541e035d9956d98fe6366f4133cc8630_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

541e035d9956d98fe6366f4133cc8630_NeikiAnalytics.exe
Size

1.7MB
MD5

541e035d9956d98fe6366f4133cc8630
SHA1

a94d557b8bab9b3fe9e917387bdc892f03e5a394
SHA256

ab4904872bcef050775d3f379a8caccd2cb03f57c5b297b52105e42cc9c8cabf
SHA512

46075f4e0254ef575fe6c83f4fc806a0c1a6d5829b7560472c104759dbb45033ca6525deed5b0971ddc91e4be3c253ff81a7574a1df49ef9fdf5efceb6217fad
SSDEEP

24576:4KQ0q9n54ORUq+dvi9N+IF60LUTQkoMwJr5u585gUqilrQ84Qc6CC5b11aY1n3TH:4KQB95pRUtedhCIqorQ8n8Cz1x1n3D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
541e035d9956d98fe6366f4133cc8630_NeikiAnalytics.exe

Files

541e035d9956d98fe6366f4133cc8630_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

f39013db5c76d536900825e8f51c6099

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\v310\Beta8.1\src\RenderFilter\xdp\src\sln\Rflt\rf\obj\Release\x64\cnmxz_aqua.pdb

Imports

kernel32

VerSetConditionMask
CreateDirectoryW
LocalFree
MoveFileW
VerifyVersionInfoW
WideCharToMultiByte
SetFilePointerEx
lstrcmpW
GetVersionExW
LoadLibraryExW
LeaveCriticalSection
GetTickCount64
lstrcmpiW
CreateMutexW
WriteFile
FindResourceW
FindResourceA
LoadResource
SizeofResource
GetProcAddress
EnterCriticalSection
FreeLibrary
LockResource
VirtualFree
GetModuleHandleA
GetVersion
SetFilePointer
RemoveDirectoryW
ReadFile
GetTempFileNameW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetPrivateProfileStringW
lstrlenW
GetSystemDirectoryW
CloseHandle
GetFileSize
VirtualAlloc
LoadLibraryA
ExpandEnvironmentStringsA
LoadLibraryExA
CreateFileW
GlobalFree
GlobalAlloc
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
SetLastError
GetLastError
RaiseException
MultiByteToWideChar
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
HeapReAlloc
HeapSize
GetTimeZoneInformation
SetConsoleCtrlHandler
WaitForSingleObjectEx
OutputDebugStringA
ReadConsoleW
SetStdHandle
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
MoveFileExA
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetCurrentThreadId
OpenThread
TerminateThread
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetProcessTimes
GetCurrentProcess
GetTickCount
InitializeCriticalSectionAndSpinCount
GetLongPathNameW
LoadLibraryW
MulDiv
GetComputerNameW
GetLocaleInfoW
GetSystemDefaultLCID
GetFileAttributesW
SetFileAttributesW
GetSystemWindowsDirectoryW
WritePrivateProfileStringW
CopyFileW
GetUserDefaultUILanguage
CreateProcessW
GetSystemTime
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
GetModuleFileNameA
WriteConsoleW
GetStringTypeW
ExitProcess
HeapFree
HeapAlloc
GetCurrentThread
DecodePointer

user32

UnregisterClassW
GetDC
SystemParametersInfoW
LoadImageW
ReleaseDC
CharNextW
LoadStringW
PostMessageW
CreatePopupMenu
DestroyMenu
AppendMenuW
TrackPopupMenu
GetWindowRect
WinHelpW

gdi32

DeleteObject
GetDIBits

winspool.drv

DeletePrinterDataExW
EnumPortsW
SetPrinterDataExW
GetPrinterDataExW
ClosePrinter
OpenPrinterW
EnumFormsW
DeviceCapabilitiesW
GetPrinterDataW
GetPrinterW
GetPrinterDriverW
GetPrinterDriverDirectoryW
GetJobW
SetPrinterDataW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptEncrypt
CryptSetKeyParam
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
SetThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExA
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoCreateGuid
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemFree

oleaut32

VariantInit
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocString
VarBstrCat
SysStringByteLen
CreateErrorInfo
VariantCopy
SysAllocStringLen
VarBstrCmp
SetErrorInfo
VariantChangeType
GetErrorInfo

prntvpt

ord7
ord8
ord10
ord2
ord4

shlwapi

StrChrW
StrStrW
StrCmpW
StrCmpIW
StrStrIW

mscms

IsColorProfileValid
GetColorProfileHeader
CloseColorProfile
OpenColorProfileW
GetColorDirectoryW
IsColorProfileTagPresent
GetColorProfileElement

gdiplus

GdipGetImageWidth
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipSaveImageToStream
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCloneImage

wininet

InternetOpenA
InternetReadFile
InternetSetFilePointer
InternetOpenUrlA
InternetCloseHandle

shell32

SHGetFolderPathW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetQueryDisplayInformation
NetApiBufferFree

spoolss

ImpersonatePrinterClient
RevertToPrinterSelf

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 955KB - Virtual size: 955KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 398KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f39013db5c76d536900825e8f51c6099

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

prntvpt

shlwapi

mscms

gdiplus

wininet

shell32

version

netapi32

spoolss

Exports

Exports

Sections

.text Size: 955KB - Virtual size: 955KB

.rdata Size: 266KB - Virtual size: 265KB

.data Size: 398KB - Virtual size: 405KB

.pdata Size: 67KB - Virtual size: 67KB

.gfids Size: 512B - Virtual size: 464B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 955KB - Virtual size: 955KB

.rdata
Size: 266KB - Virtual size: 265KB

.data
Size: 398KB - Virtual size: 405KB

.pdata
Size: 67KB - Virtual size: 67KB

.gfids
Size: 512B - Virtual size: 464B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 7KB - Virtual size: 7KB