724de89e410514d245f2930b1629c560_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

724de89e410514d245f2930b1629c560_NeikiAnalytics.exe
Size

3.7MB
MD5

724de89e410514d245f2930b1629c560
SHA1

3e2e552607a614f9cf5608a31841c57982c1cc6f
SHA256

e845f93bd9c5214c0083790feec113fc3c6e9be16c2690681550ec7aa23f8b50
SHA512

40f49d46e40a254bc2828f8630d27ac8d8db3a274130e1792936deb215b82cda569c2202df6e36ae5b04c2e73edcd4dd5b1f112241ba526ae79d5492f3bac9a5
SSDEEP

49152:bJjoewSs1FjgWocNa2uKHVspcAjc0Y46Y4ByQ04x9oZNxmpfsqcAmaUjSagBlwwc:tM7TyQ0UUwUclp++EbaY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
724de89e410514d245f2930b1629c560_NeikiAnalytics.exe

Files

724de89e410514d245f2930b1629c560_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

c9a72138333a31cad6727c7a3cf02fd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Dev\v8\bin\client\release\npwebconfduo64.pdb

Imports

kernel32

GlobalFlags
lstrlenA
SystemTimeToFileTime
GetFileAttributesExW
SetFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetDateFormatA
GetTimeFormatA
SetStdHandle
ExitThread
CreateThread
HeapReAlloc
GetDriveTypeA
FindFirstFileA
GetFileInformationByHandle
RtlUnwindEx
ExitProcess
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleHandleA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetFullPathNameA
CreateFileA
GetCurrentDirectoryA
SetConsoleCtrlHandler
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
WritePrivateProfileStringW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
GetSystemTime
GlobalMemoryStatus
GetVersion
AreFileApisANSI
MoveFileExW
DeviceIoControl
RemoveDirectoryW
CreateWaitableTimerA
SetWaitableTimer
ResetEvent
OpenEventA
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
CreateFileW
GetFullPathNameW
GetVolumeInformationW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
DeleteFileW
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
FormatMessageW
LocalFree
MulDiv
GlobalFindAtomW
CompareStringW
GetVersionExA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GlobalAddAtomW
ResumeThread
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GlobalLock
lstrcmpW
GlobalAlloc
GetModuleHandleW
ExpandEnvironmentStringsA
Sleep
LoadLibraryA
GetStdHandle
GetFileType
PeekNamedPipe
ReadFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SleepEx
FormatMessageA
SetLastError
SetEvent
DuplicateHandle
SetHandleInformation
OutputDebugStringW
WaitForMultipleObjects
HeapFree
GetProcessHeap
HeapAlloc
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
GetSystemTimeAsFileTime
ReleaseMutex
CreateMutexW
GetPrivateProfileStringW
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcess
CloseHandle
CreateProcessW
GetSystemDirectoryW
CreateDirectoryW
GetLastError
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
WideCharToMultiByte
QueryPerformanceCounter
MultiByteToWideChar

user32

DestroyMenu
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CharUpperW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
PostMessageW
FillRect
wsprintfW
EnableWindow
UpdateWindow
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
GetPropW
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetProcessWindowStation
GetUserObjectInformationW
GetMenuState
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
UnregisterClassW
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
CopyRect
PtInRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
GetWindowTextW
SetWindowPos
SetFocus
ShowWindow
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindow
GetWindowThreadProcessId
GetWindowLongW
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
MessageBoxW
IsWindowEnabled
GetLastActivePopup

gdi32

CreateCompatibleBitmap
GetStockObject
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SetMapMode
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectW
GetDeviceCaps
GetDIBits
SetViewportExtEx
OffsetViewportOrgEx
RestoreDC
SaveDC
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteKeyW
ReportEventW
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegisterEventSourceW
FreeSid
EqualSid
LookupAccountSidW
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderLocation

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

ole32

CoTaskMemFree
CoCreateInstance
OleRun

oleaut32

VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString
GetErrorInfo

ws2_32

ioctlsocket
select
__WSAFDIsSet
WSASetLastError
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
socket
connect
setsockopt
getpeername
getsockopt
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup
gethostname
inet_ntoa
htonl
gethostbyname
htons
bind
shutdown
ntohs

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SEG_HTTP
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9a72138333a31cad6727c7a3cf02fd3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 707KB - Virtual size: 707KB

.data Size: 327KB - Virtual size: 363KB

.pdata Size: 137KB - Virtual size: 136KB

text Size: 4KB - Virtual size: 4KB

data Size: 15KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 2B

SEG_HTTP Size: 512B - Virtual size: 1B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 707KB - Virtual size: 707KB

.data
Size: 327KB - Virtual size: 363KB

.pdata
Size: 137KB - Virtual size: 136KB

text
Size: 4KB - Virtual size: 4KB

data
Size: 15KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 2B

SEG_HTTP
Size: 512B - Virtual size: 1B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 43KB - Virtual size: 42KB