClipboardFormat
CloseClipboard
MessageBeep
DestroyWindow
GetClassLongW
GetWindowRect
SetFocus
GetMessageW
TranslateMessage
CreateDialogIndirectParamW
ShowWindow
SetClassLongW
PostThreadMessageW
GetShellWindow
FindWindowExW
GetClassNameW
wsprintfW

kernel32

VirtualFree
DeleteFileW
OpenProcess
GetProcessId
GetExitCodeProcess
CreateDirectoryW
GetCurrentProcess
GetHandleInformation
SetLastError
SetFilePointerEx
GetProcAddress
VirtualAlloc
SetEndOfFile
Beep
GetNativeSystemInfo
FindNextFileW
FindClose
lstrcmpW
Process32FirstW
OpenThread
FindFirstFileW
CreateThread
GlobalMemoryStatusEx
ReleaseMutex
GetCurrentThreadId
GetLocalTime
GetSystemInfo
Process32NextW
lstrcmpiW
GetModuleHandleA
VirtualProtect
CreateToolhelp32Snapshot
DuplicateHandle
GetLongPathNameW
FlushFileBuffers
CloseHandle
LocalFree
lstrlenW
GetTempPathW
GetEnvironmentVariableW
CreateFileW
ReadFile
GetComputerNameA
lstrcpyA
LoadLibraryA
GetCommandLineW
CreateRemoteThread
GetCommandLineA
VirtualFreeEx
TerminateThread
GetModuleFileNameW
lstrcatA
ExitThread
FlushInstructionCache
VirtualAllocEx
GetExitCodeThread
Module32FirstW
OpenEventW
Module32NextW
WriteProcessMemory
SwitchToThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
IsBadStringPtrW
IsBadReadPtr
IsBadCodePtr
IsBadWritePtr
IsBadStringPtrA
HeapAlloc
HeapSetInformation
HeapCreate
GetProcessHeaps
HeapReAlloc
HeapValidate
HeapFree
GetFileAttributesW
lstrcpynW
GetModuleHandleW
GetVersionExW
lstrlenA
OpenMutexW
lstrcatW
Sleep
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CreateProcessW
WaitForSingleObject
OutputDebugStringW
WriteFile
GetLastError
OpenFileMappingW
lstrcpyW
CreateMutexW
SetEvent
GlobalFree
ExitProcess
lstrcmpiA
SetPriorityClass
GlobalUnlock
GetFileInformationByHandle
GlobalAlloc
GlobalLock
GetTickCount

ntdll

NtQuerySystemInformation
NtQueryInformationFile
NtSuspendProcess
_wcsnicmp
_aulldiv
_aullshr
_allshl
NtRaiseHardError
NtQueryVirtualMemory
RtlUnwind
RtlEqualUnicodeString
RtlNtStatusToDosError
NtResumeProcess
NtQueryObject
_aullrem
memcpy
memset
RtlCreateUserThread
RtlImageNtHeader
ZwQueryInformationProcess
ZwOpenProcess
ZwUnmapViewOfSection
ZwQuerySystemInformation
DbgPrint
ZwQueryInformationThread
ZwResumeThread

advapi32

RegQueryValueExW
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegOpenKeyExW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW

gdi32

BitBlt
CreateSolidBrush
CreateRectRgn
CreateCompatibleBitmap
CreateCompatibleDC
SelectClipRgn
SelectObject
DeleteObject
DeleteDC
SetViewportOrgEx
GetViewportOrgEx
SetDIBitsToDevice
GetClipRgn
GdiFlush
GetDIBits
CreateDIBSection
RestoreDC
SaveDC

comdlg32

GetOpenFileNameW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

winmm

waveOutOpen
PlaySoundW
sndPlaySoundA
PlaySoundA
sndPlaySoundW

shlwapi

StrCmpNIW
StrStrIW
StrCpyNW
StrTrimW
PathSkipRootW

uxtheme

GetThemeAppProperties
SetThemeAppProperties

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03be192b86f869d37450a395f3012269

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

ntdll

advapi32

shell32

gdi32

comdlg32

ole32

winmm

shlwapi

uxtheme

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 4KB