99e55df4550b18077ddb4530526061a0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

99e55df4550b18077ddb4530526061a0_NeikiAnalytics.exe
Size

994KB
MD5

99e55df4550b18077ddb4530526061a0
SHA1

cf9dc1c6e7ec47ef18949fd7e40a939a13eead3e
SHA256

33b3f04b5330f457b3507321f7b73552e605c23acf71695d589014f152ed4c87
SHA512

f0ab5a76d696da689852f60b94033ec77bd304b1db69c0b353a8705d36ae4588c922b1269fde0e210e2664f4071932fea6c1859b9d3177ef21256fb73ebb7d9f
SSDEEP

24576:in9OEI7SfQaWOq6hAAB7rWbzgi/yPtsdhu5rEH7bW:KOEI7/ZOq8rW8pSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99e55df4550b18077ddb4530526061a0_NeikiAnalytics.exe

Files

99e55df4550b18077ddb4530526061a0_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

fd5ea99cfb243c49b2a2bf38d7c727c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

DeleteFileW
CreateFileW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameW
GetFileAttributesW
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringW
ExpandEnvironmentStringsW
ReadProcessMemory
WriteFile
SetErrorMode
GetFileAttributesA
DebugBreak
GetSystemDirectoryW
LoadLibraryW
GetProcessHeap
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentVariableW
OutputDebugStringA
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
FindNextFileW
InitializeCriticalSection
HeapCreate
GetPriorityClass
GetThreadPriority
FlushViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileType
DeviceIoControl
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
SetFileAttributesW
LCMapStringA
LCMapStringW
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExpandEnvironmentStringsA
DeleteFileA
FormatMessageW
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetVersionExW
GetSystemInfo
LoadLibraryA
DeleteCriticalSection
FreeLibrary
HeapDestroy
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
SetLastError
FindFirstFileW
GetProcAddress
VirtualQueryEx

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
realloc
sprintf
iswprint
memmove
iswspace
calloc
wcsncat
strncat
_itoa
_write
strncpy
strchr
towlower
tolower
_wcsicmp
_assert
_wcslwr
_close
_wopen
time
wcsncpy
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
_vsnprintf
isspace
ctime
malloc
_strlwr
atol
__CxxFrameHandler
fclose
_winminor
_winmajor
_osver
__unDName
isdigit
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
wcstol
_snprintf
wcsrchr
_wmakepath
_fullpath
_wfullpath
_mbsicmp
_access
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_open_osfhandle
_wsopen
_sopen
wprintf
ftell
_wgetenv
_memicmp
_mbscmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_splitpath
free
strstr
_vsnwprintf
_except_handler3
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
_wsplitpath
??3@YAXPAX@Z
??2@YAPAXI@Z

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
dbghelp
dh
fptr
homedir
lmi
lminfo
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 845KB - Virtual size: 845KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd5ea99cfb243c49b2a2bf38d7c727c5

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 845KB - Virtual size: 845KB

.data Size: 16KB - Virtual size: 111KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 845KB - Virtual size: 845KB

.data
Size: 16KB - Virtual size: 111KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 54KB - Virtual size: 53KB