01dd63fef829d275c86fc4a1ac281240_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

01dd63fef829d275c86fc4a1ac281240_NeikiAnalytics.exe
Size

602KB
MD5

01dd63fef829d275c86fc4a1ac281240
SHA1

d312d6663fa0806eb8070ee0b16b038036484696
SHA256

1e3b94fe076ab44fd19f179ec1605faa205b9f4744b305ca961bed9a4adfe3de
SHA512

de51140f390cc1ef30dab497e62379964231f314e26726b5f8baa02164aeff208d323a95604704831f7595fcc297d47ede29b8c13d7ef5811ee30e6ee65a6f30
SSDEEP

12288:umwfTc7dwbe7XDPB9MuY78c7Iq6kb133/XLTIcB52CvVu:uPTc7dwq7XDPBuuY78c7Iq6kb13TTIc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01dd63fef829d275c86fc4a1ac281240_NeikiAnalytics.exe

Files

01dd63fef829d275c86fc4a1ac281240_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x64 arch:x64

d0bab8162432b3f79ebe1a34a95d7d06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\DevRoot\Mixed In Key\Audio Filters\x64\Release 2015\MP3Source.pdb

Imports

kernel32

GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FindResourceExW
GetModuleHandleW
GetProcAddress
HeapAlloc
LockResource
HeapSize
FindResourceW
MultiByteToWideChar
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
GetLastError
CloseHandle
OutputDebugStringA
SetFilePointer
HeapFree
SizeofResource
HeapReAlloc
ReadFile
GetFileSize
LoadResource
CreateFileW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetTickCount
GetVersionExW
WaitForMultipleObjects
lstrcmpW
lstrcmpiW
lstrcpynW
lstrcpyW
lstrlenW
CreateSemaphoreW
FreeLibrary
LoadLibraryW
DuplicateHandle
ReleaseSemaphore
GetCurrentProcess
GetSystemInfo
VirtualAlloc
VirtualFree
Sleep
GetModuleFileNameA
lstrlenA
DisableThreadLibraryCalls
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleFileNameW
SetLastError
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetACP
GetStdHandle

user32

UnregisterClassW
wsprintfW
RegisterWindowMessageW
MsgWaitForMultipleObjects
GetQueueStatus
PostThreadMessageW
PeekMessageW
DispatchMessageW
wvsprintfW

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

ffmpeglock

avcodec_register_all_once
av_register_all_once

shlwapi

PathFindExtensionW

avcodec-57

avcodec_find_decoder
avcodec_open2
av_copy_packet
av_free_packet
avcodec_default_get_buffer2
avcodec_decode_audio4
avcodec_flush_buffers
avcodec_close

avformat-57

avformat_alloc_context
av_seek_frame
av_find_input_format
avformat_open_input
avformat_close_input
avformat_find_stream_info
avio_alloc_context
av_read_frame

avutil-55

av_rescale_q
av_rescale_rnd
av_get_bytes_per_sample
av_free
av_malloc
av_sample_fmt_is_planar
av_samples_get_buffer_size
av_dict_count
av_dict_set
av_dict_free
av_frame_unref
av_get_packed_sample_fmt

winmm

timeSetEvent
timeGetTime

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueW
RegSetValueExW
SystemFunction036
RegCreateKeyW

ole32

CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoFreeUnusedLibraries
CoCreateInstance
StringFromGUID2
CoUninitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0bab8162432b3f79ebe1a34a95d7d06

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

ffmpeglock

shlwapi

avcodec-57

avformat-57

avutil-55

winmm

advapi32

ole32

Exports

Exports

Sections

.text Size: 411KB - Virtual size: 411KB

.rdata Size: 147KB - Virtual size: 146KB

.data Size: 6KB - Virtual size: 13KB

.pdata Size: 29KB - Virtual size: 29KB

.gfids Size: 512B - Virtual size: 476B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 411KB - Virtual size: 411KB

.rdata
Size: 147KB - Virtual size: 146KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 29KB - Virtual size: 29KB

.gfids
Size: 512B - Virtual size: 476B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB