a4dacab20da6080adff76803015dc890_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a4dacab20da6080adff76803015dc890_NeikiAnalytics.exe
Size

328KB
MD5

a4dacab20da6080adff76803015dc890
SHA1

26908b58f4fb7d5c62748b21769d03e666febbc8
SHA256

85eaa39ca41b0f2e7e422b394f58cd9b6507c761dcb04ef2c296825dab0cf3eb
SHA512

fc259fd852cf990f5d03b142a081c919bf4913daaaf9a0970bdde637dccbf4261ae5adf53aded4b9b331f681c0efc07e63057c66a7104c9531cf48ba6f6465fc
SSDEEP

6144:ECPmgvo/NP+Wnr4qN9Hw81mY3khrUySQeuRnmSFa:ECBvQNPRnrNC8Z2UySFu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4dacab20da6080adff76803015dc890_NeikiAnalytics.exe

Files

a4dacab20da6080adff76803015dc890_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

805b31615d80e55f3609722ebaf2e3d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

\\cpvsbuild\drops\v7.0\raw\9466\vsbuilt\bbt\bin\i386\mdm.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
LookupAccountSidA
PrivilegeCheck
GetSecurityDescriptorLength
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorDacl
MakeSelfRelativeSD
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
GetUserNameA
AllocateAndInitializeSid
GetSidLengthRequired
CopySid
FreeSid
LookupAccountNameA
LookupAccountSidW
IsValidSid
EqualSid
RegConnectRegistryA
RegSetKeySecurity
RegCreateKeyA
DuplicateToken
RegOpenKeyA
RegQueryValueExA
RegEnumValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CreateServiceA
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
DeleteService
RegEnumKeyExA
OpenThreadToken
GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetThreadToken
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyA

kernel32

HeapCreate
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetOEMCP
GetCPInfo
HeapSize
VirtualAlloc
ExitProcess
RtlUnwind
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
TlsSetValue
TlsGetValue
IsBadWritePtr
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetEndOfFile
lstrcpyA
HeapDestroy
GetCurrentThreadId
InterlockedIncrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
CloseHandle
RaiseException
WaitForSingleObject
GetLastError
CreateEventA
SetEvent
OpenEventA
TerminateThread
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
GetComputerNameA
WideCharToMultiByte
lstrlenW
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetProcessHeap
lstrcmpiA
UnmapViewOfFile
lstrcatA
LocalFree
FormatMessageA
GetFileAttributesA
GetCurrentThread
lstrcpynA
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetUnhandledExceptionFilter
GetCommandLineA
GetCurrentProcessId
SetErrorMode
GetPrivateProfileStringA
OpenProcess
TerminateProcess
GetProcessTimes
CreateDirectoryA
GetProfileStringA
WritePrivateProfileStringA
WriteProfileStringA
GetPrivateProfileSectionNamesA
ResumeThread
HeapFree
LocalAlloc
GetVersion
GetTickCount
CreateProcessA
LockResource
SetEnvironmentVariableA
GetSystemDirectoryA
ReleaseMutex
CreateMutexA
GetModuleHandleW
FindClose
FindFirstFileA
LocalSize
ReadFile
SetFilePointer
CreateFileA
SetLastError
ReadProcessMemory
FindResourceExA
CompareStringA
CompareStringW
TlsAlloc

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoDisconnectObject
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstanceEx
CoRegisterClassObject
CoSetProxyBlanket
CoQueryProxyBlanket
CLSIDFromString
StringFromCLSID
StringFromIID
IIDFromString
CoGetClassObject
CoGetCallContext
CoRevokeClassObject
CoRevertToSelf
CoCreateGuid
CoImpersonateClient
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SafeArrayCreate

rpcrt4

RpcStringFreeA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

shlwapi

PathFindExtensionA

user32

UnregisterClassA
wsprintfW
CharUpperA
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
SetForegroundWindow
EndDialog
EnableWindow
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
IsDlgButtonChecked
PostThreadMessageA
KillTimer
GetMessageA
SetTimer
PeekMessageA
SetWindowLongA
CharNextA
MessageBoxA
LoadStringA
DialogBoxParamA
DispatchMessageA
RegisterWindowMessageA
wsprintfA
GetWindowLongA
SendMessageA
CheckDlgButton
GetDlgItemInt
GetDlgItemTextA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

805b31615d80e55f3609722ebaf2e3d9

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

rpcrt4

shell32

shlwapi

user32

version

Sections

.text Size: 276KB - Virtual size: 276KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 276KB - Virtual size: 276KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 36KB - Virtual size: 36KB