4c72e46727f4f4bc15914a7069077c80_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4c72e46727f4f4bc15914a7069077c80_NeikiAnalytics.exe
Size

192KB
MD5

4c72e46727f4f4bc15914a7069077c80
SHA1

0282f887d0911eab81b149a1c9c7f095e4add4cb
SHA256

9382810aab4435cf2081d4c321d64774e3fcda78d6dca3ab011de8d52c535fee
SHA512

3515ada3852e5995c3b2f2e8980d00028aab04032d03454c579e6b510fbd87f3749f63ca78260622ae030915bb756efc4d146a1efd1fb04a133605501dfe6612
SSDEEP

3072:GMKr9+b+9s1iwYDEZUgR08l4k1RCYkDUufNjCroYmvtzgwNXjtjEnYA2CbbbkzO1:GMKr9+b+9s1iwYDEZUgR08l4k1RNkDUf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c72e46727f4f4bc15914a7069077c80_NeikiAnalytics.exe

Files

4c72e46727f4f4bc15914a7069077c80_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

19ceceb2d58bb84eb5826cc39976a461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
OpenProcess
GetFullPathNameA
GetSystemDefaultLangID
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultUILanguage
CompareStringW
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
TerminateProcess
TlsAlloc
RtlUnwind
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TlsGetValue
TlsSetValue
GetLocalTime
GetSystemTime
GetTimeZoneInformation
InterlockedIncrement
InterlockedDecrement
HeapFree
GetTickCount
SleepEx
GetLastError
CreateFileMappingA
CreateThread
GetSystemDirectoryA
OpenFile
Sleep
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
SetEnvironmentVariableA
LocalFree
lstrcatA
FindFirstFileA
lstrcmpA
LocalAlloc
CompareStringA
FindNextFileA
FindClose
MultiByteToWideChar
lstrcpyA
GetVersionExA
CreateMutexA
OpenFileMappingA
MapViewOfFile
OpenEventA
WaitForSingleObject
SetEvent
ReleaseMutex
CloseHandle
UnmapViewOfFile
UnhandledExceptionFilter
SetLastError

user32

PostQuitMessage
RegisterWindowMessageA
GetDC
GetSysColorBrush
DestroyWindow
KillTimer
GetWindow
SetCursorPos
GetMenuBarInfo
GetActiveWindow
GetTopWindow
PostMessageA
SendMessageA
IsWindowVisible
GetWindowThreadProcessId
SetCursor
SendInput
SetWindowRgn
GetSysColor
FillRect
DrawIconEx
DestroyIcon
SetSystemCursor
CopyIcon
FindWindowExA
GetDesktopWindow
DefWindowProcA
GetSystemMetrics
LoadImageA
LoadCursorA
RegisterClassA
CreateWindowExA
SetTimer
SetDoubleClickTime
GetMessageA
TranslateMessage
DispatchMessageA
GetAncestor
LoadStringA
LoadMenuA
GetSubMenu
InsertMenuA
DeleteMenu
DrawMenuBar
CheckMenuItem
TrackPopupMenu
GetClassNameA
GetWindowTextA
mouse_event
MessageBeep
wsprintfA
GetForegroundWindow
GetParent
IsWindow
GetWindowDC
GetWindowRect
ReleaseDC
GetCursorPos
FindWindowA
ClipCursor
GetWindowLongA
WindowFromPoint
SetRect
SystemParametersInfoA
SetForegroundWindow
TrackPopupMenuEx
CreatePopupMenu
DestroyMenu
InsertMenuItemA
GetMenuItemCount
GetMenuItemInfoA
MessageBoxA
AttachThreadInput
ShowCursor

gdi32

SetTextColor
SetTextAlign
SetBkColor
PatBlt
CreateRectRgn
GetTextExtentPoint32A
SelectObject
GetStockObject
DeleteDC
DeleteObject
BitBlt
GetObjectA
CreateCompatibleDC
TextOutA
GetPixel
CombineRgn

advapi32

RegQueryInfoKeyA
RegEnumValueA
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserA
GetUserNameA
ConvertStringSidToSidA
LookupAccountSidA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

shell32

SHGetPathFromIDListA
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA
SHGetSpecialFolderLocation
ShellExecuteExA

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

winmm

PlaySoundA

shlwapi

PathFileExistsA

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

19ceceb2d58bb84eb5826cc39976a461

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

psapi

winmm

shlwapi

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 28KB - Virtual size: 46KB

.rsrc Size: 64KB - Virtual size: 64KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 28KB - Virtual size: 46KB

.rsrc
Size: 64KB - Virtual size: 64KB