61fce3eb831623572ebd108f9902f940_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

61fce3eb831623572ebd108f9902f940_NeikiAnalytics.exe
Size

3.0MB
MD5

61fce3eb831623572ebd108f9902f940
SHA1

e80c0767255dad5e44d639dfd3e952c8385ded0d
SHA256

74e07be42f6d7475a4fec27328c4ca5c3042192acc6234afa1aefac88aeae1a9
SHA512

380c852ac6b9519dfbce34da964238e789054f61a864183a1eccce557907d3a178f90659b828814a53853696bf6a10ee41272c1751eff21ef5c950bf94125fe4
SSDEEP

49152:w+wsby/RU1Q8HDbd9bsA0CFyIBWt+hwb4/+0rQjNJX:tFZK08kQjNd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61fce3eb831623572ebd108f9902f940_NeikiAnalytics.exe

Files

61fce3eb831623572ebd108f9902f940_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

3a6b738923b04b2d8402801620741f23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetLastError
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
CreateFileW
GetCurrentProcess
DeviceIoControl
GetFullPathNameW
CreateDirectoryW
InitializeCriticalSection
EnterCriticalSection
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
WriteConsoleW
WriteFile
GetConsoleMode
GetStdHandle
LeaveCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
CreateNamedPipeW
DuplicateHandle
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryW
GetCurrentThread
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
GetFinalPathNameByHandleW
CreateThread
TryEnterCriticalSection
TerminateProcess
GetProcessId
GetProcAddress
GetModuleHandleA
Sleep
CreatePipe
lstrlenW
SetHandleInformation
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapReAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetEvent
CompareStringOrdinal
ResetEvent
CreateEventW
GetSystemTimeAsFileTime
SetEnvironmentVariableW
ReadFile
GetLastError
SetFilePointerEx
InitializeSListHead
RtlVirtualUnwind
ReleaseSRWLockExclusive
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseMutex
RtlUnwindEx
LoadLibraryW
RtlPcToFileHeader
RaiseException
TlsFree
CloseHandle
EncodePointer
LoadLibraryExW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
OutputDebugStringW
OutputDebugStringA
FreeLibrary
GetSystemInfo
WakeConditionVariable
WakeAllConditionVariable
GetProcessHeap
HeapFree
HeapAlloc
GetTempPathW
TryAcquireSRWLockExclusive
SwitchToThread
GetFileInformationByHandle
AcquireSRWLockExclusive
GetExitCodeProcess
WaitForSingleObject
SleepConditionVariableSRW

user32

ScreenToClient
MonitorFromRect
ShowCursor
TrackMouseEvent
FlashWindowEx
EnumChildWindows
CreateAcceleratorTableW
ClipCursor
GetSystemMetrics
GetClipCursor
GetActiveWindow
ClientToScreen
SetForegroundWindow
GetKeyState
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardState
ReleaseCapture
SetCapture
SetMenu
PostThreadMessageW
SetWindowLongW
CreateMenu
VkKeyScanW
SendMessageW
GetAsyncKeyState
LoadCursorW
ChangeDisplaySettingsExW
GetTouchInputInfo
GetMonitorInfoW
CloseTouchInputHandle
RegisterTouchWindow
SetWindowPlacement
MonitorFromWindow
IsProcessDPIAware
GetDC
MsgWaitForMultipleObjectsEx
SystemParametersInfoA
GetWindowLongPtrW
GetWindowPlacement
IsWindowVisible
GetWindowRect
SendInput
ShowWindow
PostQuitMessage
AppendMenuW
SetWindowLongPtrW
DestroyIcon
DispatchMessageA
TranslateMessage
IsWindow
CheckMenuItem
DefWindowProcW
RegisterClassExW
DestroyAcceleratorTable
GetMenu
AdjustWindowRectEx
GetWindowLongW
SetWindowPos
InvalidateRgn
RegisterWindowMessageA
PostMessageW
GetMessageW
GetAncestor
TranslateAcceleratorW
CreateWindowExW
RegisterRawInputDevices
GetRawInputData
ValidateRect
PeekMessageW
EnableMenuItem
SetCursorPos
GetForegroundWindow
GetMessageA
GetUpdateRect
MapVirtualKeyW
SetWindowTextW
CreateIcon
GetClientRect
DestroyWindow
RedrawWindow
MonitorFromPoint
SetMenuItemInfoW
EnumDisplayMonitors
SetCursor
DispatchMessageW
GetCursorPos
GetKeyboardLayout

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass

ws2_32

setsockopt
closesocket
WSADuplicateSocketW
WSASocketW
WSAStartup
freeaddrinfo
ioctlsocket
connect
select
getsockopt
send
recv
WSAGetLastError
getaddrinfo
WSACleanup
shutdown

secur32

DecryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleA
AcceptSecurityContext
FreeContextBuffer
EncryptMessage
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle

crypt32

CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateStore
CertDuplicateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateChain
CertCloseStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain

shell32

DragQueryFileW
SHGetKnownFolderPath
DragFinish

ole32

RegisterDragDrop
OleInitialize
CreateStreamOnHGlobal
RevokeDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeEx

bcrypt

BCryptGenRandom

uxtheme

SetWindowTheme

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SetErrorInfo
SysFreeString
GetErrorInfo
SysStringLen

advapi32

RegCloseKey
RegQueryValueExW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegGetValueW

api-ms-win-crt-math-l1-1-0

__setusermatherr
trunc
floor
round

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
_wcsicmp
wcslen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
__p___argv
_configure_narrow_argv
_initialize_narrow_environment
_cexit
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_crt_atexit
_exit
_register_thread_local_exe_atexit_callback
_c_exit
terminate
_register_onexit_function
_initialize_onexit_table
__p___argc
abort

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_callnewh
calloc
_set_new_mode
malloc

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a6b738923b04b2d8402801620741f23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

ws2_32

secur32

crypt32

shell32

ole32

bcrypt

uxtheme

gdi32

dwmapi

oleaut32

advapi32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 52KB - Virtual size: 52KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 271KB - Virtual size: 271KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 52KB - Virtual size: 52KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 271KB - Virtual size: 271KB

.reloc
Size: 34KB - Virtual size: 33KB