1ed111362ac72fc11041923f19144b80_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1ed111362ac72fc11041923f19144b80_NeikiAnalytics.exe
Size

459KB
MD5

1ed111362ac72fc11041923f19144b80
SHA1

81972ebf677091f8a729c951bd5b32dfe1ceaa03
SHA256

70bea8e3a1d03af1e72ded69dc39cf45bcc4432f9d26164c3192cf3238336d8d
SHA512

726c901a3e1b140a1ded98ff37950121333e36d1487e9f69dcddbf8cf2fda2e9d155fb4f3f85e2cd7426d10125a5999e8033833f38383b4d7b07658ff2130eb0
SSDEEP

12288:XCH6nbYm3pang+a1IPSeLYjyBW0TBjvrEH76:Sanrog+RPSeZBWSrEH76

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ed111362ac72fc11041923f19144b80_NeikiAnalytics.exe

Files

1ed111362ac72fc11041923f19144b80_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

b53c6bd87576acb6bc791c4388eebc61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MpClient.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
malloc
free
iswalpha
iswdigit
_vsnwprintf
wcschr
_wcsicmp
??0exception@@QAE@XZ
__RTDynamicCast
??1type_info@@UAE@XZ
memmove
_purecall
memcpy_s
memmove_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_wcsnicmp
rand
iswspace
_wcsupr
swscanf_s
_beginthreadex
_errno
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
swscanf
memset
_vsnprintf
_CxxThrowException
towlower
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
toupper
iswctype
wcsrchr
__CxxFrameHandler3
memcpy

kernel32

QueryPerformanceCounter
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetExitCodeProcess
FindFirstFileW
CopyFileW
FindNextFileW
SetFileAttributesW
MoveFileW
FindClose
SetLastError
OpenProcess
UnregisterWaitEx
RegisterWaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FormatMessageW
GetTickCount
CreateEventW
CreateThread
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
ResetEvent
SetEvent
GetFileAttributesExW
ReleaseMutex
WaitForMultipleObjects
CreateMutexW
CloseHandle
WaitForSingleObject
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
GetLastError
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
TerminateProcess
DeleteFileW
RemoveDirectoryW
SetEnvironmentVariableW
DisableThreadLibraryCalls
DebugBreak
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
OpenEventW
CreateSemaphoreW
ReleaseSemaphore
GetSystemDirectoryW
GetModuleHandleW
GetModuleFileNameW
CreateFileW
GetLocalTime
CreateDirectoryW
CreateTimerQueueTimer
ChangeTimerQueueTimer
DuplicateHandle
GetFileAttributesW
ExpandEnvironmentStringsW
GetCurrentThread
CreateProcessW
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
HeapCreate
HeapSize
HeapValidate
HeapReAlloc
HeapDestroy
SwitchToThread
DeleteTimerQueueTimer
TryEnterCriticalSection
InitializeCriticalSection
LocalFileTimeToFileTime
SystemTimeToFileTime
CompareFileTime

advapi32

ChangeServiceConfig2W
OpenThreadToken
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
IsValidSid
CopySid
RegCreateKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
ReportEventW
RegisterEventSourceW
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSidToSidW
DeregisterEventSource
ControlService
CreateServiceW
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
RegCloseKey
StartTraceW
ControlTraceW
EnableTrace
LookupAccountSidW
FreeSid
OpenSCManagerW
QueryServiceStatus
ChangeServiceConfigW
OpenServiceW
StartServiceW
CloseServiceHandle
OpenProcessToken
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceEvent

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcSmDestroyClientContext
RpcBindingFromStringBindingW
UuidCreate
UuidToStringW
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcBindingSetOption
UuidFromStringW

user32

LoadStringW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
SysAllocStringLen

userenv

RegisterGPNotification
UnregisterGPNotification

wintrust

CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertVerifyCertificateChainPolicy

shell32

SHGetFolderPathW

Exports

Exports

MpAllocMemory
MpCleanControl
MpCleanOpen
MpCleanPrecheckStart
MpCleanStart
MpClientUtilExportFunctions
MpClose
MpConfigClose
MpConfigDelValue
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorOpen
MpConfigOpen
MpConfigRegisterForNotifications
MpConfigSetValue
MpConfigUninitialize
MpConfigUnregisterNotifications
MpDebugExportFunctions
MpElevateCleanHandle
MpElevationHandleActivate
MpElevationHandleAttach
MpElevationHandleOpen
MpErrorMessageFormat
MpFreeMemory
MpGetEngineVersion
MpHandleClose
MpManagerDisable
MpManagerEnable
MpManagerOpen
MpManagerStatusQuery
MpManagerVersionQuery
MpNotificationRegister
MpOpen
MpQuarantineRequest
MpSampleQuery
MpSampleSubmit
MpScanControl
MpScanResult
MpScanStart
MpThreatEnumerate
MpThreatHistoryRequest
MpThreatOpen
MpThreatQuery
MpUpdateControl
MpUpdateEngine
MpUpdateStart
MpUtilsExportFunctions
WDEnable
WDStatus

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b53c6bd87576acb6bc791c4388eebc61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

user32

ole32

oleaut32

userenv

wintrust

version

crypt32

shell32

Exports

Exports

Sections

.text Size: 338KB - Virtual size: 338KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 338KB - Virtual size: 338KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 29KB - Virtual size: 29KB