50fc4995d8514fd870dfdc3418509990_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

50fc4995d8514fd870dfdc3418509990_NeikiAnalytics.exe
Size

3.3MB
MD5

50fc4995d8514fd870dfdc3418509990
SHA1

a52e7aec75b56a489381b3ed4381dc4e8381f058
SHA256

57971aa98aea39d2fbe7b84226f2e03ec1fce124ba4037613f6e6442896f23ba
SHA512

a7eab1653ffeae2c8db0c4383032f2c059f2b4f80c20251ae9f085eecdeaedd329c0c97bceb80aa55205c069e6439ddf37a6a7e3767748d72845fdd5d8d2fd31
SSDEEP

49152:z6qlMxLcEXNKOtpLc34F3BDqy5eRxQVAYhKfvyJMojpEG9BW6:UWmNB7LApykRO/K2pN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50fc4995d8514fd870dfdc3418509990_NeikiAnalytics.exe

Files

50fc4995d8514fd870dfdc3418509990_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

a818c290d0d9a03392a4ab98e74d332c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord74

shlwapi

PathFileExistsW
SHDeleteEmptyKeyW
PathCombineW
PathFindFileNameW
StrStrIW
PathRemoveFileSpecW
PathQuoteSpacesW
SHDeleteKeyW
PathRemoveBackslashW
PathAppendW

shell32

SHGetKnownFolderPath
ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify

kernel32

ReleaseSemaphore
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetACP
HeapSize
FormatMessageW
GetLastError
WaitForSingleObjectEx
OpenSemaphoreW
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW
DeleteCriticalSection
VerSetConditionMask
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
VerifyVersionInfoW
DebugBreak
lstrcmpW
IsDebuggerPresent
FindFirstFileW
GetFullPathNameW
FindNextFileW
GetPrivateProfileIntW
GetModuleFileNameW
GetUserDefaultUILanguage
FindClose
GetSystemInfo
FreeLibrary
LoadLibraryExW
GetSystemDirectoryW
CreateProcessW
lstrlenW
lstrcmpiW
GetPrivateProfileStructW
WritePrivateProfileStringW
GetCurrentProcess
WriteFile
CompareStringOrdinal
DeleteAtom
SetEndOfFile
CreateFileW
GetFileAttributesW
SetLastError
GetAtomNameW
GetPrivateProfileStringW
WritePrivateProfileStructW
GetFileAttributesExW
DeleteFileW
GetWindowsDirectoryW
SetFilePointerEx
LocalFree
SetThreadStackGuarantee
MultiByteToWideChar
GetTickCount
CompareFileTime
RemoveDirectoryW
CreateToolhelp32Snapshot
GetFileType
Process32NextW
Process32FirstW
SystemTimeToFileTime
CreateMutexA
LoadLibraryA
WriteConsoleW
GetConsoleMode
GetStdHandle
TlsFree
InitOnceComplete
TlsAlloc
InitOnceBeginInitialize
PostQueuedCompletionStatus
CreateThread
GetModuleHandleA
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
TlsSetValue
TlsGetValue
GetCPInfo
GetStringTypeW
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
WideCharToMultiByte
OutputDebugStringW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
ExitProcess
LCMapStringW
GetLocaleInfoW
LoadLibraryExA
IsValidLocale
GetUserDefaultLCID
VirtualProtect
EnumSystemLocalesW
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
EncodePointer
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetHandleInformation
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
TerminateProcess
RtlUnwind
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
SwitchToThread
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileInformationByHandleEx
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileInformationByHandle
FindFirstFileExW
GetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
VirtualQuery
Sleep

user32

SetForegroundWindow
MessageBoxW
SendMessageW
GetSysColor
FindWindowW
MessageBoxA
GetActiveWindow
SendMessageTimeoutW

advapi32

RegOpenKeyExW
SystemFunction036
RegCloseKey
RegGetValueA
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CoInitialize
CoUninitialize

oleaut32

RegisterTypeLibForUser
UnRegisterTypeLibForUser
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi

bcrypt

BCryptGenRandom

ntdll

NtReadFile
RtlCaptureContext
NtWriteFile
NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile

crypt32

CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateStore
CertVerifyTimeValidity
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertFreeCertificateContext

secur32

FreeCredentialsHandle
FreeContextBuffer
EncryptMessage
QueryContextAttributesW
ApplyControlToken
AcceptSecurityContext
AcquireCredentialsHandleA
DecryptMessage
InitializeSecurityContextW
DeleteSecurityContext

ws2_32

WSASend
send
recv
getpeername
WSAGetLastError
getsockname
closesocket
setsockopt
shutdown
WSASocketW
ioctlsocket
WSAIoctl
bind
connect
getsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup

comctl32

ord345
ord344

Exports

Exports

AssociateTxt
AssociateTxtPerUser
CurrentUserAction
Finish
FinishPerUser
NewKeyRequired
PathEnv
PathEnvPerUser
PreUpgrade
Uninstall
Uninstall2
UninstallPerUser

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a818c290d0d9a03392a4ab98e74d332c

Headers

DLL Characteristics

File Characteristics

Imports

msi

shlwapi

shell32

kernel32

user32

advapi32

ole32

oleaut32

bcrypt

ntdll

crypt32

secur32

ws2_32

comctl32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 753KB - Virtual size: 752KB

.data Size: 10KB - Virtual size: 17KB

.reloc Size: 109KB - Virtual size: 109KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 753KB - Virtual size: 752KB

.data
Size: 10KB - Virtual size: 17KB

.reloc
Size: 109KB - Virtual size: 109KB