734b95c325b3e0daa58c50df32efcd10_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

734b95c325b3e0daa58c50df32efcd10_NeikiAnalytics.exe
Size

527KB
MD5

734b95c325b3e0daa58c50df32efcd10
SHA1

659d81c4628ea5af374eea8c0061ee94204917ff
SHA256

4e3ec3a72957967bd9ad6ede11d454f1f328c6220376e54477112a0b26589d57
SHA512

2d6f7040548cc4e8d78c7c805cc474b4c232e497082eb3a4466cc7805b3e7af4df70c104f5a9053033b4390d3c7e2c3209dfaebee4d939a5f6892e381fa9a56e
SSDEEP

12288:FFoLiImIdsloU2qD5yj8jhE5ZmxQZ6AruNbElMi5AMlYxFS:FFoAIdsloU2qIPZmxQI1qlMiaMli

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
734b95c325b3e0daa58c50df32efcd10_NeikiAnalytics.exe

Files

734b95c325b3e0daa58c50df32efcd10_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

cb9c6d4bbce7727022db4d65cf9bc2c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\B\T\BuildResults\bin\Release\Browser\Nppdf32.pdb

Imports

uxtheme

SetWindowTheme

kernel32

LoadLibraryW
DeleteFileA
GetTempPathA
GetTempFileNameA
GetModuleFileNameA
OpenFile
CopyFileA
GetVolumeInformationW
WriteFile
SetNamedPipeHandleState
OpenMutexW
GetTickCount
lstrlenW
FreeLibrary
LoadLibraryExA
GetFileAttributesW
GetLongPathNameW
RaiseException
InitializeCriticalSectionEx
GetVersionExW
GetTempPathW
LoadLibraryA
VirtualQuery
CreateDirectoryA
CreateFileA
SetFilePointer
QueryPerformanceCounter
GetLocalTime
EnterCriticalSection
CallNamedPipeW
LocalFree
FormatMessageA
GetSystemDirectoryA
GetProcAddress
FindFirstFileW
CreateEventW
GetExitCodeProcess
GetCurrentThreadId
SetThreadPriority
CreateProcessW
GetThreadId
OpenProcess
lstrcpyW
CreateSemaphoreA
GetModuleHandleExW
VerSetConditionMask
VerifyVersionInfoW
GetFileType
TransactNamedPipe
WaitNamedPipeW
ResetEvent
CreateMutexW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
InitializeCriticalSection
SetLastError
WideCharToMultiByte
MultiByteToWideChar
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
GetCurrentProcessId
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
ResumeThread
TerminateThread
ExitThread
CreateThread
Sleep
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
FindClose
LeaveCriticalSection
GetLastError
OutputDebugStringA
ReadFile
GetFileSize
CreateFileW
GetCurrentProcess
CloseHandle
VirtualProtect
GetSystemInfo

user32

GetWindowThreadProcessId
EnumWindows
GetParent
GetWindow
GetDesktopWindow
SetWindowLongA
GetWindowLongA
ClientToScreen
IsWindowUnicode
PostQuitMessage
DispatchMessageW
GetMessageW
GetMessageA
FindWindowW
MsgWaitForMultipleObjects
GetActiveWindow
WaitForInputIdle
wsprintfW
GetAncestor
CreateWindowExW
FindWindowA
SendMessageA
RegisterWindowMessageA
SetCursor
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetForegroundWindow
GetSubMenu
LoadMenuA
GetFocus
IsChild
CallWindowProcA
LoadStringW
LoadStringA
DestroyCursor
LoadCursorA
MessageBoxA
KillTimer
SetTimer
SetFocus
SystemParametersInfoA
GetClassNameA
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
InvalidateRect
GetWindowRgn
SetWindowRgn
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
GetDlgItem
EndDialog
CreateDialogParamA
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
DefWindowProcA
PostMessageW
PostMessageA
PeekMessageA
DispatchMessageA
TranslateMessage

gdi32

PlayEnhMetaFile
GetEnhMetaFileA
DeleteEnhMetaFile
GetDeviceCaps
Escape
SetTextColor
SetBkColor
GetStockObject
FillRgn
DeleteObject
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
LPtoDP

advapi32

RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
GetTokenInformation
RegQueryValueExA

ole32

CoCreateInstance
CoTaskMemFree

msvcp140

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?widen@?$ctype@G@std@@QBEGD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

vcruntime140

memset
__std_exception_copy
memcmp
wcsrchr
__std_exception_destroy
wcsstr
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
__current_exception
__CxxFrameHandler3
_purecall
strchr
strrchr
strstr
memcpy
__current_exception_context
memchr
__std_terminate
memmove

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_initialize_onexit_table
terminate
_initialize_narrow_environment
_initterm_e
_set_invalid_parameter_handler
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_initterm
_register_onexit_function

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s
strcat
strncmp
wcsncpy_s
strcmp
strlen
strcpy
wcslen
_stricmp
_strnicmp
strncpy
_wcsnicmp
towlower
wcsncmp
tolower
wcscat
wcstok_s
wcsncat_s
wcscpy_s
wcscat_s
_wcsdup
_wcsicmp
iswdigit
_wcslwr_s

api-ms-win-crt-stdio-l1-1-0

tmpfile
__stdio_common_vsnwprintf_s
fseek
fread
fopen
fclose
__stdio_common_vsscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf
__stdio_common_vsnprintf_s
_wfopen_s
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vfwscanf
fwrite

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_wtol
_itow_s
_itoa
_wtof
wcstol

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_waccess_s
_unlink

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

_wgetenv
_wputenv_s

api-ms-win-crt-math-l1-1-0

ceil

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetFolderPathA

Exports

Exports

NP_AcrobatProtectedInitialize
NP_ApolloEntry
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb9c6d4bbce7727022db4d65cf9bc2c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

kernel32

user32

gdi32

advapi32

ole32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

version

shell32

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 180KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 2KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 44B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 283KB - Virtual size: 284KB

.text
Size: 181KB - Virtual size: 180KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 2KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 44B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 283KB - Virtual size: 284KB