964da2add98ddd0e8d9e06dae06af5b0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

964da2add98ddd0e8d9e06dae06af5b0_NeikiAnalytics.exe
Size

698KB
MD5

964da2add98ddd0e8d9e06dae06af5b0
SHA1

ebafac1a2a6a102a7b7a78abe30d3a1e3ae82fdd
SHA256

60957d7c5238ea47c074eae867829d871e0ca0bc2760a3804fc5bda3912e08ba
SHA512

8fa84c61075592da12ddd221a81e4844ebc1390f1ed16749435abda28c808ce02721eeb5dae7ebe0559816809b04f99abacb418da18bcd2f4d5beef76af921fc
SSDEEP

12288:46B/kkriAmM1aft6IURabmBrR0n5u3EpMzc3saYiBYBCSHXKrIi21P:RB8kn/aQg3A0pMA8a/BYBtHaC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
964da2add98ddd0e8d9e06dae06af5b0_NeikiAnalytics.exe

Files

964da2add98ddd0e8d9e06dae06af5b0_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

1fe12fc984da9fccb630e998b57d3ebc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\C\CNewWork\Bin\SNXC.pdb

Imports

kernel32

ExitProcess
FreeResource
LoadResource
MulDiv
lstrcpyA
LockResource
GetLastError
lstrlenA
GetFileSize
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
GetCurrentDirectoryA
GetACP
SizeofResource
FindResourceA
LocalFree
FormatMessageA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoW
IsDBCSLeadByte
lstrcpynA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
OpenEventA
OutputDebugStringA
RemoveDirectoryA
ReadFile
FindNextFileA
FindFirstFileA
QueryPerformanceFrequency
GetSystemDirectoryA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SleepEx
GetFileSizeEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
FindClose
CreateEventA
WaitForSingleObject
SetEvent
GetModuleFileNameA
SetUnhandledExceptionFilter
GetPrivateProfileSectionNamesA
lstrcmpA
Process32Next
Process32First
CreateToolhelp32Snapshot
WritePrivateProfileStringA
GetPrivateProfileIntA
CreateFileMappingA
GetModuleHandleA
UnmapViewOfFile
MapViewOfFile
GetTickCount64
OpenProcess
CreateThread
TerminateProcess
GetCurrentProcessId
MoveFileA
CreateProcessA
CreateDirectoryA
CloseHandle
WriteFile
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
Sleep
GetTickCount
GetLocalTime
DeleteFileA
IsBadReadPtr
LoadLibraryA
lstrcmpiA
GetProcAddress
FreeLibrary
VirtualProtect
VirtualFree
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

TranslateMessage
DispatchMessageA
PeekMessageA
GetUpdateRect
PostQuitMessage
IsWindowVisible
GetAsyncKeyState
SetTimer
MessageBoxA
GetCursorPos
SetWindowPos
ShowWindow
SendMessageA
EndPaint
InvalidateRect
SetWindowTextA
InflateRect
UnionRect
BeginPaint
ReleaseDC
GetDC
OffsetRect
ScreenToClient
KillTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsZoomed
IsIconic
DestroyWindow
IsWindow
CreateWindowExA
PostMessageA
GetMessageA
LoadCursorA
SetCursor
CharNextA
GetWindowRect
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
GetWindowLongA
SetWindowLongA
GetParent
GetWindow
LoadImageA
MonitorFromWindow
GetMonitorInfoA
wsprintfA
DefWindowProcA
CallWindowProcA
RegisterClassA
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
CreateWindowExW
EnableWindow
GetSystemMetrics
GetMenu
SetPropA
GetPropA
AdjustWindowRectEx
SetWindowRgn
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableA
GetWindowTextLengthA
UpdateWindow
GetWindowTextA
EqualRect
LoadIconA
ClientToScreen
GetCaretPos
MoveWindow
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuA
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
DrawTextW
CharPrevA
GetWindowRgn
IsWindowEnabled
UpdateLayeredWindow
FillRect
SetCaretPos
DrawTextA
MapVirtualKeyExA
GetKeyNameTextA
GetKeyboardLayout
SetForegroundWindow
GetClientRect

comdlg32

GetOpenFileNameA

advapi32

CryptImportKey
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegGetValueA
CryptEncrypt

shell32

DragQueryFileA
Shell_NotifyIconA
ShellExecuteA

msvcp140

?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??7ios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

dbghelp

SymGetSymFromAddr64
SymInitialize
SymGetModuleBase64
SymFunctionTableAccess64
StackWalk64
SymCleanup

ntdll

NtQueryVirtualMemory

ws2_32

getsockname
closesocket
connect
htonl
listen
bind
getaddrinfo
freeaddrinfo
recvfrom
htons
inet_addr
inet_ntoa
socket
getsockopt
accept
select
__WSAFDIsSet
WSAIoctl
setsockopt
ntohs
WSACleanup
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAStartup
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
WSAGetLastError
recv
ioctlsocket
getpeername
sendto
gethostname
gethostbyname

wldap32

ord211
ord60
ord46
ord217
ord35
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord79
ord30
ord200
ord301
ord143

