97bbb9393207d7b7b26843d3df14ec70_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

97bbb9393207d7b7b26843d3df14ec70_NeikiAnalytics.exe
Size

1.1MB
MD5

97bbb9393207d7b7b26843d3df14ec70
SHA1

819a9c66547f385faa6d2547eefcb1aff04cf3ec
SHA256

b4f5e89e7ff5d8335872f99ef302eb47916a0340c5efb7ffd90aa9c68623f3fd
SHA512

0b9ef3a1c5630091cfae03653a503aba34dabc64e9f5837d18ea107ad747459ba2de74b7bb91b93b6b3afbbf44f5ce95b520902505da164c697c7443985b7046
SSDEEP

24576:+mcP3/lBK27WgX6iD2C2/YpzgMmQtUw+JvXADNKbDo7ZOi2qSvnJf7Jrae70:U973XtS56NxZJ2jv91ra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97bbb9393207d7b7b26843d3df14ec70_NeikiAnalytics.exe

Files

97bbb9393207d7b7b26843d3df14ec70_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

61800fb86a561f6c811f352fd90ea22f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ntbackup.pdb

Imports

mfc42u

ord2729
ord5268
ord5267
ord602
ord3562
ord2281
ord927
ord4273
ord2574
ord4396
ord3365
ord3635
ord693
ord686
ord802
ord384
ord542
ord6896
ord2857
ord6898
ord2088
ord5647
ord3122
ord3611
ord350
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord1739
ord5573
ord3167
ord5649
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord4414
ord2391
ord4211
ord665
ord1971
ord3178
ord6381
ord5180
ord354
ord941
ord501
ord773
ord5736
ord4947
ord4852
ord6004
ord1817
ord338
ord4817
ord4233
ord652
ord2078
ord2855
ord1560
ord268
ord4078
ord1936
ord1826
ord4224
ord4583
ord4582
ord4893
ord4364
ord4886
ord4527
ord4334
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord3743
ord1718
ord5256
ord4426
ord5906
ord2970
ord4282
ord4279
ord3792
ord1833
ord784
ord5070
ord4341
ord5277
ord2083
ord804
ord4236
ord3701
ord2579
ord4400
ord3389
ord3724
ord364
ord4714
ord5848
ord4502
ord4780
ord6139
ord6874
ord801
ord4988
ord834
ord541
ord3753
ord935
ord939
ord2070
ord5031
ord2236
ord5854
ord6298
ord4163
ord5603
ord6136
ord2754
ord1083
ord5617
ord654
ord341
ord413
ord711
ord2400
ord2858
ord2090
ord539
ord537
ord1808
ord4215
ord2576
ord3649
ord2430
ord1637
ord3084
ord6266
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord3093
ord4371
ord4848
ord5283
ord4829
ord3694
ord489
ord4253
ord768
ord4709
ord1683
ord4433
ord2046
ord4425
ord3695
ord496
ord4254
ord5050
ord2520
ord5845
ord2876
ord3470
ord5284
ord5790
ord6168
ord5785
ord4238
ord3288
ord3281
ord4442
ord4665
ord4670
ord4975
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord4422
ord796
ord807
ord4584
ord4407
ord5251
ord4495
ord3865
ord4356
ord4143
ord554
ord529
ord402
ord6063
ord6205
ord5048
ord4901
ord6065
ord3479
ord4462
ord2250
ord5867
ord2486
ord2619
ord2618
ord5996
ord2109
ord5879
ord2112
ord4451
ord4718
ord5677
ord3739
ord3693
ord765
ord4199
ord4269
ord4605
ord4603
ord4479
ord3466
ord1994
ord5725
ord5190
ord5498
ord3441
ord3190
ord985
ord3597
ord648
ord334
ord5727
ord6399
ord2504
ord5124
ord6371
ord692
ord6193
ord5047
ord815
ord4480
ord2546
ord3917
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord2717
ord5746
ord4604
ord3282
ord5846
ord4606
ord6191
ord986
ord411
ord1229
ord4154
ord2613
ord6113
ord6024
ord1264
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord832
ord5446
ord6390
ord5436
ord6379
ord860
ord3728
ord810
ord4266
ord3393
ord3291
ord4118
ord1561
ord1177
ord1127
ord643
ord2443
ord5978
ord329
ord3197
ord1169
ord5856
ord1941
ord772
ord500
ord5274
ord5714
ord2621
ord1134
ord1258
ord5602
ord1761
ord5798
ord3867
ord5605
ord5597
ord6565
ord4272
ord536
ord3312
ord2776
ord6655
ord3092
ord6867
ord2859
ord2756
ord6278
ord6237
ord470
ord6115
ord755
ord472
ord5783
ord5784
ord4292
ord4128
ord836
ord3050
ord323
ord920
ord837
ord6017
ord5869
ord2397
ord640
ord2746
ord5871
ord6166
ord283
ord818
ord3737
ord919
ord929
ord2854
ord5781
ord1633
ord1143
ord3566
ord1634
ord3614
ord3568
ord4270
ord2406
ord3621
ord3658
ord6770
ord922
ord2291
ord6279
ord2755
ord3805
ord933
ord3875
ord3420
ord3049
ord3222
ord3403
ord2910
ord5568
ord5929
ord3605
ord6451
ord656
ord2290
ord2244
ord4280
ord4283
ord6211
ord3476
ord5977
ord3133
ord4294
ord527
ord794
ord5679
ord5706
ord4124
ord2809
ord2371
ord2914
ord942
ord3871
ord940
ord535
ord609
ord3569
ord4390
ord2567
ord3716
ord6195
ord795
ord5279
ord401
ord4494
ord976
ord4461
ord5250
ord4421
ord2437
ord4430
ord1658
ord2641
ord2374
ord5233
ord4072
ord4147
ord2873
ord2874
ord3398
ord5468
ord5006
ord3346
ord4298
ord5098
ord5094
ord3054
ord2382
ord2715
ord2093
ord5095
ord674
ord4240
ord1850
ord1008
ord771
ord2350
ord823
ord1662
ord2644
ord3087
ord2634
ord5949
ord616
ord567
ord3577
ord4418
ord3397
ord5286
ord4392
ord1768
ord6051
ord2570
ord4213
ord2015
ord2403
ord2294
ord2293
ord1172
ord1165
ord2362
ord825
ord2637
ord4847

msvcrt

realloc
malloc
free
wcsncpy
wcscmp
_wcsicmp
swscanf
wcsstr
_wcslwr
_ftol
wcschr
calloc
wcscat
_wcsupr
memmove
_CxxThrowException
wprintf
wcsncat
_snwprintf
wcspbrk
wcsncmp
_except_handler3
_local_unwind2
_wcsnicmp
_purecall
wcscpy
wcsrchr
wcslen
__CxxFrameHandler
swprintf
_wtoi
isalpha
localtime
_tzset
mktime
_putenv
_errno
fseek
_fdopen
_open_osfhandle
_wcsrev
_wcsdup
fflush
fread
_filelength
_getpid
_mbscpy
_mbslen
_wfopen
wcstok
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf
isspace
fclose
ftell
time
clearerr
fwrite

advapi32

RegOpenKeyExA
QueryServiceStatus
OpenServiceW
StartServiceW
GetUserNameW
RegisterEventSourceW
ReportEventW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
RegDeleteValueW
AddAccessAllowedAce
RegQueryValueExA
ReadEncryptedFileRaw
WriteEncryptedFileRaw
EnumDependentServicesW
ControlService
OpenEncryptedFileRawW
CloseEncryptedFileRaw
EncryptFileW
DecryptFileW
RegRestoreKeyW
RegLoadKeyW
RegFlushKey
RegUnLoadKeyW
RegReplaceKeyW
RegConnectRegistryW
InitializeAcl
GetAce
EqualSid
DeleteAce
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
RegOpenKeyW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
OpenThreadToken
RegSaveKeyW
SetFileSecurityW

kernel32

GetCurrentProcess
GetTickCount
Sleep
GetComputerNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
DeleteCriticalSection
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
ExpandEnvironmentStringsW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetCurrentDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
CreateThread
FindFirstFileW
FindClose
GetLocaleInfoW
SetLastError
GetLastError
DeleteFileW
CreateDirectoryW
CreateFileW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
GetTapeParameters
ReleaseMutex
CreateMutexW
GetCurrentThreadId
GetVersionExW
GetSystemDirectoryW
ReleaseSemaphore
CreateSemaphoreW
LocalFree
VerifyVersionInfoW
VerSetConditionMask
FindNextFileW
FormatMessageW
CreateProcessW
GlobalFree
LockResource
LoadResource
FindResourceW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
SetFileAttributesW
GetFileInformationByHandle
GetExitCodeThread
GetEnvironmentVariableW
WriteFile
ReadFile
DeviceIoControl
FlushFileBuffers
GetVolumePathNameW
GetUserDefaultLCID
MultiByteToWideChar
SetEvent
CreateEventW
HeapFree
HeapAlloc
GetProcessHeap
SetFilePointer
GetSystemTime
CloseHandle
GetWindowsDirectoryW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetCurrentDirectoryA
GetCurrentDirectoryW
CompareStringW
GetNumberFormatW
SetErrorMode
SetEndOfFile
SetTapePosition
GetTapePosition
EraseTape
WriteTapemark
GetTapeStatus
SetTapeParameters
PrepareTape
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
ExitThread
MoveFileExW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
BackupRead
BackupWrite
CreateHardLinkW
BackupSeek
GetFileSize
LockFile
SetFileShortNameW
SetFileTime
LocalFileTimeToFileTime
GetCompressedFileSizeW
RemoveDirectoryW
WideCharToMultiByte
LoadLibraryA

