d67f59dfbaf2b0277ee8289e3fcd4880_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d67f59dfbaf2b0277ee8289e3fcd4880_NeikiAnalytics.exe
Size

277KB
MD5

d67f59dfbaf2b0277ee8289e3fcd4880
SHA1

b67fca0a4280c92c83a9a1fa8be6468a9d81822f
SHA256

70ccff1abe866fa9090d6a9463f12be51593b0f324380b6dd0e7bd9434c3e42a
SHA512

280abd591e5c79b36d2d6a48b7ec0f29df0a1147012846e41f1141730f71ca14f644c9fc79a2fdc495c18a9fb807430ba81ef8287320dc7f485beb41199009ae
SSDEEP

3072:F9zbpP8CuE0VZVlpaJKjIT80FyvcVQQ5VeuAvxnM8Oug2:F9ZXW/2w0FtQQ5VqnMF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d67f59dfbaf2b0277ee8289e3fcd4880_NeikiAnalytics.exe

Files

d67f59dfbaf2b0277ee8289e3fcd4880_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

ba33b4cf8ca4494414f24370c23bcc85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HNETWIZ.pdb

Imports

kernel32

LocalAlloc
WideCharToMultiByte
LocalFree
GetComputerNameW
SetLastError
GetVersion
SetEvent
CreateEventW
lstrcpynW
MulDiv
GetModuleFileNameW
GetModuleHandleA
Sleep
WritePrivateProfileStringA
LoadLibraryA
SetFileAttributesA
MultiByteToWideChar
FormatMessageA
GetLastError
GetModuleHandleW
GlobalGetAtomNameA
GlobalGetAtomNameW
GetComputerNameA
SetComputerNameA
SetComputerNameW
GetDriveTypeA
GetDriveTypeW
lstrcpyW
LockResource
LoadResource
SizeofResource
FindResourceExW
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
InterlockedCompareExchange
GetWindowsDirectoryW
GetFileAttributesW
CreateDirectoryW
ExpandEnvironmentStringsA
CreateFileA
lstrlenA
WriteFile
lstrlenW
lstrcmpA
GetCurrentThreadId
CloseHandle
WaitForSingleObject
GetExitCodeProcess
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetVersionExA
GetProcAddress
CreateProcessA
FreeLibrary
LoadLibraryW

msvcrt

malloc
??2@YAPAXI@Z
getenv
wcsncpy
??3@YAXPAX@Z
_adjust_fdiv
_initterm
free

shlwapi

ord102
StrToIntW
ord94
ord143
ord96
ord135
ord138
ord130
ord120
ord74
ord16
StrStrW
ord133
ord121
StrChrW
ord126
ord55
ord117
ord125
ord142
ord56
ord141
ord37
ord136
StrCmpW
ord40
ord93
ord91
ord61
ord101
ord84
ord53
ord70
ord43
StrCpyNW
ord128
ord124
ord107
StrCmpIW
StrCpyW
ord123
ord67
ord158

gdi32

RealizePalette
SelectPalette
SelectObject
BitBlt
GetDeviceCaps
ExtTextOutW
StretchBlt
DeleteDC
SetTextColor
SetBkColor
CreateCompatibleDC
DeleteObject
CreateSolidBrush

user32

SetRect
MapWindowPoints
GetWindowRect
OffsetRect
IsWindowVisible
DestroyIcon
SendNotifyMessageW
wsprintfA
SetFocus
LoadStringA
MessageBoxA
IsWindow
ClientToScreen
GetSystemMetrics
GetPropA
RemovePropA
SetPropA
CallNextHookEx
UnhookWindowsHookEx
GetSysColor
SetForegroundWindow
GetDC
ReleaseDC
CopyRect
GetClientRect
FillRect
InvalidateRect
BeginPaint
EndPaint
GetParent
GetDlgItem
SetCursor
ShowWindow
wvsprintfA
SetWindowPos

ole32

CoUninitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

wininet

InternetSetOptionW
InternetOpenW
InternetCloseHandle

iphlpapi

DeleteIpNetEntry
GetBestInterface
GetInterfaceInfo
SendARP
GetAdaptersInfo

ws2_32

WSAStartup
gethostbyname
WSACleanup
inet_addr

tapi32

lineInitializeExW
lineGetAddressCapsW
lineOpenW
lineNegotiateAPIVersion
lineGetNewCalls
lineGetCallInfoW
lineShutdown
lineClose

urlmon

CreateURLMoniker

shell32

ord59
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExA
SHFileOperationA
SHFormatDrive
ord71
SHGetPathFromIDListA
SHChangeNotify
SHGetMalloc
ord155

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
HomeNetWizardRunDll

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba33b4cf8ca4494414f24370c23bcc85

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

shlwapi

gdi32

user32

ole32

oleaut32

advapi32

wininet

iphlpapi

ws2_32

tapi32

urlmon

shell32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 188KB - Virtual size: 188KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 188KB - Virtual size: 188KB

.reloc
Size: 7KB - Virtual size: 7KB