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryA

normaliz

IdnToUnicode
IdnToAscii

msvfw32

MCIWndCreateA

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__CxxFrameHandler3
memcpy
memset
memmove
_purecall
memcmp
strstr
memchr
strrchr
__std_exception_copy
__std_exception_destroy
__RTDynamicCast
strchr
__vcrt_InitializeCriticalSectionEx
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_c_exit
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_cexit
_crt_atexit
_initialize_onexit_table
terminate
_errno
_controlfp_s
_invalid_parameter_noinfo
_beginthreadex
exit
__sys_errlist
__sys_nerr
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_open
_lseeki64
_get_stream_buffer_pointers
__stdio_common_vswprintf
ftell
fflush
fputs
fgetc
__acrt_iob_func
__stdio_common_vsprintf_s
__p__commode
_read
_write
_fileno
feof
fgetpos
__stdio_common_vsprintf
_close
__stdio_common_vsscanf
fputc
fsetpos
_fseeki64
setvbuf
ungetc
fopen
fread
fwrite
fclose
fopen_s
fgets
fseek
_set_fmode

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_set_new_mode
_callnewh
free
calloc

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
wcstombs
strtol
_itoa
_atoi64
atoi
atol
strtod

api-ms-win-crt-multibyte-l1-1-0

_ismbcspace
_mbschr
_mbscmp
_mbsnbcmp
_ismbcalnum
_mbsstr
_mbsicmp
_mbsrchr
_mbsnbcpy
_mbslwr
_mbsnbcat

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_findfirst64i32
_findclose
_unlink
remove
_access
_stat64
_lock_file
_findnext64i32
_fstat64

api-ms-win-crt-utility-l1-1-0

_lrotl
labs
rand
srand
ldiv
abs
qsort

api-ms-win-crt-string-l1-1-0

strcpy_s
strspn
strcat
strcpy
strlen
strpbrk
_strdup
toupper
tolower
strncmp
isdigit
strcmp
strcspn
strncpy

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-math-l1-1-0

ldexp
_fdopen
pow
sqrt
sin
__setusermatherr
_except1
cos

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

gdi32

SetStretchBltMode
MoveToEx
TextOutA
GdiFlush
CreatePatternBrush
CreateCompatibleDC
GetEnhMetaFileHeader
BitBlt
SetBkColor
CreateDIBitmap
CreateFontIndirectA
ExtSelectClipRgn
SelectClipRgn
PlayEnhMetaFile
LineTo
GetClipBox
GetCharABCWidthsA
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
SetTextColor
SetBkMode
GetTextExtentPointA
GetBitmapBits
CreatePen
CreateEnhMetaFileA
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
GetTextExtentPoint32A
CreateSolidBrush
CreateRoundRectRgn
SetWindowOrgEx
GetObjectA
GetTextMetricsA
StretchBlt
SetBitmapBits
DeleteObject
DeleteDC
CreateCompatibleBitmap

ole32

DoDragDrop
CoCreateInstance
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning

oleaut32

SysAllocStringLen
SysAllocString
VariantInit
VariantClear
SysFreeString

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipDrawImageI
GdipDrawLine
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipCreatePen2
GdipSetPenStartCap
GdipSetPenEndCap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fe12fc984da9fccb630e998b57d3ebc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

shell32

msvcp140

dbghelp

ntdll

ws2_32

wldap32

crypt32

normaliz

msvfw32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

gdi32

ole32

oleaut32

comctl32

gdiplus

imm32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 169KB

.data Size: - Virtual size: 11KB

.gfids Size: - Virtual size: 116B

.tls Size: 512B - Virtual size: 21B

.vmp0 Size: - Virtual size: 38KB

.vmp1 Size: 629KB - Virtual size: 629KB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 67KB - Virtual size: 66KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 169KB

.data
Size: - Virtual size: 11KB

.gfids
Size: - Virtual size: 116B

.tls
Size: 512B - Virtual size: 21B

.vmp0
Size: - Virtual size: 38KB

.vmp1
Size: 629KB - Virtual size: 629KB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 67KB - Virtual size: 66KB