846d8d4126cbc302b558740e263811e0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

846d8d4126cbc302b558740e263811e0_NeikiAnalytics.exe
Size

6.0MB
MD5

846d8d4126cbc302b558740e263811e0
SHA1

1f612f283896247710f881e5b15a690ee1449449
SHA256

e34bd88ef358bc78c61f6ee23a4449531cdd68c4afd9691280937566eeed618d
SHA512

eb382bae2c281d542b338aa8af2d35e6f2c8524d2abc4a9e082f62f910245ff61cf20cb5114700c724983ca835a42d8c37f86c7588b12fa8b5aa56ae45e0472c
SSDEEP

49152:9f41U5enmOQ76Thbv7s+D9h7y8RQhRfIVXPTBbT2v:F4+5qQWTJRDTy8HW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
846d8d4126cbc302b558740e263811e0_NeikiAnalytics.exe

Files

846d8d4126cbc302b558740e263811e0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

cdb6e7d7d4eb550c75d9d662acaff6d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\3.1.31\Development\Web1800\Release_Baseline\RTSSet\pdbs\Web1800.pdb

Imports

wsock32

recv
closesocket
WSAStartup
select
__WSAFDIsSet
htonl
bind
listen
accept
inet_addr
gethostname
WSACleanup
ioctlsocket
htons
gethostbyaddr
send
socket
gethostbyname
connect

winmm

mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerGetNumDevs
PlaySoundA
mixerClose

aesencryption

?Encrypt@AESWrapper@@QAEHQBEQAEH@Z
??0AESWrapper@@QAE@XZ
??1AESWrapper@@QAE@XZ
?Decrypt@AESWrapper@@QAEHQBEQAEH@Z
?RestoreKey@AESWrapper@@QAEHHQBE@Z
?GenerateKey@AESWrapper@@QAEHHQBE@Z

rtskeygendll

??0CRSSKeyGenDll@@QAE@XZ

showmaticencryptiondll

?InitEncryptionClient@@YA_NIPAD0@Z
?InitEncryptionServer@@YA_NIPAD0@Z

kernel32

DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
SystemTimeToFileTime
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
GetOEMCP
GetAtomNameA
SetFileTime
GetTempFileNameA
GetDiskFreeSpaceA
LocalUnlock
SetEndOfFile
SetErrorMode
LocalFileTimeToFileTime
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitThread
GetDriveTypeA
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
VirtualFree
FatalAppExitA
GetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
SetEnvironmentVariableA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreA
GetProfileIntA
FileTimeToSystemTime
SetThreadPriority
GlobalGetAtomNameA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleFileNameW
GlobalSize
MulDiv
SetThreadAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemDirectoryA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
OpenThread
DeviceIoControl
SetUnhandledExceptionFilter
GetShortPathNameA
CreateNamedPipeA
CreateEventA
DisconnectNamedPipe
ConnectNamedPipe
ReadFile
WritePrivateProfileSectionA
GetPrivateProfileIntA
WriteFile
CopyFileExA
SetFileAttributesA
RemoveDirectoryA
GetDiskFreeSpaceExA
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetProcessHeap
GetLocalTime
OutputDebugStringW
FormatMessageA
GetCurrentThread
LocalAlloc
LocalFree
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
GetCurrentProcess
GetCurrentThreadId
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
GetCurrentProcessId
WinExec
GetFileSize
FindNextFileA
FreeLibrary
ResetEvent
SetEvent
CopyFileA
CompareFileTime
MoveFileA
CreateFileA
GetFileTime
FileTimeToLocalFileTime
TerminateProcess
ResumeThread
SuspendThread
CreateThread
GetExitCodeProcess
WaitForSingleObject
GetExitCodeThread
TerminateThread
lstrcatA
CreateProcessA
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
SetCurrentDirectoryA
RaiseException
GetModuleFileNameA
DeleteFileA
OpenProcess
CreateMutexA
ReleaseMutex
CloseHandle
GetTickCount
lstrcmpA
InterlockedIncrement
InterlockedDecrement
lstrcpynA
Sleep
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrcmpiW
CompareStringW
CompareStringA
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
CreateDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
lstrlenW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
FreeResource
GetCPInfo
lstrlenA
lstrcmpiA
MultiByteToWideChar
GetVersion
GetVersionExA
WideCharToMultiByte
lstrcpyA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAddAtomA
InterlockedCompareExchange
CreateFileW
LocalLock

