3ff1f1d2c39b4abce297b335efad08f0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3ff1f1d2c39b4abce297b335efad08f0_NeikiAnalytics.exe
Size

824KB
MD5

3ff1f1d2c39b4abce297b335efad08f0
SHA1

f83ba7906651f824aae3010c2b386b0bac876380
SHA256

827b5df09bae83604fd17f8330f1cfd2ad29132ddc119ad766a196c6f52ee8e7
SHA512

c218b2cca844fe418d00413d105c19273adf1121a7317c85575c89645a1f536d2ae692db6986ef8449b7b91452a7a8462e10af92eca10a14690db6efb9a92700
SSDEEP

6144:aeAsyXOrvUlefNZ1liF3mLQ24v2LE+UvmuyFdFi5dQInoer1oKOAOG79MSbqYP:ae5r8lefDuc34uLgQdyPxZc0dP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ff1f1d2c39b4abce297b335efad08f0_NeikiAnalytics.exe

Files

3ff1f1d2c39b4abce297b335efad08f0_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

69a57f5970fdf2d7076a3298f142cef2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Mach3\PlugIns\ESS_v10r2d1b\Release\MachDevice.pdb

Imports

ws2_32

WSACleanup
closesocket
WSAGetLastError
sendto
htons
ntohs
recvfrom
ioctlsocket
bind
socket
WSAStartup
WSAEnumNetworkEvents
inet_addr
ntohl
htonl
WSAEventSelect
inet_ntoa
recv
WSACloseEvent

kernel32

SetErrorMode
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
TlsFree
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapFree
GetCommandLineA
SetStdHandle
GetFileType
HeapReAlloc
TerminateProcess
HeapSize
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
WritePrivateProfileStringA
GetPrivateProfileIntA
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
FreeResource
InterlockedDecrement
InterlockedIncrement
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
LocalFree
CreateSemaphoreA
SetThreadPriority
ResumeThread
ReleaseSemaphore
CreateThread
WaitForMultipleObjects
FormatMessageA
CreateEventA
SetEvent
CloseHandle
GetTickCount
GetSystemTime
QueryPerformanceCounter
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrlenW
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
ReleaseMutex
WaitForSingleObject
CreateMutexA
DeleteTimerQueueTimer
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
IsIconic
GetWindowPlacement
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
DestroyMenu
CopyRect
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
MessageBoxA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
GetMenuState
GetMenuStringA
GetMenuItemID
LoadCursorA
SystemParametersInfoA
GetFocus
PeekMessageA
PostQuitMessage
GetSystemMetrics
GetSysColor
IsWindow
SetForegroundWindow
GetParent
RedrawWindow
IsWindowVisible
UpdateWindow
ReleaseDC
GetDC
GetClientRect
GetWindowRect
GetSysColorBrush
EndPaint
SetRect
PtInRect
PostMessageA
UnregisterClassA
CharUpperA
SendMessageA
EnableWindow
DrawMenuBar
GetMenu
BeginPaint
ClientToScreen
GrayStringA
SetWindowPos
DrawTextExA
GetMenuItemCount
FindWindowA
CreatePopupMenu
GetSubMenu
InsertMenuA
SetTimer
KillTimer
UnhookWindowsHookEx

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
CreateSolidBrush
RectVisible
SetMapMode
PtVisible
DeleteObject
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap
GetDeviceCaps
GetTextExtentPoint32A
PatBlt
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateFontIndirectA
TextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
StringFromGUID2

oleaut32

VariantInit
VariantChangeType
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VariantClear
SysAllocStringLen
VarBstrCmp
SysAllocString
SysFreeString

Exports

Exports

Config
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoDwell
Home
InitControl
JogOff
JogOn
Notify
PostInitControl
Probe
Purge
Reset
SetCode
SetDoButton
SetGetDRO
SetGetLED
SetGetMenuRange
SetProName
SetSetDRO
SetSetLED
StopPlug
Update

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69a57f5970fdf2d7076a3298f142cef2

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 300KB - Virtual size: 297KB

.rdata Size: 428KB - Virtual size: 425KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 40KB - Virtual size: 37KB

.reloc Size: 44KB - Virtual size: 42KB

.text
Size: 300KB - Virtual size: 297KB

.rdata
Size: 428KB - Virtual size: 425KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 40KB - Virtual size: 37KB

.reloc
Size: 44KB - Virtual size: 42KB