79b0cb8f65a73003819ab368e73f7490_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

79b0cb8f65a73003819ab368e73f7490_NeikiAnalytics.exe
Size

4.2MB
MD5

79b0cb8f65a73003819ab368e73f7490
SHA1

c6800363646ae86f222e56bcd34438000c6564ea
SHA256

ec8515d5ad76d66d6a2597aef70c411dd24da22b42e4a2e4371891dc0d6122ec
SHA512

8bebcdd3c653ccc5380f60b53fe6261a926c2ee6d6be22889e6322e203c637112fe06b77921435a84a65f3d3c8f73722e6c17cbd3c7e361563dafe6d98bc5d51
SSDEEP

49152:tqqBblxSyqgj5dBxjVjWChuN3pcHOUTzxa6nmFqeHJEFy3Q/J3NBcgcQ6C6oPms6:trjvu3CU6maIMGoby

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79b0cb8f65a73003819ab368e73f7490_NeikiAnalytics.exe

Files

79b0cb8f65a73003819ab368e73f7490_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

a2b9970c68a976f284a711dcbbb8de3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Sources\foobar2000\foobar2000\x64\Release\foobar2000.pdb

Imports

comctl32

ImageList_Destroy
ord410
ImageList_Create
ImageList_Add
ord17
ord412
ord413

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

shlwapi

SHAutoComplete
ord12
SHDeleteKeyW
StrCmpLogicalW

uxtheme

SetWindowTheme
IsThemePartDefined
GetThemePartSize
DrawThemeBackground
OpenThemeData
EnableThemeDialogTexture
CloseThemeData

kernel32

GetSystemPowerStatus
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
ResumeThread
GetLocaleInfoW
GetNumberFormatW
DecodePointer
GlobalSize
Sleep
SetErrorMode
LoadLibraryW
CreateEventW
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
SetEndOfFile
GetFileTime
FlushFileBuffers
CreateFileW
GetDiskFreeSpaceExW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
GetFileAttributesW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
MoveFileExW
SystemTimeToTzSpecificLocalTime
NormalizeString
TryEnterCriticalSection
OutputDebugStringW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
DeviceIoControl
SetFileTime
SetFilePointer
DosDateTimeToFileTime
GetFileSizeEx
FileTimeToSystemTime
GetSystemTimeAsFileTime
ReadDirectoryChangesW
GetThreadPriority
GetThreadId
GetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
WriteFile
CancelIo
GetOverlappedResult
ReadFile
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GetCommandLineW
LoadLibraryExW
lstrlenW
GetNativeSystemInfo
GetVersionExW
PowerCreateRequest
PowerClearRequest
PowerSetRequest
SetLastError
EnterCriticalSection
SetThreadPriority
LeaveCriticalSection
GetTickCount64
DeleteCriticalSection
GetFileAttributesExW
FindNextFileW
FindClose
GetCurrentThread
SetEvent
ResetEvent
GetExitCodeThread
GetCurrentProcessId
VirtualQuery
VirtualProtect
GetSystemInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CopyFileW
IsDebuggerPresent
FreeLibrary
SetDllDirectoryW
CloseHandle
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GetTickCount
GetProcessHeap
CreateMutexW
InitializeCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
MulDiv
InitializeCriticalSectionEx
GetLastError
RaiseException
WaitForSingleObjectEx

