91bdfe8117fbeb482da425e1e91ffe90_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

91bdfe8117fbeb482da425e1e91ffe90_NeikiAnalytics.exe
Size

1.7MB
MD5

91bdfe8117fbeb482da425e1e91ffe90
SHA1

fa65c52988ed4193bcd31348ae0bcd9c551cd301
SHA256

0506b4a26b817c6125f387b8edf3802c4bca3a8cf0c25f73eb7bbb320591af83
SHA512

f2c13cdc01295f29b8e490d9e33078eb2b2f6961db765ef0e7f6fd07355d06568b021a21733a63ce603c304cc46e19648b37c8d169a1f78f9caa616b6b0fb147
SSDEEP

24576:18zCcQyZdimyM8642ha7WsV/T9yLbSRg+gCS75y/sF3CaB8rOHYxWU98Fb+6U:BFWbSRg+gCaOsF3CaB8rOAZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91bdfe8117fbeb482da425e1e91ffe90_NeikiAnalytics.exe

Files

91bdfe8117fbeb482da425e1e91ffe90_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

c821a9d7f6f83123905c2cf62a1788b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipFree
GdipDeleteGraphics
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipSetPageUnit
GdipCreateFromHDC
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup

turbine

?OpenPort@CTurbine@@QAEPAXPBD@Z
?ClosePort@CTurbine@@QAEHH@Z
?OpenPort@CTurbine@@QAEHPBDI@Z
??0CTurbine@@QAE@XZ
??1CTurbine@@UAE@XZ
?WritePort@CTurbine@@QAEHPAXPAEKK@Z
?EndCommand@CTurbine@@QAEHPAE@Z
?BeginCommand@CTurbine@@QAEHPAE@Z
?ReadPort@CTurbine@@QAEHPAXPADKK@Z
?SendData@CTurbine@@QAEHPAEK@Z
?WritePort@CTurbine@@QAEHIHPAEK@Z
?ReadPort@CTurbine@@QAEHIHPADK@Z
?SendFile@CTurbine@@QAEHPBD@Z
?ClosePort@CTurbine@@QAEHPAX@Z

rmtcmd

??1CRemoteCmd@@UAE@XZ
?RemoteModeEnd@CRemoteCmd@@QAEHPAE@Z
?SM@CRemoteCmd@@QAEHPAEE@Z
?ST@CRemoteCmd@@QAEHPAEE@Z
??0CRemoteCmd@@QAE@XZ
?RemoteModeStart@CRemoteCmd@@QAEHPAE@Z

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
GetFullPathNameA
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
lstrcmpA
GetCurrentThread
GlobalFlags
SizeofResource
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
RaiseException
lstrcpynA
TerminateProcess
GetStartupInfoA
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
GetACP
HeapSize
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetLastError
InterlockedIncrement
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
FindResourceA
LoadResource
GetCurrentProcessId
GetCurrentThreadId
WriteFile
SetFilePointer
SetEndOfFile
GetModuleHandleA
GetCurrentProcess
lstrcatA
WaitForSingleObject
OutputDebugStringA
GlobalAlloc
GlobalLock
GetProfileStringA
InterlockedExchange
lstrlenA
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
InterlockedDecrement
SearchPathA
lstrcmpiA
GlobalUnlock
GlobalFree
lstrcpyA
MultiByteToWideChar
OpenMutexA
CreateMutexA
ReleaseMutex
GetFileAttributesA
CreateProcessA
SetErrorMode
GetVolumeInformationA
WritePrivateProfileStringA
GetPrivateProfileStringA
FreeLibrary
LoadLibraryA
GetProcAddress
SetCurrentDirectoryA
GetFileSize
ReadFile
DeleteFileA
RemoveDirectoryA
GetTempPathA
FindFirstFileA
FindNextFileA
FindClose
FormatMessageA
LocalFree
GetTickCount
Sleep
GetPrivateProfileIntA
IsDBCSLeadByte
MulDiv
GetNumberFormatA
WideCharToMultiByte
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle
GetLastError
ExitProcess

user32

GetCursorPos
ValidateRect
GetMessageA
GetAsyncKeyState
MapDialogRect
WaitMessage
DestroyMenu
PostQuitMessage
SetCursor
SetWindowContextHelpId
GetClassNameA
PtInRect
GetDesktopWindow
LoadCursorA
GetSysColorBrush
CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
CharUpperA
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
LoadStringA
wvsprintfA
GetTopWindow
GetWindow
GetDC
ReleaseDC
LoadBitmapA
GetSystemMenu
RemoveMenu
AppendMenuA
GetFocus
GetNextDlgTabItem
wsprintfA
IsChild
SetForegroundWindow
GrayStringA
DrawTextA
GetParent
KillTimer
SetTimer
MessageBeep
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
IsIconic
GetSystemMetrics
DrawIcon
CopyRect
GetSysColor
DrawFocusRect
OffsetRect
InvalidateRect
SendMessageA
GetClientRect
InflateRect
GetWindowRect
EnableWindow
LoadIconA
IsWindowUnicode
TabbedTextOutA
EndPaint
BeginPaint
GetSubMenu
GetWindowDC
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
IsWindowEnabled

gdi32

CreateBitmap
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
MoveToEx
LineTo
PatBlt
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetBkColor
SetTextColor
GetClipBox
CreatePen
CreateFontA
CreateFontIndirectA
CreateSolidBrush
GetTextExtentPoint32A
GetObjectA
CreateDCA
StartDocA
StartPage
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetTextExtentPointA
BitBlt
CreateDIBitmap
StretchBlt
EndPage
EndDoc
DeleteDC

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
PrintDlgA

winspool.drv

WritePrinter
StartDocPrinterA
OpenPrinterA
EnumPortsA
DocumentPropertiesA
EndPagePrinter
StartPagePrinter
EnumPrintersA
ClosePrinter
GetPrinterDriverA
EndDocPrinter

advapi32

RegisterEventSourceA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegEnumKeyExA

shell32

ShellExecuteA

comctl32

ImageList_Destroy
ord17
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

OleUninitialize
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
OleInitialize
CreateILockBytesOnHGlobal

olepro32

ord253

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
SysAllocStringLen
VariantClear
SafeArrayGetDim
VariantCopy
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SysAllocString
SysFreeString

wsock32

gethostbyname
gethostname
WSAGetLastError
WSACleanup
closesocket
inet_ntoa
WSAAsyncSelect
accept
WSASetLastError
recvfrom
sendto
htonl
bind
ioctlsocket
setsockopt
select
recv
send
WSAStartup
htons
socket
connect
inet_addr

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c821a9d7f6f83123905c2cf62a1788b8

Headers

File Characteristics

Imports

gdiplus

turbine

rmtcmd

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 204KB - Virtual size: 202KB

.data Size: 40KB - Virtual size: 123KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 204KB - Virtual size: 202KB

.data
Size: 40KB - Virtual size: 123KB

.rsrc
Size: 44KB - Virtual size: 42KB