0c21df1f39ef0bc1f8fc303e57812530_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0c21df1f39ef0bc1f8fc303e57812530_NeikiAnalytics.exe
Size

576KB
MD5

0c21df1f39ef0bc1f8fc303e57812530
SHA1

89d8d6223e6151d0df4da29dea2ab54830727207
SHA256

5845110d8cb982349b9b925a83dc61c0c2a493a779ac681202692fbb55bf1623
SHA512

e18bec4223dffe42ad916df80a1d9afd0145501f845d7e6c24be39c95788b7fffdbec5ecb5bc51e22eb33b32cd05b76d1d2f44bd4bd90f56b395e5f4b7e28d46
SSDEEP

6144:FHGFaIDZ+76+VxHsz4ucn9jVu+ekSwsuGI8dZATJUETqT2XU50nd4kGb9uqzqXQe:tjIDZAMz4RDJsuKsCT8d4kCkQvPz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c21df1f39ef0bc1f8fc303e57812530_NeikiAnalytics.exe

Files

0c21df1f39ef0bc1f8fc303e57812530_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

cc4137220bd0ec20533ece2adc2e2b74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
GetProcAddress
GetModuleFileNameA
GetCurrentProcessId
LoadLibraryA
MultiByteToWideChar
QueryPerformanceFrequency
VerSetConditionMask
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
VirtualFree
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
VirtualProtect
AreFileApisANSI
GetLocaleInfoEx
FormatMessageA
LocalFree
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
Sleep
GetModuleHandleA
CreateThread
DisableThreadLibraryCalls
SetLastError
GetCurrentThread
AllocConsole
SetConsoleOutputCP
VirtualAlloc
GetLastError
GetCurrentProcess
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
GetModuleHandleW
WakeAllConditionVariable
FlushInstructionCache

user32

GetClipboardData
CloseClipboard
SetClipboardData
OpenClipboard
EmptyClipboard
GetCursorPos
AdjustWindowRectEx
GetKeyState
LoadCursorA
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetMonitorInfoA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
ReleaseCapture
SetForegroundWindow
FindWindowA
RegisterClassExA
SetWindowLongPtrA
IsIconic
SetCursorPos
UnregisterClassA
CreateWindowExA
DefWindowProcA
CallWindowProcA
DestroyWindow
GetForegroundWindow
GetAsyncKeyState
GetWindowLongW
ReleaseDC

gdi32

GetDeviceCaps

shell32

ShellExecuteA

msvcp140

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??Bid@locale@std@@QEAA_KXZ
?_Xlength_error@std@@YAXPEBD@Z

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
__RTDynamicCast
_CxxThrowException
__current_exception_context
memchr
__current_exception
memcmp
memset
memmove
memcpy
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
_purecall
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

fwrite
fgetc
fputc
freopen_s
fflush
__stdio_common_vsprintf
fclose
fsetpos
__stdio_common_vsscanf
_wfopen
__acrt_iob_func
fread
fgetpos
fseek
_fseeki64
ftell
__stdio_common_vfprintf
ungetc
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
setvbuf

api-ms-win-crt-runtime-l1-1-0

_errno
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_configure_narrow_argv
_crt_atexit
_initterm_e
_initterm
terminate
_cexit

api-ms-win-crt-math-l1-1-0

sqrtf
fmodf
_dsign
cosf
ceilf
acosf
_dclass
sinf

api-ms-win-crt-convert-l1-1-0

strtoull
atof
strtoll
strtod

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strncmp

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc4137220bd0ec20533ece2adc2e2b74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcp140

d3dcompiler_47

d3d11

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 447KB - Virtual size: 447KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 6KB - Virtual size: 9KB

.pdata Size: 20KB - Virtual size: 19KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 447KB - Virtual size: 447KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 6KB - Virtual size: 9KB

.pdata
Size: 20KB - Virtual size: 19KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 2KB - Virtual size: 1KB