6533631778eee668757516c728ea5650_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6533631778eee668757516c728ea5650_NeikiAnalytics.exe
Size

1.5MB
MD5

6533631778eee668757516c728ea5650
SHA1

851e8c3ca0d411c7b70b9fb3aee9d4893810ed69
SHA256

a674b58f53f730e3d1dd13c0783691e72c5e9f6662462b39d75b2b0ca0dbf20b
SHA512

1e419087086a542c0fbebf901a6372e03edc7e637fba7345e31b303cee866e8766848fa7bba6f6b132f26756e12d89417a1658cf7e49a959cc35ba90639bc502
SSDEEP

12288:ZiZjQU6iX5STScZsF8ufwNC/1OH3PiDV6bzd30CCf5tnFS7l7G1RaNcnUtCx5Afb:9IXOJYsq60CetFS7l7vHx5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6533631778eee668757516c728ea5650_NeikiAnalytics.exe

Files

6533631778eee668757516c728ea5650_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

7a914285d957d7d24b131b59537bad4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

hid

HidD_GetAttributes
HidD_GetHidGuid

lz32

LZClose
LZOpenFileA
LZCopy

mfc42

ord823
ord3721
ord795
ord2448
ord2764
ord2091
ord6880
ord5834
ord2044
ord5450
ord6394
ord940
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5281
ord3748
ord1725
ord5260
ord4432
ord3622
ord364
ord784
ord4241
ord4720
ord2820
ord3811
ord3337
ord1158
ord640
ord1640
ord323
ord2645
ord1105
ord690
ord1988
ord2393
ord5356
ord389
ord2463
ord5355
ord1651
ord1146
ord1168
ord1768
ord551
ord5440
ord6383
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2642
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord693
ord807
ord5214
ord1205
ord2621
ord1151
ord1193
ord2582
ord4402
ord3370
ord3640
ord554
ord2863
ord3996
ord2860
ord5655
ord6215
ord5990
ord5885
ord5884
ord5882
ord5883
ord6146
ord4147
ord6625
ord755
ord470
ord6905
ord6007
ord3301
ord3998
ord6907
ord6696
ord4123
ord3089
ord3564
ord4476
ord692
ord3286
ord6888
ord6675
ord2814
ord5933
ord1074
ord5808
ord6058
ord5204
ord6426
ord6059
ord355
ord3171
ord503
ord635
ord2915
ord317
ord3579
ord384
ord686
ord3571
ord2096
ord5785
ord6654
ord614
ord290
ord4226
ord6662
ord4202
ord818
ord3072
ord1576
ord1832
ord1978
ord2721
ord1871
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord3803
ord3873
ord6927
ord6874
ord537
ord5861
ord296
ord617
ord3317
ord4277
ord616
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord2864
ord2379
ord2859
ord4275
ord2414
ord3626
ord3663
ord1641
ord609
ord3574
ord4396
ord3619
ord2575
ord926
ord5710
ord4129
ord941
ord939
ord924
ord922
ord4204
ord4710
ord6199
ord3092
ord4299
ord6197
ord3874
ord6282
ord6283
ord4224
ord5981
ord4853
ord4376
ord4234
ord2302
ord825
ord324
ord567
ord641
ord656
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord3610
ord4424
ord3402
ord5290
ord1776
ord6055
ord6143
ord6883
ord858
ord6877
ord4278
ord2818
ord535
ord541
ord540
ord860
ord801
ord800
ord5572
ord5683
ord5181
ord2725

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
strstr
_CIpow
_except_handler3
_getpid
fwrite
floor
ceil
strncmp
strchr
strrchr
malloc
free
fread
_fsopen
_ftol
fgets
strncpy
_mbsicmp
atof
sprintf
_controlfp
wcslen
_stricmp
_strupr
_strnicmp
_itoa
_setmbcp
__CxxFrameHandler
_mbscmp
isdigit
atoi
_purecall
fclose
fprintf
fopen

kernel32

FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
ResetEvent
GetFileAttributesA
CreateDirectoryA
CopyFileA
FindResourceA
SizeofResource
LoadResource
LockResource
CreateMutexA
GetLastError
GetModuleFileNameA
SetCurrentDirectoryA
ReleaseMutex
GetPrivateProfileIntA
GetModuleHandleA
WriteFile
SystemTimeToFileTime
FlushFileBuffers
GetTickCount
ResumeThread
WaitForSingleObject
PurgeComm
CreateProcessA
GetFileAttributesExA
WritePrivateProfileStringA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
MoveFileA
InterlockedDecrement
GetTempFileNameA
DeleteFileA
GetTempPathA
CreateEventA
SetEvent
CreateFileA
CloseHandle
BuildCommDCBA
GetCommState
GetCommProperties
GetLongPathNameA
GetPrivateProfileSectionA
GetStartupInfoA
GetCurrentDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrlenA
LocalFree
GetProcAddress
LocalAlloc
ClearCommError
SetCommTimeouts
ReadFile
GetFileSize
Sleep
SetupComm
SetCommState
GetCommTimeouts

user32

GetWindowThreadProcessId
SendMessageTimeoutA
GetClassNameA
EnumWindows
WaitForInputIdle
TranslateAcceleratorA
IsWindowVisible
GetDlgCtrlID
SetWindowPos
GetFocus
EnableMenuItem
GetWindow
LoadAcceleratorsA
GetMenu
RemoveMenu
GetSubMenu
BeginPaint
EndPaint
InsertMenuA
SetFocus
GetLastActivePopup
GetClientRect
IsZoomed
GetWindowTextA
IsWindow
FindWindowA
IsIconic
ShowWindow
SetForegroundWindow
LoadIconA
LoadImageA
GetDlgItem
DrawIcon
EnumChildWindows
GetWindowRect
GetParent
PostMessageA
GetCursorPos
ScreenToClient
SetCursor
GetDC
ReleaseDC
LoadCursorA
EnableWindow
GetSystemMetrics
SendMessageA
MessageBoxA

gdi32

SetTextColor
CreateFontIndirectA
GetPixel
CreateCompatibleDC
CreateFontA
TextOutA
SelectObject
GetTextExtentPoint32A
GetObjectA

winspool.drv

ConfigurePortA

advapi32

SetEntriesInAclA
FreeSid
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
CryptAcquireContextA
CryptGenKey
CryptImportKey
RegQueryValueExA
RegCloseKey
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
AllocateAndInitializeSid

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA

comctl32

ImageList_Add
ImageList_AddMasked

ole32

CLSIDFromProgID
CLSIDFromString
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
SysAllocString
VariantClear
SysFreeString

odbc32

ord31
ord57
ord24
ord7
ord9
ord16
ord26
ord13
ord4
ord54
ord40
ord45
ord47
ord75
ord36

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Sections

.text
Size: 524KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 880KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a914285d957d7d24b131b59537bad4f

Headers

File Characteristics

Imports

version

setupapi

hid

lz32

mfc42

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

odbc32

msvcp60

Sections

.text Size: 524KB - Virtual size: 522KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 44KB - Virtual size: 42KB

.rsrc Size: 880KB - Virtual size: 878KB

.text
Size: 524KB - Virtual size: 522KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 44KB - Virtual size: 42KB

.rsrc
Size: 880KB - Virtual size: 878KB