user32

SendMessageW
ShowWindow
EnableWindow
SetWindowTextW
DestroyWindow
UnregisterClassW
CreateDialogParamW
SetWindowLongPtrW
SendDlgItemMessageW
GetActiveWindow
GetWindowLongW
GetClientRect
ClientToScreen
GetWindowRect
SetWindowPos
SetLayeredWindowAttributes
CharUpperW
GetComboBoxInfo
GetSystemMetrics
EnumThreadWindows
GetWindowPlacement
IsIconic
AdjustWindowRect
DrawEdge
SetClipboardData
CloseClipboard
OpenClipboard
FillRect
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
NotifyWinEvent
RedrawWindow
IsRectEmpty
DrawTextW
TrackMouseEvent
InflateRect
FrameRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetNextDlgTabItem
InvalidateRgn
SystemParametersInfoW
ScrollWindowEx
SetScrollPos
UpdateWindow
SetScrollInfo
SetRectEmpty
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
GetScrollInfo
MapDialogRect
IsZoomed
SetMenuItemInfoW
GetMenuItemInfoW
GetDC
BeginPaint
MapVirtualKeyW
AdjustWindowRectEx
EndPaint
InvalidateRect
IsWindowEnabled
SetWindowLongW
PostMessageW
CreateWindowExW
ScreenToClient
IntersectRect
PtInRect
DefWindowProcW
GetMenu
IsDialogMessageW
DrawTextExW
GetWindow
MonitorFromWindow
LoadIconW
RegisterClipboardFormatW
wsprintfW
AllowSetForegroundWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
WindowFromPoint
CheckMenuRadioItem
GetClipboardData
IsCharAlphaW
RegisterShellHookWindow
DeregisterShellHookWindow
IsClipboardFormatAvailable
LoadImageW
RegisterWindowMessageW
RegisterClassW
DispatchMessageW
GetDesktopWindow
OffsetRect
CopyRect
MonitorFromRect
CharLowerW
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EmptyClipboard
IsWindowVisible
MoveWindow
TranslateMessage
PostQuitMessage
GetMessageW
MsgWaitForMultipleObjects
GetCursorPos
SetFocus
KillTimer
SetCapture
SetCursor
LoadCursorW
SetTimer
RegisterClassExW
GetClassInfoExW
PeekMessageW
CallWindowProcW
GetWindowDC
ReleaseDC
DrawFrameControl
GetParent
GetKeyState
GetMessagePos
AppendMenuW
TrackPopupMenu
CreatePopupMenu
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
MessageBoxW
EndDialog
DialogBoxParamW
MessageBeep
SetActiveWindow
EnumChildWindows
MapWindowPoints
SetMenuDefaultItem
TrackPopupMenuEx
GetDlgCtrlID
GetSysColor
GetFocus
TranslateAcceleratorW
LoadAcceleratorsW
DestroyAcceleratorTable
RegisterHotKey
UnregisterHotKey
SetDlgItemTextW
IsChild
SetForegroundWindow
GetWindowLongPtrW

gdi32

SetDCBrushColor
GetStockObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
SetBkColor
SetTextColor
DeleteDC
DeleteObject
GetObjectW
CreateFontIndirectW
CreateRectRgnIndirect
CreateRectRgn
GetTextExtentPoint32W
GetTextColor
GetBkColor
GetCurrentObject
CreatePen
SetBkMode
OffsetRgn
GetDeviceCaps
GetTextMetricsW
LPtoDP
SaveDC
RestoreDC
OffsetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreatePolygonRgn
FrameRgn
FillRgn
SetViewportOrgEx
BitBlt
CombineRgn
SetDCPenColor
LineTo
MoveToEx

advapi32

CryptImportKey
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegDeleteValueW
CryptGetHashParam
CryptVerifySignatureW
CryptHashData
CryptCreateHash
RegGetValueW
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegEnumValueW
CryptAcquireContextW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteExW
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHGetFolderPathW
ord74
SHCreateItemFromIDList
DragAcceptFiles
DragFinish
ord680

ole32

CoCreateInstance
OleSetClipboard
OleGetClipboard
CoTaskMemFree
PropVariantClear
CLSIDFromString
CoTaskMemAlloc
ReleaseStgMedium
CoCreateGuid
RevokeDragDrop
CoUninitialize
CoInitialize
RegisterDragDrop
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
DoDragDrop

oleaut32

SysAllocString
VariantClear
VariantInit

zlib1

inflate
inflateInit2_
crc32
inflateEnd

sqlite3

sqlite3_changes
sqlite3_clear_bindings
sqlite3_column_type
sqlite3_bind_null
sqlite3_reset
sqlite3_bind_int
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_text
sqlite3_bind_text
sqlite3_finalize
sqlite3_prepare_v2
sqlite3_last_insert_rowid
sqlite3_exec
sqlite3_busy_timeout
sqlite3_close
sqlite3_errmsg
sqlite3_open_v2
sqlite3_column_name
sqlite3_column_count
sqlite3_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int64
sqlite3_column_double
sqlite3_column_bytes
sqlite3_column_blob

