4b045b22de08534501adc06a454eb850_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4b045b22de08534501adc06a454eb850_NeikiAnalytics.exe
Size

3.6MB
MD5

4b045b22de08534501adc06a454eb850
SHA1

4b4b15ae832105b2cf1a9a38b89d8c4f5cf66242
SHA256

921786f43b2e6fe185887137352b775b97957168ecdc56d9220b8525e3811151
SHA512

fc42b5e5391badd9b325ce6a5f78607c96d65ceb0cd7cab734af1b2113059c6828da915c335b0ecb9e5d487607d2b0c091727d3f9cdab99527da6b2555d890f2
SSDEEP

24576:7P6dQLuaAMT/iO5dDeoAh0Rc6tZmx39hj+MMl14LXsQDT3h:yCXnkz/+MC0jF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b045b22de08534501adc06a454eb850_NeikiAnalytics.exe

Files

4b045b22de08534501adc06a454eb850_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

941a5cb20cb86fbafc30e3bee14ed66c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getsockopt
WSAAsyncSelect
send
WSAGetLastError
setsockopt
shutdown
closesocket
connect
ioctlsocket
bind
sendto
recvfrom
inet_ntoa
accept
WSASetLastError
htons
WSACleanup
socket
WSAStartup
recv

igcore14d

ord180
ord329
ord341
ord325
ord332
ord333
IG_IP_contrast_adjust_ex
ord162
ord76
ord174
ord73
ord186
ord5
ord202
ord65
ord314
ord4
ord11
ord20
ord211
ord77
IG_fltr_ctrl_set
ord195
ord9
ord36
ord44
IG_lic_solution_name_set
ord319
ord206
ord176
ord51
IG_image_colorspace_get
IG_image_bits_per_channel_get
ord419
ord402
ord422
ord423
ord231
ord232
ord250
IG_cpm_image_profile_get
IG_cpm_image_profile_set
IG_cpm_profile_set
ord19
ord187
ord18
ord26
IG_gctrl_item_set

iggui14d

IG_gui_file_info_dlg

ws2_32

WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent

imtimgsharpenproc

?SettingProcParam@CImgSharpenProc@@QAEXXZ
??1CImgSharpenProc@@QAE@XZ
??0CImgSharpenProc@@QAE@XZ

kernel32

SetCommMask
SetCommTimeouts
EnterCriticalSection
InitializeCriticalSection
GetCommMask
ClearCommError
WaitCommEvent
ResumeThread
SuspendThread
LocalFree
FormatMessageA
GetOverlappedResult
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LoadResource
FindResourceA
LockResource
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
lstrlenA
SetThreadPriority
SetLastError
MulDiv
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileA
GetVolumeInformationA
lstrcpynA
GetFullPathNameA
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
FindNextFileA
GetCurrentThread
GlobalAlloc
GetFileSize
GetFileTime
GetCommState
SizeofResource
LocalAlloc
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode
FindResourceExA
GetTickCount
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
RaiseException
CreateThread
ExitThread
GetACP
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
BuildCommDCBA
SetCommState
GlobalFlags
PurgeComm
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
LeaveCriticalSection
GetPrivateProfileIntA
Sleep
GetCurrentDirectoryA
DeleteFileA
VirtualFree
VirtualUnlock
VirtualLock
VirtualAlloc
RemoveDirectoryA
CreateMutexA
CloseHandle
TerminateThread
ReleaseMutex
GetFileAttributesA
MoveFileA
SetCurrentDirectoryA
WaitForMultipleObjects
GetLastError
CreateProcessA
SetFilePointer
ReadFile
CreateFileA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryExA
FreeLibrary
Beep
CreateDirectoryA
GetProfileStringA

user32

IsWindowVisible
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
GetFocus
DispatchMessageA
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
wvsprintfA
ValidateRect
TranslateMessage
GetMessageA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
CharUpperA
GetAsyncKeyState
MapDialogRect
WaitMessage
PostQuitMessage
SetWindowContextHelpId
DestroyMenu
SetRectEmpty
IsZoomed
WindowFromPoint
SetRect
InflateRect
GetClassNameA
PtInRect
SetCapture
ReleaseCapture
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
GetDCEx
LockWindowUpdate
RegisterClipboardFormatA
SetParent
PostThreadMessageA
LoadCursorA
SetCursor
GetKeyState
SetMenu
EnableMenuItem
EnumDisplaySettingsA
GrayStringA
DrawTextA
TabbedTextOutA
RedrawWindow
GetSysColor
IsWindow
GetDC
ReleaseDC
LoadMenuA
GetCursorPos
GetSubMenu
ModifyMenuA
DeleteMenu
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
GetDesktopWindow
LoadIconA
MessageBoxA
FindWindowA
ShowWindow
SetForegroundWindow
LoadBitmapA
GetParent
PostMessageA
GetSysColorBrush
FillRect
DrawEdge
GetWindowRect
GetClientRect
InvalidateRect
KillTimer
SetTimer
SendMessageA
GetTopWindow
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
GetMenu
RegisterClassA
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
IsWindowEnabled
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
EnableWindow
DefWindowProcA
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
UpdateWindow

gdi32

CreatePatternBrush
CreatePen
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
PatBlt
CreateRectRgnIndirect
GetTextExtentPoint32A
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
EnumFontFamiliesExA
GetTextColor
GetBkColor
LPtoDP
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
GetTextExtentPointA
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
CreateFontA
GetTextMetricsA
CreateSolidBrush
CreateFontIndirectA
GetObjectA
GetStockObject
SelectObject
DeleteObject
Rectangle
CreateEllipticRgn
PtInRegion
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBitmap

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
ChooseFontA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA

shell32

DragQueryFileA
DragFinish
ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ord17
ImageList_Destroy
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize
CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen
VariantTimeToSystemTime
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SysAllocStringLen
SysFreeString

Exports

Exports

??0CImgSharpenProc@@QAE@ABV0@@Z
??4CImgSharpenProc@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

941a5cb20cb86fbafc30e3bee14ed66c

Headers

File Characteristics

Imports

wsock32

igcore14d

iggui14d

ws2_32

imtimgsharpenproc

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 68KB - Virtual size: 84KB

Size: 2.2MB - Virtual size: 2.2MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 68KB - Virtual size: 84KB