0cb0f573d3d3fce303821d7c0bfa0dc0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0cb0f573d3d3fce303821d7c0bfa0dc0_NeikiAnalytics.exe
Size

1.8MB
MD5

0cb0f573d3d3fce303821d7c0bfa0dc0
SHA1

33ee9c31a3f88f2f7ab8a8e05e2b85f115f88414
SHA256

1487aeaaf62ec72a4104bbda47c5b43195072c7e7e95ec9367ccc5fb28673dc0
SHA512

99a703e5b03a2f1358dbb22e1be9fe71f82006975c8147260577959011c5b797fada0e2357e5bbebd8146993c068f7e7fbbcaa71c62ee8604a10d2a90d8cc081
SSDEEP

24576:6C0zr2yEbl4CWriJg6sVC1syU5QeJ01Wr3Z3ChphgV:kcBnJg6jgv012p3ahgV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cb0f573d3d3fce303821d7c0bfa0dc0_NeikiAnalytics.exe

Files

0cb0f573d3d3fce303821d7c0bfa0dc0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

18f136f98d511bf5aa5abad766c7940e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hge-core-dll

hgeCreate

magic

Magic_UTF16to8
Magic_OpenFileInMemory
Magic_SetCurrentFolder
Magic_FindFirst
Magic_FindNext
Magic_GetEmitterID
Magic_DuplicateEmitter
Magic_LoadEmitter
Magic_GetFileName
Magic_HasTextures
Magic_SetInterpolationMode
Magic_GetStaticAtlasCount
Magic_StreamOpenMemory
Magic_StreamClose
Magic_OpenFile
Magic_CreateAtlases
Magic_UnloadEmitter
Magic_IsInterpolationMode
Magic_GetUpdateTime
Magic_Update
Magic_IsInterrupt
Magic_Stop
Magic_StreamSetPosition
Magic_EmitterToInterval1_Stream
Magic_UTF8to16
Magic_CloseFile
Magic_InInterval
Magic_CreateFirstRenderedParticlesList
Magic_GetNextParticleVertexes
Magic_CreateNextRenderedParticlesList
Magic_GetScale
Magic_SetScale
Magic_GetEmitterDirectionMode
Magic_SetEmitterDirectionMode
Magic_GetEmitterDirection
Magic_SetEmitterDirection
Magic_GetEmitterPositionMode
Magic_SetEmitterPositionMode
Magic_SetEmitterPosition
Magic_GetEmitterPosition
Magic_Restart
Magic_CreateAtlasesForEmitters
Magic_GetNextAtlasChange
Magic_CloseAllFiles
Magic_SetCleverModeForAtlas
Magic_SetStartingScaleForAtlas
Magic_GetEmitterName
Magic_SetLoopMode
Magic_SetInterrupt
Magic_EmitterToInterval1

shlwapi

PathFileExistsW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

user32

SetCursor
SetForegroundWindow
FindWindowA
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
SystemParametersInfoA
GetSystemMetrics
ScreenToClient
GetCursorPos
LoadCursorA
PeekMessageA

kernel32

SetEndOfFile
CreateFileW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetExitCodeProcess
CreatePipe
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
CreateFileA
GetFileAttributesA
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
ReadFile
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
SetHandleCount
LoadLibraryW
GetModuleHandleA
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
CreateThread
GetCurrentThreadId
ExitThread
DuplicateHandle
CreateProcessA
GetDateFormatA
GetProcessHeap
MoveFileA
HeapAlloc
HeapReAlloc
GetStartupInfoA
GetCommandLineA
DeleteFileW
DeleteFileA
GetSystemTimeAsFileTime
ExitProcess
HeapFree
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersion
SetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleW
GetTickCount
CopyFileW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateDirectoryW
GetDriveTypeW
GetCurrentDirectoryW
MultiByteToWideChar
OutputDebugStringA
GetLocaleInfoA
GetUserDefaultLCID
FreeLibrary
GetPrivateProfileStringA
GetTempPathW
GetModuleFileNameA
FormatMessageA
GetLastError
CloseHandle
WaitForSingleObject
TerminateThread
TerminateProcess
GetStdHandle
GetFileType
WriteConsoleW
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetTimeFormatA
SetEnvironmentVariableA
LCMapStringA

ws2_32

ntohl
getsockname
connect
htons
socket
gethostbyname
inet_addr
inet_ntoa
send
recv
setsockopt
getpeername
select
listen
bind
accept
ntohs
WSACleanup
WSAStartup
WSAGetLastError
ioctlsocket
htonl
closesocket

comdlg32

GetOpenFileNameW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18f136f98d511bf5aa5abad766c7940e

Headers

DLL Characteristics

File Characteristics

Imports

hge-core-dll

magic

shlwapi

shell32

user32

kernel32

ws2_32

comdlg32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 31KB - Virtual size: 67KB

.rsrc Size: 99KB - Virtual size: 98KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 31KB - Virtual size: 67KB

.rsrc
Size: 99KB - Virtual size: 98KB