ced6cb79a9cad69009eac0b1ec147af0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ced6cb79a9cad69009eac0b1ec147af0_NeikiAnalytics.exe
Size

1.7MB
MD5

ced6cb79a9cad69009eac0b1ec147af0
SHA1

381e4af8b133c818004a450023d0dd57868754ea
SHA256

7c429d156520c7ad017d0163a320babacb3736c6db00931a129c3c78a7b776b2
SHA512

73280827701ac17aafcbc13dcb67e071fcbc7c015884ac88559a07352e2ff74c1a04151dadbcf40a16f381cc92af9668dc32ace13162287bbe0d94170a4feb1f
SSDEEP

24576:PPXtXp5Spd9k85YGJ4DQUMEzOGcqbXdDacalB3HCR55X:P35Spd9k85YGqDQUPZcqz8lB3CR59

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ced6cb79a9cad69009eac0b1ec147af0_NeikiAnalytics.exe

Files

ced6cb79a9cad69009eac0b1ec147af0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

dbc57d30529269c6c43c1984f177ae1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
DeleteFileA
FreeLibrary
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
SetCurrentDirectoryA
GetProcAddress
LoadLibraryA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetLogicalDriveStringsA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetTickCount
GetCurrentThreadId
GetSystemInfo
CreateEventA
CloseHandle
ResetEvent
WaitForSingleObject
SetEvent
DuplicateHandle
GetCurrentProcess
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
OpenMutexA
ReleaseMutex
WideCharToMultiByte
GetLastError
MultiByteToWideChar
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
HeapUnlock
HeapLock
HeapWalk
GetProcessHeaps
QueryPerformanceFrequency
Sleep
QueryPerformanceCounter
SetThreadPriority
GetThreadPriority
GetCurrentThread
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
GetFileSize
GetDriveTypeA
GetFileTime
CreateProcessA
GetUserDefaultLangID
GetTimeZoneInformation
GetUserDefaultLCID
GetSystemDefaultLangID
GetLocaleInfoA
GetCommandLineA
GetWindowsDirectoryA
ResumeThread
SuspendThread
GetVersionExA
GetComputerNameA
GlobalMemoryStatus
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalAlloc
ReadFile
FlushFileBuffers
SetFilePointer
FindFirstFileA
FindNextFileA
SetFileTime
SetEndOfFile
GetFileAttributesA
SetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
FindClose
LocalFree
GetACP
GetDiskFreeSpaceA
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
TerminateThread
PostQueuedCompletionStatus
InterlockedCompareExchange
FormatMessageA

user32

EmptyClipboard
DispatchMessageA
SetClipboardData
SetCursorPos
CreatePopupMenu
TranslateMessage
ScreenToClient
GetClientRect
GetMenuItemCount
ClientToScreen
CreateMenu
GetPropA
GetCursorPos
GetWindow
GetDesktopWindow
DestroyMenu
IsDialogMessageA
GetFocus
SetParent
CreateWindowExA
GetParent
SetForegroundWindow
MessageBeep
EnableWindow
RemovePropA
KillTimer
SetTimer
GetMenu
SetPropA
GetDCEx
BeginPaint
EndPaint
DefWindowProcA
UpdateWindow
GetKeyState
PeekMessageA
GetWindowRect
SystemParametersInfoA
MessageBoxA
TranslateAcceleratorA
SendMessageA
DestroyWindow
GetActiveWindow
PostMessageA
CreateDialogIndirectParamA
DrawMenuBar
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenu
DeleteMenu
SetMenuItemInfoA
InsertMenuItemA
WindowFromPoint
SetWindowPlacement
GetWindowPlacement
GetForegroundWindow
SetActiveWindow
LoadImageA
SetClassLongA
DestroyIcon
ShowCursor
DrawFocusRect
SetScrollPos
FillRect
DrawTextA
ReleaseCapture
SetCapture
LoadCursorA
SetCursor
GetScrollInfo
SetScrollInfo
OpenClipboard
GetClipboardData
CloseClipboard
GetSysColor
GetSysColorBrush
GetClassLongA
CallWindowProcA
SetWindowLongA
GetDC
ReleaseDC
GetWindowTextLengthA
GetWindowTextA
TrackPopupMenu
SetWindowTextA
GetWindowInfo
SetWindowPos
InvalidateRect
IsWindowVisible
ShowWindow
SetFocus
GetWindowLongA
IsWindowEnabled
GetMessageA
GetMenuItemInfoA
RegisterClassA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

comctl32

ImageList_Create
ImageList_Replace
ImageList_Add
InitCommonControlsEx
ImageList_GetImageCount
ImageList_DragEnter
ImageList_BeginDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_Destroy
_TrackMouseEvent
ImageList_EndDrag

winmm

timeGetTime

storm

ord476
ord501
ord465
ord506
ord503
ord578
ord508
ord405
ord570
ord421
ord253
ord269
ord265
ord268
ord569
ord252
ord251
ord266
ord294
ord509
ord571
ord302
ord572
ord507
ord541
ord545
ord548
ord581
ord544
ord575
ord267
ord271
ord542
ord590
ord288
ord280
ord552
ord595
ord551
ord472
ord474
ord563
ord543
ord399
ord504
ord403
ord401
ord279
ord463
ord479

msvcrt

??1type_info@@UAE@XZ
time
qsort
atof
strtoul
atoi
_vsnprintf
_CIpow
memmove
_purecall
_clearfp
_control87
fopen
setvbuf
fclose
fprintf
ctime
_ftol
_XcptFilter
_beginthreadex
exit
_except_handler3
_controlfp
__p__fmode
__p__commode
__set_app_type
strrchr
__dllonexit
_onexit
_exit
__setusermatherr
_acmdln
__getmainargs
_initterm
_adjust_fdiv