user32

SetWindowsHookExA
CallNextHookEx
GetClassLongA
RemovePropA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExA
GetClassInfoA
RegisterClassA
DeferWindowPos
SetScrollInfo
SetWindowPlacement
IntersectRect
GetWindowPlacement
GetWindowTextLengthA
ScrollWindowEx
IsWindowEnabled
MoveWindow
GetDlgCtrlID
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
UnhookWindowsHookEx
GetMenuStringA
PostThreadMessageA
FindWindowExA
DrawAnimatedRects
EnumChildWindows
TrackPopupMenu
SetMenuDefaultItem
SetActiveWindow
SetCursorPos
CopyImage
WaitForInputIdle
GetAsyncKeyState
MessageBoxW
AdjustWindowRectEx
MessageBoxA
GetMessageA
EnumDisplaySettingsA
ChangeDisplaySettingsA
CallWindowProcA
GetScrollInfo
SetParent
GetWindow
IsRectEmpty
RegisterWindowMessageA
RegisterHotKey
GetLastInputInfo
UnregisterHotKey
LoadMenuA
IsIconic
DrawIcon
PostQuitMessage
GetClassNameA
GetWindowTextA
PeekMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
SetPropA
GetPropA
DefWindowProcA
DestroyWindow
UpdateWindow
BeginPaint
EndPaint
GetForegroundWindow
GetWindowDC
FindWindowA
GetMenu
CreateDialogIndirectParamA
FlashWindow
RedrawWindow
BringWindowToTop
GetSystemMenu
SetMenuItemInfoA
EnableMenuItem
EqualRect
GetFocus
SetFocus
EmptyClipboard
SetClipboardData
GetCapture
IsChild
ShowWindow
CharUpperW
CharUpperA
CharLowerW
CharLowerA
OpenClipboard
InvalidateRgn
IsWindowVisible
SetWindowPos
DestroyCursor
LoadImageA
SetCursor
GetWindowLongA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
FrameRect
OffsetRect
InflateRect
GetIconInfo
CreateIconIndirect
DrawStateA
IsMenu
SetWindowLongA
IsWindow
GetCursorPos
ScreenToClient
PtInRect
GetKeyState
ReleaseCapture
SetCapture
DrawFocusRect
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
DrawIconEx
DestroyIcon
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetSysColorBrush
GetSysColor
GetDesktopWindow
ReleaseDC
CheckMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowThreadProcessId
DestroyMenu
ValidateRect
SetRectEmpty
GetKeyNameTextA
MapVirtualKeyA
GetDCEx
ShowOwnedPopups
WindowFromDC
LockWindowUpdate
GetDC
RemoveMenu
ModifyMenuA
InsertMenuA
UnionRect
RegisterClipboardFormatA
SendNotifyMessageA
InSendMessage
GetNextDlgGroupItem
GetTabbedTextExtentA
MessageBeep
IsClipboardFormatAvailable
CharNextA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
DeleteMenu
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
GetDlgItem
GetParent
KillTimer
SetTimer
InvalidateRect
LoadCursorA
EnableWindow
LoadIconA
SendMessageA
SetForegroundWindow
GetClientRect
GetWindowRect
SetWindowRgn
PostMessageA
WinHelpA
CloseClipboard
EndDialog
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
SetMenu
TranslateAcceleratorA
GetDialogBaseUnits
UnregisterClassA
CopyAcceleratorTableA
SetWindowContextHelpId
MapDialogRect
SetWindowTextA
WaitMessage
MsgWaitForMultipleObjects

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
CopyMetaFileA
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
SetViewportOrgEx
GetObjectType
EnumMetaFile
PlayMetaFile
GetDCOrgEx
GetCharWidthA
StretchDIBits
SetRectRgn
CreateEllipticRgn
UnrealizeObject
GetWindowOrgEx
GetRgnBox
GetTextMetricsA
GetBkColor
GetTextColor
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
GetTextAlign
CreateDIBitmap
SetDIBColorTable
StartDocA
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
GetTextExtentPoint32A
SetPixel
GetPixel
PatBlt
Rectangle
Ellipse
GetBkMode
GetDeviceCaps
GetObjectA
CreateFontIndirectA
CreateHatchBrush
CreateSolidBrush
CreatePen
CreateFontA
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
DeleteObject
BitBlt
GetStockObject
SetPolyFillMode
RestoreDC
SelectObject
CreateCompatibleDC
PlayMetaFileRecord
CreateCompatibleBitmap
FillRgn
SetBkMode
GdiFlush
GetDIBits
ExtCreatePen
CreateDCA
Arc
CreateRectRgnIndirect
CreateRectRgn
SetBkColor
SetTextColor
StretchBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateBitmap
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateDIBSection
DeleteDC
SaveDC

