7937348c779626d93f2d2883cc3934a0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7937348c779626d93f2d2883cc3934a0_NeikiAnalytics.exe
Size

9.0MB
MD5

7937348c779626d93f2d2883cc3934a0
SHA1

e97042d3db4be328c3f8ab44203f87bf4e7720dc
SHA256

03c3615b527685b1962db21fbff55fe5e193e2be94814fe185aaaa4d65586c9c
SHA512

b7f8d1f1ec06821c80ba1f77e15e5e7cf4dd981f1c5595731a1f14e2234ac19ead2957aa669784da53ddb7819a6fe032ebede3e41f66a6ed909aa1bb45d970d7
SSDEEP

98304:1Z+6eHbbMBKC8oAll32yzAP2HjPe3D527BWG:7WAkt2y0PcjP+VQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7937348c779626d93f2d2883cc3934a0_NeikiAnalytics.exe

Files

7937348c779626d93f2d2883cc3934a0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

3fb0d0da8c7afcd1bd7a13b60ebfe87d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA

kernel32

TlsSetValue
TlsGetValue
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
QueueUserAPC
TerminateThread
WaitForMultipleObjects
RaiseException
InitializeCriticalSectionEx
DecodePointer
GetCurrentThreadId
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeviceIoControl
GetDriveTypeW
GetFileTime
GetCurrentProcess
GetDiskFreeSpaceW
LocalFree
FormatMessageA
GetThreadId
GetCurrentThread
SleepEx
CreateWaitableTimerW
GetVolumeInformationW
GetComputerNameW
GetModuleFileNameW
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
WideCharToMultiByte
CreateProcessW
GlobalMemoryStatusEx
GetSystemInfo
GetModuleHandleA
GetOverlappedResult
LoadLibraryW
HeapDestroy
HeapReAlloc
HeapSize
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreW
lstrlenW
ReadDirectoryChangesW
GetLongPathNameW
CancelIo
SetThreadErrorMode
GetVersionExA
CreateDirectoryA
GetFileInformationByHandle
GetVolumeInformationA
GlobalFree
GetStdHandle
GetFileType
GetVersion
ExitThread
FindFirstFileW
FindNextFileW
GetCurrentProcessId
GetVersionExW
GlobalMemoryStatus
lstrcpyA
lstrcatA
lstrlenA
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapCompact
DeleteFileW
DeleteFileA
LoadLibraryA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
VirtualLock
VirtualUnlock
MoveFileExW
GetEnvironmentVariableW
GetModuleHandleExW
RtlVirtualUnwind
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SetWaitableTimer
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
GetTimeZoneInformation
ExitProcess
DuplicateHandle
FreeLibraryAndExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
RtlPcToFileHeader
RtlUnwindEx
CopyFileW
CreateDirectoryExW
SetFilePointerEx
RemoveDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CreateWaitableTimerA
ResumeThread
ResetEvent
OpenEventA
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
GetQueuedCompletionStatus
GetModuleFileNameA
CreateThread
CreateEventW
OutputDebugStringA
SetLastError
SetConsoleTitleW
AllocConsole
LoadLibraryExW
GetTickCount
GetSystemTimeAsFileTime
FreeLibrary
GetModuleHandleW
GetProcAddress
K32EnumProcesses
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
SleepConditionVariableCS
GetExitCodeProcess
QueryPerformanceCounter
CreateProcessA
QueryPerformanceFrequency
GetEnvironmentVariableA
CreatePipe
SetHandleInformation
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
RemoveDirectoryA
MultiByteToWideChar
DeleteCriticalSection
InitializeConditionVariable
InitializeCriticalSection
WakeAllConditionVariable
GetProcessHeap
HeapAlloc
CreateFileA
Sleep
WriteFile
HeapFree
WaitNamedPipeA
SetNamedPipeHandleState
ReadFile
WaitForSingleObject
CreateEventA
TlsFree
CloseHandle
TlsAlloc
SetEvent
GetLastError
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetStringTypeW
GetExitCodeThread
GetLocaleInfoEx
RtlUnwind

user32

SendNotifyMessageW
RegisterWindowMessageW
PostMessageW
LoadStringA
GetCursorPos
GetAsyncKeyState
SetWindowsHookExW
UnhookWindowsHookEx
ClipCursor
CallNextHookEx
GetDC
ReleaseDC
GetDesktopWindow
SetCursorPos
GetCursorInfo
ShowCursor
SendMessageTimeoutA
GetSystemMetrics
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

gdi32

GetPixel

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptGenRandom
OpenSCManagerW
CloseServiceHandle
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptVerifySignatureW
CryptAcquireContextW
CryptDestroyKey
GetUserNameA
CryptSignHashW
CryptImportKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegSetValueExA
ReportEventA
RegisterEventSourceA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
CreateWellKnownSid
AddAccessAllowedAceEx
RegSetKeyValueA
RegEnumKeyExA
RegGetValueA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
OpenServiceA

shell32

ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathA
SHOpenFolderAndSelectItems
SHGetFolderPathW
SHCreateItemFromParsingName
ord190
ord155
SHGetFolderPathA

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ws2_32

listen
ntohl
htons
ntohs
WSAStartup
WSACleanup
htonl
WSAStringToAddressA
WSASend
WSAGetLastError
WSASetLastError
closesocket
ioctlsocket
bind
WSASocketW
shutdown
WSARecv
getpeername
getsockopt
WSAAddressToStringA
setsockopt
getsockname
gethostname
__WSAFDIsSet
accept
recv
gethostbyaddr
inet_addr
gethostbyname
freeaddrinfo
getaddrinfo
socket
sendto
send
select
recvfrom
connect

mswsock

AcceptEx
GetAcceptExSockaddrs

bcrypt

BCryptEncrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptFinishHash
BCryptDestroyHash
BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptGenRandom

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW
UuidCreate
RpcStringFreeA
UuidToStringA

shlwapi

UrlEscapeW
UrlEscapeA
PathBuildRootW
PathGetDriveNumberW
UrlUnescapeA
PathFindFileNameW

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

netapi32

NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 345KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 632KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3fb0d0da8c7afcd1bd7a13b60ebfe87d

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

mswsock

bcrypt

crypt32

rpcrt4

shlwapi

winhttp

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

netapi32

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 345KB - Virtual size: 381KB

.pdata Size: 262KB - Virtual size: 262KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 632KB - Virtual size: 636KB

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 345KB - Virtual size: 381KB

.pdata
Size: 262KB - Virtual size: 262KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 632KB - Virtual size: 636KB