942dbfa3b742d164ee294d3c03fdde50_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

942dbfa3b742d164ee294d3c03fdde50_NeikiAnalytics.exe
Size

380KB
MD5

942dbfa3b742d164ee294d3c03fdde50
SHA1

1c490041721b53704adf8387b4b9348a8ef56804
SHA256

6da38517ff59d80a1da84fe60f01916efb0efd9efdaca9c53e85338ed5e0c5e5
SHA512

dc1eb217de1abc7201a46fabf6b48194cf8f10a7844267789eee82af3b206fc5cf261e278b1af09f3bba6b6928d88101f4e2b3163d0ec9b0081e15fa9fcda338
SSDEEP

6144:NfBIOlGuk6raY/ppkrymHnNqweUkse865BV52Xbeij89htfzZ:NfBIOlGukU/YrymHn0weq8NCbJKZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
942dbfa3b742d164ee294d3c03fdde50_NeikiAnalytics.exe

Files

942dbfa3b742d164ee294d3c03fdde50_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

3d21aa11ff2e9138a34ebdd9d1895d89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
InternetReadFile
InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetCanonicalizeUrlW

kernel32

ExitThread
WriteFile
CreateFileW
CreateDirectoryExW
CloseHandle
LockResource
SizeofResource
LoadResource
FindResourceW
ReadFile
DeleteFileW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
LoadLibraryW
InterlockedDecrement
GetCommandLineW
ExitProcess
GetModuleFileNameW
DeviceIoControl
GetFileAttributesW
CreateProcessW
WideCharToMultiByte
GetSystemInfo
GetVersionExW
GetCurrentProcess
GetLocaleInfoW
LocalAlloc
GetCurrentThread
GetComputerNameA
GetTempPathW
GetLongPathNameW
InterlockedIncrement
GetLastError
WaitForSingleObject
WaitForMultipleObjects
Sleep
GetStartupInfoW
LocalFree

user32

GetWindowTextW
SetWindowTextW
GetDlgItem
TranslateMessage
DispatchMessageW
GetParent
TranslateAcceleratorW
GetMessageW
SetFocus
SetCursorPos
GetWindow
UpdateWindow
LoadIconW
RegisterClassExW
DefWindowProcW
DialogBoxParamW
BeginPaint
EndPaint
PostQuitMessage
LoadStringW
IsDlgButtonChecked
GetWindowRect
MoveWindow
MessageBoxW
GetClientRect
LoadCursorW
SetCursor
RemovePropW
LoadAcceleratorsW
CallWindowProcW
CreateWindowExW
SetPropW
GetWindowLongW
SetWindowLongW
PostMessageW
EnableWindow
ShowWindow
SetWindowPos
GetPropW
SystemParametersInfoW
GetDC
ReleaseDC
GetSystemMetrics
wsprintfW
SendMessageW

gdi32

GetTextMetricsW
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
SetTextColor
DeleteObject

comdlg32

GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation
GetUserNameA
AllocateAndInitializeSid
FreeSid
OpenThreadToken

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance

oleaut32

VariantClear

msvcp60

??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??_7runtime_error@std@@6B@
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@II@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?nothrow@std@@3Unothrow_t@1@B
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

msvcrt

_strlwr
_controlfp
wcslen
__CxxFrameHandler
_atoi64
atol
_beginthreadex
??2@YAPAXI@Z
sprintf
fread
fopen
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
sscanf
_purecall
malloc
free
??0exception@@QAE@ABQBD@Z
_ftol
strpbrk
wcscmp
wcscpy
isalnum
isspace
rand
srand
time
_wcslwr
swprintf
wcstol
wcstoul
wcsstr
wcsncpy
_ultow
_callnewh
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d21aa11ff2e9138a34ebdd9d1895d89

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp60

msvcrt

Sections

.text Size: 256KB - Virtual size: 254KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 28KB - Virtual size: 40KB

.rsrc Size: 52KB - Virtual size: 50KB

.text
Size: 256KB - Virtual size: 254KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 52KB - Virtual size: 50KB