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
GetJobA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
IsTextUnicode
RegSetValueA
CreateProcessWithLogonW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegCreateKeyExA
RegDeleteValueA
CreateProcessAsUserA
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
FreeSid
RegDeleteKeyA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegOpenKeyA

shell32

SHFileOperationA
DragQueryFileA
ShellExecuteExA
ShellExecuteA
SHGetFileInfoA
SHAppBarMessage
SHGetPathFromIDListA
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHChangeNotify
SHGetSpecialFolderPathA
ExtractIconA
DragFinish

comctl32

ord17
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindExtensionA
PathFileExistsA
PathRemoveExtensionA
PathStripToRootA
UrlUnescapeA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
OleRun
WriteFmtUserTypeStg
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleCreateStaticFromData
OleSetContainedObject
OleDuplicateData
ReleaseStgMedium
CoCreateInstance
CreateStreamOnHGlobal
SetConvertStg
CoUninitialize
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
CoTaskMemAlloc
CoInitialize
CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleSave
WriteClassStm
OleSaveToStream
OleLockRunning
OleCreateFromData
OleCreateLinkFromData
OleIsCurrentClipboard
OleLoad
StgOpenStorageOnILockBytes
GetHGlobalFromILockBytes
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleSetClipboard
CoLockObjectExternal
GetRunningObjectTable
IsAccelerator
OleTranslateAccelerator
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegEnumVerbs
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoGetMalloc
CoRegisterMessageFilter
OleFlushClipboard
CLSIDFromProgID
OleCreate
CoRevokeClassObject
CoRegisterClassObject
DoDragDrop
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
OleSetMenuDescriptor
OleGetClipboard
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
StgCreateDocfile
CoGetClassObject

oleaut32

SafeArrayCreateVector
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
OleCreateFontIndirect
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantChangeType
SysStringLen
SafeArrayGetElement
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantClear
SysFreeString
OleLoadPicture
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ws2_32

WSAAsyncSelect
WSARecvFrom
WSASendTo
ntohl
getsockopt
getservbyport
getservbyname
recvfrom
sendto
getsockname
ntohs
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSASetLastError
WSAGetLastError
ioctlsocket
setsockopt
getpeername

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImagePixelFormat
GdipSaveImageToFile

avifil32

AVIFileExit
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileOpenA
AVIFileRelease
AVIStreamRelease
AVIStreamWrite
AVIFileInit
AVIFileCreateStreamA

mpr

WNetAddConnection2A

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
EmptyWorkingSet

netapi32

Netbios

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

libcurl

curl_easy_getinfo
curl_easy_init
curl_slist_append
curl_easy_cleanup
curl_global_init
curl_share_init
curl_share_setopt
curl_easy_setopt
curl_easy_perform

wininet

InternetSetCookieA
InternetGetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
FtpRenameFileA
InternetSetOptionA
InternetCloseHandle
InternetQueryDataAvailable
FtpDeleteFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
HttpOpenRequestA
InternetOpenUrlA
GopherOpenFileA
InternetConnectA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
InternetCrackUrlA

iphlpapi

GetAdaptersInfo
GetTcpTable

secur32

DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
FreeCredentialsHandle
AcquireCredentialsHandleA

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdb6e7d7d4eb550c75d9d662acaff6d9

Headers

File Characteristics

PDB Paths

Imports

wsock32

winmm

aesencryption

rtskeygendll

showmaticencryptiondll

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

gdiplus

avifil32

mpr

psapi

netapi32

userenv

libcurl

wininet

iphlpapi

secur32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 640KB - Virtual size: 639KB

.data Size: 32KB - Virtual size: 75KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 640KB - Virtual size: 639KB

.data
Size: 32KB - Virtual size: 75KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB