37f8c4da6d2f5858037c926858f845d0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

37f8c4da6d2f5858037c926858f845d0_NeikiAnalytics.exe
Size

68KB
MD5

37f8c4da6d2f5858037c926858f845d0
SHA1

425d48354277ba176b45cd6b1c75280323dfc1bf
SHA256

c7a7c763e548632ef3631a382d496337b41ff70e9c8ef9baf1b2542fec2a1199
SHA512

694154bf3235b5aa922d329a39b7b07f75f69bacd9c982b87a84be7131ab3845316b387a07ff37f0362d26f67e33c982e1fe03645be9a509e457eb9d56d60b7d
SSDEEP

768:ZVnglw0Yfp1kUo0ZUOK8ZBxoPTaxr+oCJQTaBzdhqS3Xp7deFlQQS:ZVnglKfAUBNjZ4Tmr54NXqu7IlQQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37f8c4da6d2f5858037c926858f845d0_NeikiAnalytics.exe

Files

37f8c4da6d2f5858037c926858f845d0_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

c009d5e639c96032f3458b16a865426a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
lstrlenW
lstrcmpW
DeleteFileW
FindClose
FindNextFileW
HeapFree
FindFirstFileW
FreeLibrary
LoadLibraryA
lstrlenA
DeleteFileA
HeapAlloc
GetProcessHeap
lstrcatA
GetWindowsDirectoryA
GetVersion
SetEnvironmentVariableA
GetEnvironmentVariableA
GetCurrentProcess
GetVersionExA
GetModuleHandleA
LocalAlloc
lstrcatW
lstrcpyA
CreateEventA
SetEvent
CloseHandle
GetSystemDirectoryA
lstrcmpA
FormatMessageA
LocalFree
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
SetLastError
CopyFileA
GetLastError
ExitProcess
GetStringTypeW
GetStringTypeA
GetProcAddress
GlobalFree
RtlUnwind
WideCharToMultiByte
GetACP
GetOEMCP
WriteFile
GetEnvironmentStringsW
GetCPInfo
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetCurrentThreadId
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
HeapSize
GetFileType
GetStartupInfoA
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle

user32

MessageBoxA
EnumChildWindows
GetWindowTextA
GetDesktopWindow
PostMessageA
GetWindow
GetWindowThreadProcessId
wsprintfA

winspool.drv

AddPrinterA
ClosePrinter
AddPortA
GetPrinterDriverDirectoryA
AddPrinterDriverA
DeletePortA
AddMonitorA
DeletePrinterDriverA
DeleteMonitorA
DeletePrinter
EnumPrintersA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

Exports

Exports

DllMain
ISGetLastErrorString
ISInstall_ePrint
ISUnInstall_ePrint
L_PrnCloseCPL
L_PrnIsOSServer
L_PrnIsTerminalServicesEnabled
MSIInstall_ePrint
MSIUnInstall_ePrint
MyInitSetup
RollBackFun
ValidateProductSuite

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c009d5e639c96032f3458b16a865426a

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB