609ebc27074f63d5609ca7aae121ee10_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

609ebc27074f63d5609ca7aae121ee10_NeikiAnalytics.exe
Size

700KB
MD5

609ebc27074f63d5609ca7aae121ee10
SHA1

075d099e105ab1a7bc57272a0ec19234404a60f6
SHA256

d6662d3dc3db778367f948e7c295b43cb9fe81b5e93566521afb622f6e11c340
SHA512

eae9f08683a58a5d8554d52e9220b6f83724e88560d879a06caa69917c8b75ff6bb418b742911e48a949326b265fc733a5f42b52bb43e2882ae3ac0a296ef98b
SSDEEP

12288:PCrGw8fN6TZf0s5F9x29yFEPp/7RXrI00ntBzgBHMmrDrNaYNlxgPe5t2QuPF0AV:PCcl69f0s5F9x29yOPNRXrI00ntBzgBU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
609ebc27074f63d5609ca7aae121ee10_NeikiAnalytics.exe

Files

609ebc27074f63d5609ca7aae121ee10_NeikiAnalytics.exe
.dll regsvr32 windows:10 windows x64 arch:x64

623b17f5d1b91d45f7deb5cc742a9f4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wiaservc.pdb

Imports

msvcrt

_vscwprintf
_purecall
free
_XcptFilter
_wcsicmp
_lock
_unlock
__dllonexit
_vsnprintf
??1type_info@@UEAA@XZ
memset
__CxxFrameHandler3
_vsnwprintf
_wsplitpath_s
wcsstr
wcschr
_splitpath_s
malloc
_onexit
__C_specific_handler
__RTDynamicCast
memcpy
memmove
_callnewh
_initterm
memcpy_s
_amsg_exit
wcscmp

advapi32

AllocateAndInitializeSid
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueW
LookupAccountSidW
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AccessCheck
SetSecurityDescriptorOwner
GetAce
GetSidSubAuthorityCount
GetSidSubAuthority
DestroyPrivateObjectSecurity
GetSidLengthRequired
CreatePrivateObjectSecurity
CopySid
InitializeSid
SetSecurityDescriptorSacl
OpenServiceW
EventUnregister
StartServiceW
OpenSCManagerW
EventRegister
CloseServiceHandle
QueryServiceStatus
EventWriteTransfer
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
AddAce
OpenProcessToken
GetKernelObjectSecurity
SetKernelObjectSecurity
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
FreeSid
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
AddAccessAllowedAce
EventSetInformation
RegGetValueW
RegOpenKeyW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegDeleteKeyExW
RegDeleteValueW

kernel32

CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
GetTickCount
IsDebuggerPresent
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
lstrlenW
LocalAlloc
LocalFree
SystemTimeToFileTime
GetSystemTime
lstrcmpiW
lstrcmpW
WriteFile
lstrlenA
MultiByteToWideChar
GetLocalTime
MulDiv
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryExA
RemoveDirectoryW
CreateDirectoryW
SetCommMask
ClearCommError
EscapeCommFunction
PurgeComm
FlushFileBuffers
GetDateFormatW
GetFileInformationByHandle
GetModuleFileNameW
WideCharToMultiByte
ReadFile
GetFileSize
SetEndOfFile
GetFileType
SetFilePointer
MapViewOfFileEx
CreateFileMappingW
GetTempPath2W
GetTempFileNameW
DeleteFileW
UnmapViewOfFile
OpenProcess
GetCurrentThread
ResetEvent
PowerClearRequest
InitOnceComplete
PowerCreateRequest
DuplicateHandle
WaitForSingleObjectEx
DisableThreadLibraryCalls
OutputDebugStringW
GetLastError
FormatMessageW
Sleep
CreateEventW
SetProcessMitigationPolicy
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitOnceBeginInitialize
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
CompareStringW
GetModuleFileNameA
OpenSemaphoreW
PowerSetRequest
GetThreadId
CreateFileW
CreateThread
WaitForMultipleObjects
ExpandEnvironmentStringsW
SetEvent
lstrcmpA
GetModuleHandleA
GetSystemDirectoryA
FormatMessageA
VirtualQuery
GetSystemInfo
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualProtect
CreateMutexW

user32

CharUpperA
CharNextA
CharNextW
PostMessageW
IsWindow
UnregisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterPowerSettingNotification

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserMarshal64
SysAllocString
SysFreeString
SysStringLen
BSTR_UserSize

ole32

CoGetCallContext
CreateStreamOnHGlobal
StgCreatePropStg
StgOpenPropStg
CoRevertToSelf
CoRevokeClassObject
CoRegisterClassObject
FreePropVariantArray
CoImpersonateClient
CoSuspendClassObjects
CoDisconnectObject
PropVariantCopy
CoTaskMemAlloc
PropVariantClear
CLSIDFromString
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize
CoResumeClassObjects

rpcrt4

RpcImpersonateClient
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerRegisterIfEx
RpcStringBindingParseW
UuidCreateNil
UuidToStringA
NdrServerCallAll
UuidCreate
RpcAsyncCompleteCall
RpcServerUnsubscribeForNotification
RpcServerTestCancel
RpcRevertToSelf
UuidToStringW
RpcStringFreeW
RpcBindingInqAuthClientW
RpcAsyncAbortCall
NdrAsyncServerCall
Ndr64AsyncServerCallAll
NdrServerCall2
RpcServerSubscribeForNotification
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerInqDefaultPrincNameW
RpcStringFreeA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain
wiasCreateChildAppItem
wiasCreateDrvItem
wiasCreateLogInstance
wiasCreatePropContext
wiasDebugError
wiasDebugTrace
wiasDownSampleBuffer
wiasFormatArgs
wiasFreePropContext
wiasGetChangedValueFloat
wiasGetChangedValueGuid
wiasGetChangedValueLong
wiasGetChangedValueStr
wiasGetChildrenContexts
wiasGetContextFromName
wiasGetDrvItem
wiasGetImageInformation
wiasGetItemType
wiasGetPropertyAttributes
wiasGetRootItem
wiasIsPropChanged
wiasParseEndorserString
wiasPrintDebugHResult
wiasQueueEvent
wiasReadMultiple
wiasReadPropBin
wiasReadPropFloat
wiasReadPropGuid
wiasReadPropLong
wiasReadPropStr
wiasSendEndOfPage
wiasSetItemPropAttribs
wiasSetItemPropNames
wiasSetPropChanged
wiasSetPropertyAttributes
wiasSetValidFlag
wiasSetValidListFloat
wiasSetValidListGuid
wiasSetValidListLong
wiasSetValidListStr
wiasSetValidRangeFloat
wiasSetValidRangeLong
wiasUpdateScanRect
wiasUpdateValidFormat
wiasValidateItemProperties
wiasWriteBufToFile
wiasWriteMultiple
wiasWritePageBufToFile
wiasWritePageBufToStream
wiasWritePropBin
wiasWritePropFloat
wiasWritePropGuid
wiasWritePropLong
wiasWritePropStr

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

623b17f5d1b91d45f7deb5cc742a9f4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

oleaut32

ole32

rpcrt4

version

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 212KB - Virtual size: 210KB

.data Size: 12KB - Virtual size: 14KB

.pdata Size: 20KB - Virtual size: 18KB

.didat Size: 4KB - Virtual size: 152B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 212KB - Virtual size: 210KB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 20KB - Virtual size: 18KB

.didat
Size: 4KB - Virtual size: 152B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB