65f30d570376833e33b8cdb351305260_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

65f30d570376833e33b8cdb351305260_NeikiAnalytics.exe
Size

305KB
MD5

65f30d570376833e33b8cdb351305260
SHA1

668010c99ada4e91f35006194af9da476eb5eaf2
SHA256

b26aaa0025842418c8a4240dea0bf2056194d19ba11aea3431756e4bb10d1d8a
SHA512

8db23394987815b46b4258e83743ac44161f740b5b1cf63b6621c71814202eca565abb2a70ddf450725ef3f44e7b322c8cb5a1bf9f006934a1f80e6f2ab3a3d0
SSDEEP

6144:90ft4TBJ/xm4tKkSv78yjASWnG1mhwEFZa:6ft4Tr0qiBAVnG16FY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65f30d570376833e33b8cdb351305260_NeikiAnalytics.exe

Files

65f30d570376833e33b8cdb351305260_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

471f331a35209fc5ab9d12f12286f219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenSystemStoreA
PFXExportCertStoreEx
CertEnumCertificatesInStore
CertNameToStrA
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore

ntdll

NtQueryInformationThread
_strcmpi
RtlValidateHeap
RtlSizeHeap
isalpha
NtOpenProcess
strtoul
strncpy
NtQuerySystemInformation
RtlAdjustPrivilege
LdrFindEntryForAddress
RtlTryEnterCriticalSection
NtQueryInformationProcess
_itoa
NtQueryObject
NtFreeVirtualMemory
_alldiv
_allmul
isalnum
strncmp
_strlwr
atoi
NtUnmapViewOfSection
RtlInitUnicodeString
NtOpenFile
NtCreateSection
NtMapViewOfSection
NtClose
sprintf
memmove
NtQueryInformationFile
NtReadVirtualMemory
NtWriteVirtualMemory
NtProtectVirtualMemory
sscanf
memcpy
NtTerminateThread
memset
_chkstk
_snprintf
_vsnprintf
wcsstr
strstr
NtAllocateVirtualMemory
NtDuplicateObject

ws2_32

htons
inet_ntoa
socket
WSAGetLastError
WSAStartup
inet_addr
sendto
select
__WSAFDIsSet
recvfrom
ntohs
gethostbyname
getpeername

wininet

FindCloseUrlCache
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
HttpAddRequestHeadersA
GetUrlCacheEntryInfoW
InternetSetCookieA
InternetSetOptionA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetStatusCallback

shlwapi

SHGetValueA
StrCmpNA
SHDeleteValueA
SHRegSetUSValueA
StrSpnA
StrPBrkA
StrStrA
StrStrIA
PathCombineA
StrCmpNIA

msimg32

AlphaBlend

urlmon

ObtainUserAgentString

kernel32

TerminateProcess
VirtualQuery
SetErrorMode
OpenThread
CreateEventA
GetWindowsDirectoryA
lstrcpyW
FindFirstFileW
FindNextFileW
CreateProcessA
GetVersionExA
GetUserDefaultLangID
IsBadWritePtr
LoadResource
SizeofResource
GetModuleHandleA
GetTimeZoneInformation
CreateSemaphoreA
ReleaseSemaphore
VirtualQueryEx
VirtualAllocEx
ResumeThread
FlushInstructionCache
SetFileTime
GetTickCount
OpenMutexA
CreateMutexA
OpenProcess
lstrlenW
GetFileInformationByHandle
GetLocalTime
FileTimeToSystemTime
lstrlenA
lstrcpyA
DuplicateHandle
CreateDirectoryW
CreateDirectoryA
LocalFileTimeToFileTime
lstrcmpA
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetCurrentProcessId
CreateNamedPipeA
ConnectNamedPipe
FlushFileBuffers
DisconnectNamedPipe
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
WideCharToMultiByte
GetFileAttributesW
GetLogicalDriveStringsA
QueryDosDeviceA
FindFirstFileA
OutputDebugStringA
GetCurrentThreadId
GetLastError
CloseHandle
CreateThread
Sleep
HeapFree
HeapValidate
HeapAlloc
GetProcessHeap
IsBadReadPtr
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetEnvironmentVariableA
SetEnvironmentVariableA
SuspendThread
SetThreadPriority
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
CreateFileMappingA
GetModuleFileNameA
InitializeCriticalSection
GetExitCodeThread
HeapReAlloc
GetThreadPriority
WriteFile
WaitNamedPipeA
MultiByteToWideChar
ReadProcessMemory
GetThreadSelectorEntry
GetThreadContext
WriteProcessMemory
VirtualProtectEx
DeleteFileW
SetFileAttributesW
CreateFileW
SetLastError
SetEvent
GetTempFileNameA
ExitThread
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
MoveFileExA

user32

MsgWaitForMultipleObjects
GetKeyboardState
DispatchMessageW
TranslateMessage
PeekMessageW
CharLowerA
wsprintfA
EnumWindows
LoadStringA
LoadStringW
ReleaseDC
GetWindowThreadProcessId
SetWindowLongA
GetWindowLongA
GetKeyState
WindowFromPoint
CallWindowProcA
GetWindowDC
GetWindowRect
GetCursorPos
ToUnicode

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
SetPixel
CreateDIBSection
SetBitmapBits

advapi32

CryptGetUserKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
CryptDestroyKey
CryptGetKeyParam
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 296KB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

471f331a35209fc5ab9d12f12286f219

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ntdll

ws2_32

wininet

shlwapi

msimg32

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 296KB - Virtual size: 9.5MB

.reloc Size: 8KB - Virtual size: 9.8MB

.text
Size: 296KB - Virtual size: 9.5MB

.reloc
Size: 8KB - Virtual size: 9.8MB