852ebe6b9ffd75d098ea8f42a2f26630_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

852ebe6b9ffd75d098ea8f42a2f26630_NeikiAnalytics.exe
Size

2.4MB
MD5

852ebe6b9ffd75d098ea8f42a2f26630
SHA1

9730d15302a616dbaffdd8060eaac33ed51ddc81
SHA256

e1ad47a01c6a1432873b0ce37e99e4b93cc731f08c0e800da92e4b5da2d9be51
SHA512

4aef0396ffb75545d1f5bb3a27908477695ac10b2d65b5b8a88d45fa55265018d8fce5af1cd926bc29e36cbdade4dcf3c35e94267dc9e136bd57599864099055
SSDEEP

49152:cwy/aFgfD7fFl+F9KTcn4fztLCu/ORIYaPFKnFyOxmdXz:cwNefD79lm9KTi4fztLP/OL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
852ebe6b9ffd75d098ea8f42a2f26630_NeikiAnalytics.exe

Files

852ebe6b9ffd75d098ea8f42a2f26630_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

286a68a7c33b320a5b339f7fcfdf6ca1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\git\dirsync\src\DirectorySyncInstance\bin\Release\DirectorySyncInstance.pdb

Imports

kernel32

CreateDirectoryA
GetStdHandle
GetConsoleScreenBufferInfo
OutputDebugStringA
GetTempPathA
GetSystemTimeAsFileTime
GetSystemInfo
GetModuleHandleA
GetVersionExA
GetCurrentDirectoryW
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateThread
DeleteFileW
GetFileInformationByHandle
InitializeCriticalSection
CreateEventW
WaitForSingleObject
CloseHandle
GetCommandLineW
MultiByteToWideChar
FindResourceW
lstrlenW
lstrcmpiW
FormatMessageW
SetConsoleMode
ReadConsoleInputA
LocalFree
LocalAlloc
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryA
SetConsoleTextAttribute
GetComputerNameA
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
Sleep
GetCurrentThreadId
CreateEventA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
VerifyVersionInfoA
SleepEx
VerSetConditionMask
FlushConsoleInputBuffer
GetModuleFileNameW
FreeLibrary
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
FindFirstFileExW
DecodePointer
LoadLibraryA
GlobalMemoryStatus
SetEnvironmentVariableA
ReadConsoleW
SetEndOfFile
LoadLibraryW
FreeLibraryAndExitThread
GetThreadTimes
VirtualFree
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
ReadFile
SetFilePointerEx
FlushFileBuffers
GetFileAttributesExW
GetTimeZoneInformation
CreateFileW
OpenEventW
VirtualUnlock
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalAlloc
GlobalFree
FormatMessageA
VirtualLock
GetDiskFreeSpaceExW
GetNativeSystemInfo
GlobalMemoryStatusEx
FindFirstFileW
CompareFileTime
FindNextFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
IsDebuggerPresent
OutputDebugStringW
WideCharToMultiByte
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
GetStringTypeW
EncodePointer
IsProcessorFeaturePresent
GetCPInfo
RtlUnwind
CreateProcessA
GetFileType
GetModuleHandleExW
WriteConsoleW
WriteFile
GetConsoleCP
GetConsoleMode
GetCurrentProcessId
VirtualAlloc
VirtualProtect
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
ExitThread
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetExitCodeProcess
CreatePipe

user32

PostThreadMessageW
FindWindowA
CharNextW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
SendMessageA
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
CharUpperW
GetSystemMetrics

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegGetValueW
RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegCloseKey
ConvertSidToStringSidW
RegisterEventSourceA
ReportEventA
GetUserNameA
RegSetValueExW

ole32

CoTaskMemAlloc
CoReleaseServerProcess
CoInitializeEx
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoCreateInstance

oleaut32

SafeArrayCreate
VariantTimeToSystemTime
VariantChangeTypeEx
SystemTimeToVariantTime
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
VariantChangeType
VariantInit
VariantCopy
VarCmp
VariantClear
SysAllocStringLen
VarBstrCmp
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocString
RegisterTypeLi
UnRegisterTypeLi

ws2_32

gethostname
ioctlsocket
freeaddrinfo
WSACleanup
inet_ntop
WSAStartup
closesocket
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
getaddrinfo
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
recvfrom
sendto
accept
listen
getnameinfo
shutdown

activeds

ord3
ord9

crypt32

CryptUnprotectData
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore

wldap32

ord26
ord46
ord143
ord301
ord200
ord30
ord79
ord60
ord50
ord41
ord22
ord211
ord27
ord32
ord33
ord35

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

libssh2_agent_connect
libssh2_agent_disconnect
libssh2_agent_free
libssh2_agent_get_identity
libssh2_agent_init
libssh2_agent_list_identities
libssh2_agent_userauth
libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_signal
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_exit
libssh2_free
libssh2_hostkey_hash
libssh2_init
libssh2_keepalive_config
libssh2_keepalive_send
libssh2_knownhost_add
libssh2_knownhost_addc
libssh2_knownhost_check
libssh2_knownhost_checkp
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_scp_recv
libssh2_scp_send64
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_banner_get
libssh2_session_banner_set
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_get_timeout
libssh2_session_handshake
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_set_timeout
libssh2_session_startup
libssh2_session_supported_algs
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_fstatvfs
libssh2_sftp_get_channel
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_statvfs
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_trace_sethandler
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey
libssh2_userauth_publickey_fromfile_ex

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

286a68a7c33b320a5b339f7fcfdf6ca1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

activeds

crypt32

wldap32

version

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 478KB - Virtual size: 478KB

.data Size: 88KB - Virtual size: 180KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 478KB - Virtual size: 478KB

.data
Size: 88KB - Virtual size: 180KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 101KB - Virtual size: 100KB