46176ed6742d88999fd819a42f610780_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

46176ed6742d88999fd819a42f610780_NeikiAnalytics.exe
Size

3.7MB
MD5

46176ed6742d88999fd819a42f610780
SHA1

1dea3c1cb278c53c7693642dd3f176585cb5673f
SHA256

3399840b666b8d9e4a16dd77f31af661952ed2776e807e6c0e611141377850f5
SHA512

d547727642f73a4ec868f5091b225b7c778835f09459486079193e48f78493a85e83ea5398a2bf6fca8ddac37b1d28250fa123131e36a70cea89e15449a7d5d7
SSDEEP

98304:w/vlihzI4qsUqCqf7JCvXZ5aPLVTipPAZinaCnEt2v:w/vlihzI4qsUqCqf7JCvXZMPLVTipPJS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46176ed6742d88999fd819a42f610780_NeikiAnalytics.exe

Files

46176ed6742d88999fd819a42f610780_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

b2944bdcc5ef0e855c9565c3f50a30a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

DbgPrint
RtlRaiseException
vDbgPrintExWithPrefix

kernel32

CloseHandle
CreateFileW
CreateMutexA
DeleteCriticalSection
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
EnumResourceNamesW
FindResourceA
FindResourceW
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW

msvcrt

__dllonexit
_amsg_exit
_assert
_beginthread
_endthread
_errno
_initterm
_iob
_lock
_onexit
_snprintf
_stat
_stricmp
_strnicmp
_unlock
_vsnprintf
_wcsicmp
_wfopen
_wopen
_wstat
_wtoi
abort
atoi
bsearch
calloc
ceil
exit
fclose
ferror
fflush
floor
fmod
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
isalpha
isspace
iswctype
log10
malloc
memchr
memcmp
memcpy
memmove
memset
pow
puts
qsort
rand
realloc
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strncmp
strncpy
strtol
strtoul
time
toupper
vfprintf
vsprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsstr
wcstombs
_write
_read
_open
_lseek
_getcwd
_fileno
_dup
_close

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

LoadRegTypeLib
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantInit

shlwapi

PathIsURLW
PathSearchAndQualifyW
UrlCreateFromPathW

urlmon

CoInternetCombineIUri
CoInternetCombineUrlEx
CreateAsyncBindCtx
CreateIUriBuilder
CreateURLMoniker
CreateURLMonikerEx2
CreateURLMonikerEx
CreateUri
RegisterBindStatusCallback

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
socket

user32

CharUpperBuffW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MSXML3_10
MSXML3_11
MSXML3_12
MSXML3_6
MSXML3_7
MSXML3_8
MSXML3_9

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rossym
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2944bdcc5ef0e855c9565c3f50a30a5

Headers

File Characteristics

Imports

ntdll

kernel32

msvcrt

ole32

oleaut32

shlwapi

urlmon

ws2_32

user32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 4KB - Virtual size: 3KB

.rdata Size: 294KB - Virtual size: 294KB

/4 Size: 512B - Virtual size: 20B

.bss Size: - Virtual size: 8KB

.edata Size: 512B - Virtual size: 303B

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 178KB - Virtual size: 178KB

.reloc Size: 82KB - Virtual size: 82KB

.rossym Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 3KB

.rdata
Size: 294KB - Virtual size: 294KB

/4
Size: 512B - Virtual size: 20B

.bss
Size: - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 303B

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 178KB - Virtual size: 178KB

.reloc
Size: 82KB - Virtual size: 82KB

.rossym
Size: 1.8MB - Virtual size: 1.8MB