422e5165e82c711fd5976154ce84b229eba19ecfd4bbf7bdf76a765548b59749_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

422e5165e82c711fd5976154ce84b229eba19ecfd4bbf7bdf76a765548b59749_NeikiAnalytics.exe
Size

1.1MB
MD5

7d42ea8cfe3a0395579bcc7c95b403f0
SHA1

e05e534f892402085be00cc25cda31788a21f738
SHA256

422e5165e82c711fd5976154ce84b229eba19ecfd4bbf7bdf76a765548b59749
SHA512

21d03767280770f98bff87f0e1daac18331a30322e172375b0af18f330cfe659c067e69b0d56fecb70f03ac92304d536dab2e7c34b284f00ee0a45b2801a51cb
SSDEEP

24576:0LUoVJwLfpm9GbPYl5IguaHbX6HMfPoc7Qt/lCSYgfvRaxOpVA:Xfppk5zf7QtdrRa4VA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
422e5165e82c711fd5976154ce84b229eba19ecfd4bbf7bdf76a765548b59749_NeikiAnalytics.exe

Files

422e5165e82c711fd5976154ce84b229eba19ecfd4bbf7bdf76a765548b59749_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

2922fe10f517b52ca4f3b93be7e76b10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
FindFirstFileA
FindClose
LoadLibraryW
FreeLibrary
GetPrivateProfileStringW
WritePrivateProfileStringW
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
WaitForMultipleObjects
GetTickCount
GetFileAttributesW
GetFileAttributesA
GetTempPathW
TerminateProcess
lstrcpynW
CreateDirectoryW
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
SetLastError
LoadLibraryA
GetSystemDirectoryW
VerSetConditionMask
SleepEx
OpenProcess
InitializeCriticalSection
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
ExpandEnvironmentStringsA
FormatMessageA
ResetEvent
IsDebuggerPresent
OutputDebugStringW
ReadConsoleInputA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetModuleHandleW
GetProcAddress
FlushConsoleInputBuffer
WideCharToMultiByte
MultiByteToWideChar
lstrcatW
GetComputerNameW
CloseHandle
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
InterlockedExchange
RaiseException
GetModuleFileNameW
Sleep
InitializeCriticalSectionAndSpinCount
GetProcessHeap
InterlockedCompareExchange
HeapFree
GlobalMemoryStatus
GetModuleHandleA
LocalFree
SetEndOfFile
SetEnvironmentVariableA
CreateFileW
GetCurrentDirectoryW
WriteConsoleW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
FlushFileBuffers
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleMode
GetModuleFileNameA
ReadConsoleW
GetConsoleMode
SetConsoleCtrlHandler
WriteFile
GetOEMCP
GetACP
HeapAlloc
VerifyVersionInfoW
HeapReAlloc
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetFullPathNameW
IsProcessorFeaturePresent
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
GetStringTypeW
EncodePointer

user32

wsprintfW
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetWindowLongW
GetMessageW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
DestroyWindow
GetWindowLongW
DefWindowProcW

advapi32

RegisterEventSourceA
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
ReportEventA

ole32

CoCreateGuid
CoTaskMemFree
IIDFromString
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromIID

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

shlwapi

PathAddBackslashW
StrCmpNIW
PathAppendW

iphlpapi

GetIpForwardTable
GetAdaptersInfo

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

ws2_32

gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
listen
accept
recvfrom
WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
socket
bind
recv
setsockopt
sendto

wldap32

ord147
ord208
ord167
ord27
ord133
ord301
ord46
ord142
ord145
ord118
ord127
ord41
ord26
ord79
ord216
ord14

Exports

Exports

CallTaskFun
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 860KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2922fe10f517b52ca4f3b93be7e76b10

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

iphlpapi

psapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 860KB - Virtual size: 859KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 860KB - Virtual size: 859KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 39KB - Virtual size: 38KB