064aa75b43c822d8606687ff4880d260_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

064aa75b43c822d8606687ff4880d260_NeikiAnalytics.exe
Size

2.4MB
MD5

064aa75b43c822d8606687ff4880d260
SHA1

4c1bf7ba112b18bfa01cc230baed58f857b60a09
SHA256

ca8ebe428db495cf9709852e53c67415010ff5659fdb054ef3a123f269248983
SHA512

89ee08abb05aa68d4607fa3be5835b95b63fc0513ff721e5ad48d6d42e56f5179e3a6b17cf049608a0b1fe64123a4bb95411e12d0252d2b71c3df3786bc26c8f
SSDEEP

49152:YT8Aa84uOnyi+Plmz6Pw6luRnL4InPriATl+hTmEa2Eu/30gjs9myY85qIT:jRyi+Pq6Pw4uRnL4IPrbTMDPjA7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
064aa75b43c822d8606687ff4880d260_NeikiAnalytics.exe

Files

064aa75b43c822d8606687ff4880d260_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

b92734f4fbf8643f8fb98f4d75ab019c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetProcessHeap
FreeLibrary
IsBadReadPtr
GetModuleHandleA
GetTickCount
GetModuleHandleW
Sleep
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileStringA
InitializeCriticalSection
MultiByteToWideChar
GetTickCount64
DeleteCriticalSection
VirtualQuery
HeapCreate
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
CloseHandle
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
GetStdHandle
WriteConsoleA
ReadConsoleA
FreeConsole
SetStdHandle
Beep
HeapAlloc
GetModuleFileNameA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibraryAndExitThread
DisableThreadLibraryCalls
LoadLibraryW
CreateThread
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileType
GetFileSizeEx
ExitProcess
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
VirtualFree
DeleteFileW
RemoveDirectoryW
SetEnvironmentVariableW
SetLastError
HeapFree
WriteProcessMemory
VirtualProtect
GetModuleHandleExW
ExitThread
ReadFile
GetLastError
FormatMessageW
WideCharToMultiByte
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
TerminateProcess
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
RaiseException

user32

GetAsyncKeyState
CallWindowProcA
SetWindowLongA
FlashWindowEx
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemory

winmm

PlaySoundA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

Sections

.text
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 484KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b92734f4fbf8643f8fb98f4d75ab019c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

d3dx9_43

winmm

imm32

wininet

Sections

.text Size: 880KB - Virtual size: 879KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 484KB - Virtual size: 548KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 880KB - Virtual size: 879KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 484KB - Virtual size: 548KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 50KB - Virtual size: 49KB