shared

GetInfiniteWaitEvent
uReplaceCharAdd
?create@t_font_description@@QEBAPEAUHFONT__@@XZ
?g_from_system@t_font_description@@SA?AU1@H@Z
uPrintCrashInfo_AddEnvironmentInfo
?calculate_peak@audio_math@@YANPEBN_K@Z
?popup_dialog@t_font_description@@QEAA_NPEAUHWND__@@@Z
uGetClipboardString
uFixAmpersandChars_v2
uDragQueryFile
uDragQueryFileCount
uSetWindowTextEx
stricmp_utf8_max
stricmp_utf8_ex
uCharLower
?scale@audio_math@@YAXPEBN_KPEANN@Z
uGetCommandLine
uGetModuleHandle
uSetCurrentDirectory
uPrintCrashInfo_SetDumpPath
uPrintCrashInfo_StartLogging
uPrintCrashInfo_Init
uGetCurrentDirectory
uGetEnvironmentVariable
uCreateFile
uEvalKnownFolder
uGetKeyNameText
uRemovePanicHandler
uAddPanicHandler
uSearchPath
uFixPathCaps
uCreateDirectory
uGetFileAttributes
uAddStringLower
uAddStringUpper
uBrowseForFolder
uBrowseForFolderEx
uGetOpenFileName
uGetOpenFileNameMulti
uSendDlgItemMessageText
uSendMessageText
uAppendMenu
ModalDialog_Switch
uSetClipboardString
?uPrintCrashInfo_Suppress@@YAXXZ
uPrintCrashInfo_SetComponentList
uMessageBox
uLoadLibrary
uFindFirstFile
?convert_to_int32@audio_math@@YAXPEBN_KPEAHN@Z
?convert_to_int16@audio_math@@YAXPEBN_KPEAFN@Z
uGetTempFileName
uGetTempPath
stricmp_utf8
uGetModuleFileName
stricmp_utf8_partial
ModalDialog_PokeExisting
ModalDialog_CanCreateNew
PokeWindow
LoadResourceEx
uFileExists
uShellExecute
uStringCompare
??1uCallStackTracker@@QEAA@XZ
??0uCallStackTracker@@QEAA@PEBD@Z
uGetDlgItemText
uSetDlgItemText
FindOwningPopup
uGetWindowText
uExceptFilterProc
uSetWindowText
uPrintCrashInfo_OnEvent
uBugCheck
uFormatSystemErrorMessage
uCharUpper

msvcp140

_Thrd_hardware_concurrency
_Cnd_signal
_Xtime_get_ticks
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Cnd_wait
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_broadcast
?uncaught_exceptions@std@@YAHXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

msvcp140_atomic_wait

__std_atomic_notify_one_direct
__std_atomic_wait_direct

msimg32

GradientFill

oleacc

AccessibleObjectFromWindow
LresultFromObject

crypt32

CertVerifyRevocation
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertVerifyTimeValidity
CertCloseStore
CertFreeCertificateChain
CertFreeCertificateContext

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

winhttp

WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

gdiplus

GdipFree
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipLoadImageFromStream
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDrawImageRect
GdipSetSmoothingMode
GdipSetCompositingMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdiplusStartup
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdiplusShutdown

secur32

InitializeSecurityContextW
AcquireCredentialsHandleW
FreeContextBuffer
AcceptSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
DeleteSecurityContext
DecryptMessage
EncryptMessage

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
__C_specific_handler
memchr
strstr
wcschr
_set_purecall_handler
strrchr
wcsstr
memcpy
memset
memmove
memcmp
__current_exception
__current_exception_context
_CxxThrowException
strchr

api-ms-win-crt-heap-l1-1-0

_aligned_realloc
_aligned_free
free
_recalloc
_set_new_mode
realloc
_aligned_malloc
_expand
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_controlfp_s
_c_exit
_register_thread_local_exe_atexit_callback
abort
_beginthreadex
_invalid_parameter_noinfo
_initialize_onexit_table
_errno
_invalid_parameter_noinfo_noreturn
_set_invalid_parameter_handler
_set_abort_behavior
signal

api-ms-win-crt-math-l1-1-0

tan
llround
_fpclass
_dclass
exp
log10
lround
lroundf
pow
log2
sin
log
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vswprintf_s
_set_fmode
__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcsncpy_s
wcstok_s
wcsncmp
wcslen
strcat_s
wmemcpy_s
wcsnlen
strncmp
strcmp
isalpha
strlen
_strdup
strcpy_s
wcscmp

api-ms-win-crt-convert-l1-1-0

_atoi64
atoll
_wtoi
_wtol
atoi

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 655KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2b9970c68a976f284a711dcbbb8de3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

winmm

shlwapi

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

zlib1

sqlite3

shared

msvcp140

msvcp140_atomic_wait

msimg32

oleacc

crypt32

avrt

winhttp

gdiplus

secur32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 655KB - Virtual size: 655KB

.data Size: 110KB - Virtual size: 139KB

.pdata Size: 172KB - Virtual size: 171KB

_RDATA Size: 136KB - Virtual size: 136KB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 655KB - Virtual size: 655KB

.data
Size: 110KB - Virtual size: 139KB

.pdata
Size: 172KB - Virtual size: 171KB

_RDATA
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 42KB - Virtual size: 41KB