4222a9811a0b15df16c1e254d0006ee0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4222a9811a0b15df16c1e254d0006ee0_NeikiAnalytics.exe
Size

2.0MB
MD5

4222a9811a0b15df16c1e254d0006ee0
SHA1

dc5156d3d032525bedcfa4a316a3caa3f5256685
SHA256

a931b432d793ff1d4c43ab147a12b154d4d92574e1d0c214584ce697051099ff
SHA512

15eebe1c5fcae2f4bc0777771075b6668457205809bc96c70e16dd6b727d2f3099930526f4fd9aeb3df03194239d9bdbfae7f1fb60f33a88408c2974e080ebae
SSDEEP

49152:ntNpxTPrVuUtMhGRuEAc3sfaYhiDXmoLBWwRrx8OIC9YP4suIRbDv:n/cUtEjfcFDd8k2PHn3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4222a9811a0b15df16c1e254d0006ee0_NeikiAnalytics.exe

Files

4222a9811a0b15df16c1e254d0006ee0_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

bb1fc6d8e763cd288f7fc3d8195da828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wbengine.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
TraceMessage
DuplicateTokenEx
RegQueryValueExW
GetUserNameW
EventSetInformation
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
IsValidSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
IsValidSecurityDescriptor
RegEnumValueW
LookupAccountNameW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
InitiateShutdownW
RegGetValueW
TraceEvent
RegUnLoadKeyW
RegLoadKeyW
EventWriteTransfer
CheckTokenMembership
SetSecurityInfo
LsaNtStatusToWinError
GetSecurityDescriptorLength
GetSecurityInfo
EventWrite
EventEnabled
SetThreadToken
OpenThreadToken
EnableTrace
StartTraceW
ControlTraceW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
SetFileSecurityW
LsaFreeMemory
EqualSid
GetWindowsAccountDomainSid
LogonUserExExW
ImpersonateLoggedOnUser
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
QueryServiceStatus
EnumDependentServicesW

kernel32

CreateThread
GetTickCount
RemoveDirectoryW
HeapSetInformation
CreateWaitableTimerW
WaitForSingleObjectEx
GetCurrentThreadId
GetCommandLineW
CopyFileW
DeviceIoControl
GetVolumePathNameW
GetSystemWindowsDirectoryW
GetDriveTypeW
GetFullPathNameW
TlsGetValue
OutputDebugStringW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
SetErrorMode
CancelIoEx
GetFileAttributesExW
DeleteVolumeMountPointW
QueryDosDeviceW
SetVolumeMountPointW
SetWaitableTimer
GetLogicalDrives
GetLocalTime
GetFileSize
GetLongPathNameW
SetFileValidData
SetFilePointerEx
SetEndOfFile
RtlCompareMemory
SleepEx
GetOverlappedResult
GetCurrentThread
SetFilePointer
CancelIo
GetVolumeInformationW
CompareStringOrdinal
CopyFileExW
FormatMessageW
GetSystemDirectoryW
LocalAlloc
SetLastError
GetWindowsDirectoryW
GetUserGeoID
GetSystemInfo
GetTickCount64
GetComputerNameExW
GetVersionExW
GetTempPathW
GetProductInfo
ExpandEnvironmentStringsW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
GetVolumeNameForVolumeMountPointW
FindNextFileW
FindFirstFileW
GetFileInformationByHandleEx
CreateDirectoryW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
GetFileAttributesW
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetEnvironmentVariableW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
FindNextVolumeW
FindFirstVolumeW
GetTimeZoneInformation
SetThreadExecutionState
FileTimeToLocalFileTime
Sleep
SetVolumeLabelW
FileTimeToSystemTime
CompareFileTime
FindClose
MoveFileW
ReadFile
MoveFileExW
FlushFileBuffers
WriteFile
DeleteFileW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
LocalFree
GetFileSizeEx
CreateFileW
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadResource
FindResourceExW
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SizeofResource
FindVolumeClose
HeapSize

user32

CharNextW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
MessageBoxW
CharUpperBuffW
UnregisterClassA

msvcrt

wcscat_s
wcscpy_s
realloc
swscanf_s
_purecall
memcpy_s
__C_specific_handler
__CxxFrameHandler3
_vsnprintf
wcsstr
wcsrchr
_XcptFilter
wcscspn
towlower
_wgetenv
wcschr
_wtoi
_wcstoi64
wcstok_s
memmove_s
calloc
memcmp
_wcsnicmp
wcsncmp
_amsg_exit
wcscmp
__wgetmainargs
_CxxThrowException
exit
_exit
_cexit
__setusermatherr
_initterm
_wcmdln
_scwprintf
wcstoul
_callnewh
memset
_resetstkoflw
??_V@YAXPEAX@Z
_wtol
_fmode
_commode
_errno
memcpy
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_vsnwprintf
_wcsicmp
wcsncpy_s
malloc
memmove
free
__set_app_type

ntdll

NtQueryValueKey
NtOpenKey
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlCreateSystemVolumeInformationFolder
WinSqmAddToStreamEx
RtlFreeUnicodeString
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
RtlFindNextForwardRunClear
RtlClearBits
RtlAreBitsSet
RtlAreBitsClear
RtlSetBit
EtwTraceMessage
RtlSetAllBits
NtQueryVolumeInformationFile
NtSetInformationKey
NtClose
RtlFormatCurrentUserKeyPath
NtQueryKey
NtQuerySystemInformation
NtQueryInformationFile
RtlNumberOfClearBits
RtlGetLastNtStatus
RtlNtStatusToDosError
WinSqmAddToStream
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoSuspendClassObjects
CoRevokeClassObject
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CreateClassMoniker
CreateStreamOnHGlobal
GetRunningObjectTable
CoDisconnectObject
CoCreateGuid
CLSIDFromString
CoImpersonateClient
CoRevertToSelf

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantInit
SysAllocString
RegisterTypeLi
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
VarBstrCmp
SysStringLen
VariantClear
LoadTypeLi
UnRegisterTypeLi
SysAllocStringLen
VarBstrCat

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate
UuidFromStringW

vssapi

CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal
CreateVssExamineWriterMetadataInternal

virtdisk

DetachVirtualDisk
GetVirtualDiskInformation
OpenVirtualDisk
GetVirtualDiskPhysicalPath
SetVirtualDiskInformation
CreateVirtualDisk
GetVirtualDiskOperationProgress
AttachVirtualDisk
CompactVirtualDisk
GetStorageDependencyInformation

bcd

BcdForciblyUnloadStore
BcdCloseStore
BcdSetSystemStoreDevice
BcdImportStoreWithFlags
BcdOpenSystemStore

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupGetInfDriverStoreLocationW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupEnumPublishedInfW
SetupDiGetDeviceRegistryPropertyW

spp

SppFreeBadWritersArray

netapi32

NetShareAdd
NetShareDel
NetShareGetInfo
NetApiBufferFree

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlReader

bcrypt

BCryptGetProperty
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider

clusapi

GetNodeClusterState

wer

WerReportSubmit
WerReportCreate
WerReportCloseHandle
WerReportAddFile
WerReportSetParameter

Exports

Exports

??0CTraceFailureHelper@@QEAA@AEAVCTraceProvider@@JPEBGKPEBX@Z
??0CTraceFunction@@QEAA@AEAVCTraceProvider@@PEBGH1PEBX@Z
??0CTraceHelper@@QEAA@AEAVCTraceProvider@@PEBGKPEBX@Z
??0CTraceProvider@@QEAA@W4COMPONENT_CODE@@@Z
??1CTraceFunction@@QEAA@XZ
??1CTraceProvider@@QEAA@XZ
??4CTraceProvider@@QEAAAEAV0@AEBV0@@Z
?EtwEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?EtwTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?OdsEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?OdsTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?QueryTaskId@CTraceProvider@@SA?AU_GUID@@XZ
?SetTraceControlInfo@CTraceProvider@@QEAAX_N_KK@Z
?Trace@CTraceProvider@@QEAAXW4TRACE_FLAG@@PEBGKPEBX1PEAD@Z
?TraceMessage@CTraceFailureHelper@@QEAAXPEBGZZ
?TraceMessage@CTraceHelper@@QEAAXW4TRACE_FLAG@@PEBGZZ
?m_dwTraceCurrSize@CTraceProvider@@0KA
?m_dwTraceLevel@CTraceProvider@@0KA
?m_dwTraceMaxNum@CTraceProvider@@0KA
?m_dwTraceMaxSize@CTraceProvider@@0KA
?m_dwTraceNextNum@CTraceProvider@@0KA
?m_errLogCriticalSection@CTraceProvider@@0U_RTL_CRITICAL_SECTION@@A
?m_errorFile@CTraceProvider@@0PEAU_iobuf@@EA
?m_errorTracingInBadState@CTraceProvider@@0_NA
?m_isCriticalSectionIntialized@CTraceProvider@@0_NA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb1fc6d8e763cd288f7fc3d8195da828

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

rpcrt4

vssapi

virtdisk

bcd

setupapi

spp

netapi32

xmllite

bcrypt

clusapi

wer

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB