6102ba5bb1680536ff2f612e3e4c6970_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6102ba5bb1680536ff2f612e3e4c6970_NeikiAnalytics.exe
Size

2.7MB
MD5

6102ba5bb1680536ff2f612e3e4c6970
SHA1

cf047bf3d7958fb01ebf1f6c44410ba48da239c9
SHA256

d58bc61f011e8bf7301221bd4506f43463662d8f5474dbf383299376d74f8468
SHA512

95e890edab7445198df2a313543bbb8a1920d6c818808946cc282efba11c7c92d1158fb89cc2629435d3da76a0945d8068fb1e2c614abb3ee3bba17919e7a853
SSDEEP

49152:6AHq/i9QXj7bXCW8ZAHq/i9QXj7bXCW87AHq/i9QXj7bXCW8fBAHq/i9QXj7bXCz:a2o0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6102ba5bb1680536ff2f612e3e4c6970_NeikiAnalytics.exe

Files

6102ba5bb1680536ff2f612e3e4c6970_NeikiAnalytics.exe
.dll windows:4 windows x64 arch:x64

5729394f3fc7701bc9a24dff874d73fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\hudson\workspace\vnc_5.1.x\label\win\src\release\x64\installhlp.pdb

Imports

setupapi

SetupDefaultQueueCallbackW
SetupOpenInfFileW
SetupSetDirectoryIdW
SetupInitDefaultQueueCallback
SetupInstallFromInfSectionW
SetupTermDefaultQueueCallback
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiGetINFClassW
SetupDiGetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiOpenDevRegKey

msi

ord8
ord103
ord125
ord74
ord145
ord211
ord143
ord17

shlwapi

SHStrDupW
PathIsDirectoryEmptyW

kernel32

FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
GetFileAttributesW
FormatMessageW
MultiByteToWideChar
GetCurrentProcessId
GetLocaleInfoW
GetFullPathNameW
GetVersionExW
LocalAlloc
GetModuleFileNameW
ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
ReadFile
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetFileType
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
DebugBreak
GetModuleFileNameA
GetSystemTimeAsFileTime
FlsGetValue
TlsAlloc
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
HeapSize
RtlVirtualUnwind
DeleteCriticalSection
WriteFile
SetHandleCount
FindClose
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
LCMapStringA
LCMapStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FlushFileBuffers
LoadLibraryA
InitializeCriticalSection
GetTimeZoneInformation
HeapReAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CopyFileW
Sleep
GetSystemDirectoryW
CreateFileW
CloseHandle
GetCurrentDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
CreateDirectoryW
GetLastError
GetVersion
GlobalMemoryStatus
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
SetHandleInformation
GetCurrentProcess
DuplicateHandle
GetStdHandle
CreateProcessW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
GetStartupInfoA
LocalFree
GetCurrentThreadId

winspool.drv

GetPrinterDriverDirectoryW
DeleteMonitorW
EnumMonitorsW
EnumPortsW
OpenPrinterW
ClosePrinter
AddPrinterDriverW
EnumPrinterDriversW
DeletePrinter
DeletePrinterDriverW
EnumPrintersW
AddMonitorW
SetPrinterW

ole32

PropVariantClear
CoCreateInstance

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

user32

GetProcessWindowStation
GetDesktopWindow
MessageBoxW
GetUserObjectInformationW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
SetSecurityInfo
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
CreateProcessAsUserW
OpenProcessToken
CopySid
GetLengthSid
IsValidSid
FreeSid
AllocateAndInitializeSid
GetTokenInformation
InitializeAcl
GetAclInformation
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

shell32

SHFileOperationW

Exports

Exports

addFeatureSettings
addLicenseKey
addMsiSource
budgeFilesServer
budgeFilesServerRollback
checkMirrorDriverError
checkPrinterDriverError
checkRebootRequired
cleanupFeatureSettings
cleanupOldMirrorDriver
cleanupOldPrinterDriver
cleanupOldViewerV4
copyLicenseKey
createInternetShortcut
createMirrorDriver
deleteInternetShortcut
deleteLogSetting
getPreviousServerInstallPath
getPreviousViewerInstallPath
installPrinterDriver
installPrinterDriverHelper
installService
installServiceTest
invalidLicenseCheck
migrateSettings
postInstallServer
preInstallChecks
preInstallService
removeMirrorDriver
setLogSetting
setShortcutProperty
testFailure
uninstallOldMirrorDriver
uninstallOldPrinterDriver
uninstallOldViewer
uninstallPrinterDriver
uninstallPrinterDriverHelper
uninstallService
viewerRollback

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5729394f3fc7701bc9a24dff874d73fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

msi

shlwapi

kernel32

winspool.drv

ole32

version

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 414KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 72KB - Virtual size: 84KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 72KB - Virtual size: 84KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 15KB - Virtual size: 15KB