gdi32

GetObjectW
Polygon
CombineRgn
CreateRectRgn
DeleteObject
GetTextExtentPoint32W
BitBlt
PatBlt
Rectangle
GetMapMode
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectW

user32

PeekMessageW
EnableWindow
SendMessageW
PostMessageW
GetCapture
SetActiveWindow
GetAsyncKeyState
GetDlgItem
AppendMenuW
wvsprintfW
LoadStringW
GetKeyState
GetWindowRect
ScreenToClient
EnableMenuItem
DeleteMenu
SetClassLongW
IsCharAlphaW
IsCharAlphaNumericW
GetCursorPos
WindowFromPoint
ChildWindowFromPoint
GetSysColor
LoadCursorW
KillTimer
IsWindowVisible
InvalidateRect
ReleaseDC
GetDC
GetClientRect
LoadBitmapW
DefWindowProcW
PostQuitMessage
CreateDialogParamW
ShowWindow
DestroyWindow
UnregisterClassW
MonitorFromWindow
GetMonitorInfoW
GetFocus
LoadMenuW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadImageW
GetMenu
RemoveMenu
GetSubMenu
CreateIconFromResource
LoadIconW
DrawFocusRect
InflateRect
CopyRect
GetActiveWindow
InvalidateRgn
MapDialogRect
SetWindowPos
ExitWindowsEx
SendDlgItemMessageW
SetParent
GetIconInfo
CreateIconIndirect
DestroyIcon
LockSetForegroundWindow
UpdateWindow
SetWindowLongW
ClientToScreen
SetCursor
MessageBoxW
BringWindowToTop
SystemParametersInfoW
FlashWindow
GetDesktopWindow
IsIconic
GetMenuItemID
SetTimer
IsWindow
GetWindowTextLengthW
SetWindowTextW
wsprintfW
GetNextDlgGroupItem
GetWindowTextW
GetWindow
GetWindowLongW
GetParent
GetSystemMetrics
GetMenuItemCount

ntdll

iswctype
_aulldvrm
towupper
NtSetQuotaInformationFile
NtQueryQuotaInformationFile
wcstoul
wcscspn
isdigit

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
InitCommonControlsEx
PropertySheetW

shell32

SHGetSpecialFolderLocation
ExtractIconExW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetFolderPathW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W
WNetCloseEnum

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

netapi32

NetServerEnum
NetApiBufferSize
NetShareEnum
NetShareGetInfo
NetWkstaGetInfo
NetApiBufferFree

rpcrt4

UuidToStringW
UuidFromStringW

ole32

CoInitializeEx
CoCreateGuid
CLSIDFromString
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

setupapi

SetupCloseInfFile
SetupFindNextLine
SetupFindFirstLineW
SetupOpenInfFileW
SetupGetLineTextW
SetupGetIntField
SetupGetStringFieldW

userenv

GetProfilesDirectoryW

ntmsapi

CloseNtmsNotification
WaitForNtmsNotification
OpenNtmsNotification
MoveToNtmsMediaPool
CloseNtmsSession
DeleteNtmsMedia
DeallocateNtmsMedia
AllocateNtmsMedia
GetNtmsObjectSecurity
DismountNtmsMedia
SetNtmsObjectSecurity
UpdateNtmsOmidInfo
ImportNtmsDatabase
InjectNtmsMedia
AccessNtmsLibraryDoor
EjectNtmsMedia
GetNtmsObjectInformationW
SetNtmsObjectInformationW
GetNtmsObjectAttributeW
SetNtmsObjectAttributeW
EnumerateNtmsObject
CreateNtmsMediaPoolW
DeleteNtmsMediaPool
EndNtmsDeviceChangeDetection
SetNtmsDeviceChangeDetection
OpenNtmsSessionW
IdentifyNtmsSlot
SetNtmsUIOptionsW
BeginNtmsDeviceChangeDetection
MountNtmsMedia

clusapi

RestoreClusterDatabase
GetNodeClusterState

query

SetCatalogState

sfc_os

SfcGetNextProtectedFile

syssetup

AsrRestorePlugPlayRegistryData
AsrAddSifEntryW
AsrFreeContext
AsrCreateStateFileW

oleaut32

SysFreeString

vssapi

ord3
ord4
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
ord6

Sections

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61800fb86a561f6c811f352fd90ea22f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

ntdll

comctl32

shell32

mpr

comdlg32

netapi32

rpcrt4

ole32

setupapi

userenv

ntmsapi

clusapi

query

sfc_os

syssetup

oleaut32

vssapi

Sections

.text Size: 876KB - Virtual size: 876KB

.data Size: 15KB - Virtual size: 75KB

.rsrc Size: 235KB - Virtual size: 236KB

.text
Size: 876KB - Virtual size: 876KB

.data
Size: 15KB - Virtual size: 75KB

.rsrc
Size: 235KB - Virtual size: 236KB