advapi32

GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

gdi32

SelectObject
DeleteObject
CombineRgn
CreateRectRgnIndirect
MoveToEx
GetBkColor
CreateDIBitmap
SetBkColor
SetTextColor
LineTo
CreateSolidBrush
SetBkMode
CreatePen
FillRgn
GetTextExtentPoint32A
GetStockObject

shell32

DragAcceptFiles
DragQueryFileA
SHGetPathFromIDListA
FindExecutableA
ShellExecuteA
SHBrowseForFolderA
SHGetMalloc

mss32

_AIL_start_sequence@4
_AIL_resume_sequence@4
_AIL_set_stream_loop_count@8
_AIL_sequence_user_data@8
_AIL_set_3D_velocity@20
_AIL_set_3D_sample_preference@12
_AIL_3D_sample_attribute@12
_AIL_stream_user_data@8
_AIL_set_sequence_loop_count@8
_AIL_set_3D_sample_distances@12
_AIL_set_3D_sample_effects_level@8
_AIL_set_sample_pan@8
_AIL_set_stream_pan@8
_AIL_stream_status@4
_AIL_sample_position@4
_AIL_3D_sample_offset@4
_AIL_stream_position@4
_AIL_stream_ms_position@12
_AIL_3D_sample_length@4
_AIL_set_3D_sample_cone@16
_AIL_set_sample_ms_position@8
_AIL_set_3D_sample_obstruction@8
_AIL_set_3D_sample_occlusion@8
_AIL_close_stream@4
_AIL_DLS_compact@4
_AIL_DLS_load_memory@12
_AIL_release_sequence_handle@4
_AIL_release_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_find_DLS@24
_AIL_extract_DLS@28
_AIL_decompress_ADPCM@12
_AIL_decompress_ASI@24
_AIL_set_stream_playback_rate@8
_AIL_set_stream_user_data@12
_AIL_register_stream_callback@8
_AIL_sample_user_data@8
_AIL_set_sample_loop_count@8
_AIL_set_3D_user_data@12
_AIL_set_sequence_volume@12
_AIL_set_stream_ms_position@8
_AIL_resume_3D_sample@4
_AIL_sample_playback_rate@4
_AIL_set_sample_playback_rate@8
_AIL_resume_sample@4
_AIL_start_sample@4
_AIL_3D_user_data@8
_AIL_set_3D_sample_info@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_playback_rate@4
_AIL_set_3D_sample_playback_rate@8
_AIL_stream_playback_rate@4
_AIL_open_stream@12
_AIL_set_sample_volume@8
_AIL_stop_sample@4
_AIL_set_3D_sample_volume@8
_AIL_stop_3D_sample@4
_AIL_set_stream_volume@8
_AIL_pause_stream@8
_AIL_register_3D_EOS_callback@8
_AIL_end_3D_sample@4
_AIL_set_sequence_user_data@12
_AIL_allocate_3D_sample_handle@4
_AIL_set_sample_user_data@12
_AIL_register_sequence_callback@8
_AIL_end_sequence@4
_AIL_sequence_status@4
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_digital_CPU_percent@4
_AIL_set_3D_speaker_type@8
_AIL_set_3D_provider_preference@12
_AIL_set_3D_room_type@8
_AIL_set_3D_orientation@28
_AIL_set_3D_position@16
_AIL_set_XMIDI_master_volume@8
_AIL_shutdown@0
_AIL_close_3D_provider@4
_AIL_close_3D_listener@4
_AIL_open_3D_provider@4
_AIL_open_3D_listener@4
_AIL_set_3D_distance_factor@8
_AIL_enumerate_3D_providers@12
_AIL_close_XMIDI_driver@4
_AIL_open_XMIDI_driver@4
_AIL_last_error@0
_AIL_DLS_close@8
_AIL_DLS_open@28
_AIL_mem_use_malloc@4
_AIL_mem_use_free@4
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_close_digital_driver@4
_AIL_open_digital_driver@16
_AIL_set_file_callbacks@16
_AIL_file_type@8
_AIL_MIDI_to_XMI@20
_AIL_init_sequence@12
_AIL_sequence_ms_position@12
_AIL_mem_free_lock@4
_AIL_init_sample@4
_AIL_set_named_sample_file@20
_AIL_WAV_info@8
_AIL_sample_ms_position@12
_AIL_DLS_unload@8
_AIL_allocate_sample_handle@4
_AIL_register_EOS_callback@8
_AIL_end_sample@4
_AIL_stop_sequence@4
_AIL_allocate_sequence_handle@4

wsock32

listen
accept
htons
getsockname
gethostbyname
gethostname
ntohl
inet_addr
ntohs
ioctlsocket
recv
send
recvfrom
sendto
select
connect
WSACleanup
WSAStartup
inet_ntoa
bind
getpeername
setsockopt
socket
WSAGetLastError
closesocket

imm32

ImmAssociateContext
ImmAssociateContextEx

wininet

InternetCanonicalizeUrlA

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iyhivx
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wwaw
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbc57d30529269c6c43c1984f177ae1f

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

comctl32

winmm

storm

msvcrt

advapi32

gdi32

shell32

mss32

wsock32

imm32

wininet

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 20KB - Virtual size: 60KB

.iyhivx Size: 536KB - Virtual size: 536KB

.wwaw Size: 528KB - Virtual size: 525KB

.idata Size: 16KB - Virtual size: 13KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 20KB - Virtual size: 60KB

.iyhivx
Size: 536KB - Virtual size: 536KB

.wwaw
Size: 528KB - Virtual size: 525KB

.idata
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 48KB - Virtual size: 45KB