14bdacbe3833c0aba6dbc72d85a2ec30_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

14bdacbe3833c0aba6dbc72d85a2ec30_NeikiAnalytics.exe
Size

160KB
MD5

14bdacbe3833c0aba6dbc72d85a2ec30
SHA1

bd70ce11e468df428a0a47237418c185f46729ec
SHA256

b4cf24b45e3b6c1181a18514847e8a962c417a48d9c8a3ecd9a0957698955a76
SHA512

5e30b04ff5f2d39708a742b526edb8a200009958b927a3eedc351bbcf8600c68344d3ccc342ece7a8f209a2431bba45404bedb771f7bbb817a70cd5d78d13108
SSDEEP

3072:gFAJFY/4nH9jLWFXxiDz/TuL/U0GJAuLpAors9qlwXeRy7REF:Fu/40sDvuL/U0GJWCDRy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14bdacbe3833c0aba6dbc72d85a2ec30_NeikiAnalytics.exe

Files

14bdacbe3833c0aba6dbc72d85a2ec30_NeikiAnalytics.exe
.dll windows:10 windows x64 arch:x64

ea6269e453d502a8da6799c41e50d38c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DeviceMetadataRetrievalClient.pdb

Imports

msvcrt

_callnewh
wcscpy_s
wcsncmp
_wcsnicmp
_purecall
_XcptFilter
_wtoi
wcsnlen
wcsncpy_s
malloc
_amsg_exit
_initterm
calloc
_lock
_unlock
memmove_s
__dllonexit
_onexit
memcpy_s
_wcslwr_s
free
_vsnwprintf
swscanf
_ultow_s
time
__CxxFrameHandler3
_wcsicmp
memset
memcpy
iswalpha
towlower
__C_specific_handler
wcsrchr
wcscmp

kernel32

RemoveDirectoryW
GetTempPathW
CreateFileW
FindClose
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLastError
CompareFileTime
LocalFree
Sleep
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
DeleteCriticalSection
RtlVirtualUnwind
UnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
RaiseException
InitializeCriticalSection
FindNextFileW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileAttributesExW
AcquireSRWLockShared
ReleaseSRWLockShared
GetFileSizeEx
SetFilePointerEx
WriteFile
ReadFile
MoveFileExW
DuplicateHandle
SizeofResource
LockResource
LoadResource
FindResourceExW
WaitForSingleObject
GlobalAlloc
GetCurrentProcessId
GetCurrentThreadId
GlobalFree
CreateEventW
GetTickCount
GetCurrentThread
GetTempFileNameW
CreatePrivateNamespaceW
WaitForMultipleObjects
DeleteFileW
CreateMutexW
ResetEvent
SetFileAttributesW
lstrcmpW
SetEvent
FindFirstFileW
GetVersionExW
CreateDirectoryW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
SetFilePointer
HeapReAlloc
GetShortPathNameW
MoveFileW
GetFullPathNameW
GetUserGeoID
GetGeoInfoW
IsValidLocaleName
FindFirstChangeNotificationW
RegisterWaitForSingleObject
UnregisterWaitEx
FindCloseChangeNotification
SleepEx
FindNextChangeNotification
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
HeapFree
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolWork
SubmitThreadpoolWork
CallbackMayRunLong
lstrcmpiW
SetLastError
GetProcessHeap
HeapAlloc
CloseHandle
HeapDestroy
AddSIDToBoundaryDescriptor
CreateBoundaryDescriptorW
GetCurrentProcess
ReleaseMutex
ClosePrivateNamespace
HeapSize
OpenPrivateNamespaceW
OpenMutexW
DeleteBoundaryDescriptor

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
IsValidSid
CopySid
RegQueryValueExW
ConvertSidToStringSidW
RegCloseKey
EventWriteTransfer
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegSetValueExW
RegGetValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventSetInformation

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

user32

UnregisterClassA
CharPrevW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
PropVariantClear
StringFromIID
CoTaskMemAlloc

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpReadData
WinHttpSendRequest

shlwapi

ord12
UrlCanonicalizeW

xmllite

CreateXmlReader
CreateXmlWriterOutputWithEncodingName
CreateXmlWriter

cabinet

ord20
ord22
ord23

crypt32

CertVerifyCertificateChainPolicy

ntdll

WinSqmStartSession
WinSqmSetString
WinSqmSetDWORD
WinSqmEndSession

propsys

InitPropVariantFromStringVector

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

wer

WerReportAddFile
WerReportSetParameter
WerReportCreate
WerReportCloseHandle
WerReportSubmit

devrtl

NdxTableObjectFromName
NdxTableAddObjectToList
NdxTableRemoveObject
NdxTableSetPropertyValue
NdxTableGetPropertyValue
NdxTableNextObject
NdxTableClose
NdxTableSetTypeDefinition
NdxTableFirstObject
NdxTableOpen
NdxTableGetObjectType
NdxTableGetObjectName
NdxTableAddObject
NdxTableRemoveObjectFromList
NdxTableFirstObjectInList

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea6269e453d502a8da6799c41e50d38c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

user32

ole32

winhttp

shlwapi

xmllite

cabinet

crypt32

ntdll

propsys

wintrust

wer

devrtl

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 412B

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 412B