59a9baf66a35a73f384a410722800e3ec365f7a4663a96ef962b6983481d2fb1_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

59a9baf66a35a73f384a410722800e3ec365f7a4663a96ef962b6983481d2fb1_NeikiAnalytics.exe
Size

572KB
MD5

10508dce31f6839260cfb2baa9b504b0
SHA1

d0d06c4f277f19523d400793c5b04b02a9bf995a
SHA256

59a9baf66a35a73f384a410722800e3ec365f7a4663a96ef962b6983481d2fb1
SHA512

16a9c78325ba97f3a904f6a7e9e4bd22e0143b6b74604e8563a2e2e0745a53528063d1d94efecbf7ff6acdbe6c5d1c44b06b437442e0a655cf1388bc2c7abe4c
SSDEEP

6144:90KXSEadmfgUbQkiLy9Wd6WpxHJe9bUc1Oc5RNU0w7lslnCUGw/xIRLtxIRLuovZ:9PFadIgUbQkiSWdbHYxU0w7lzaoo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59a9baf66a35a73f384a410722800e3ec365f7a4663a96ef962b6983481d2fb1_NeikiAnalytics.exe

Files

59a9baf66a35a73f384a410722800e3ec365f7a4663a96ef962b6983481d2fb1_NeikiAnalytics.exe
.exe windows:10 windows x64 arch:x64

d082ed2dd44f92a2982761f9bcf0e999

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

osk.pdb

Imports

advapi32

EventUnregister
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
GetTraceLoggerHandle
EventSetInformation
TraceMessage
EventRegister
EventWriteTransfer
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegGetValueW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegLoadMUIStringW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteTreeW

kernel32

LockResource
CloseHandle
HeapSetInformation
FindResourceExW
LoadResource
RegisterApplicationRestart
HeapAlloc
GetProcessHeap
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
ExpandEnvironmentStringsW
GetLocaleInfoEx
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
GetUserPreferredUILanguages
FreeResource
LCIDToLocaleName
ProcessIdToSessionId
ResolveLocaleName
FormatMessageW
VirtualQuery
GetSystemInfo
LoadLibraryExA
VirtualProtect
FreeLibrary
InitOnceComplete
InitOnceBeginInitialize
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
ReleaseSRWLockExclusive
LocalFree
OOBEComplete
CreateThread
SetEvent
CreateEventW
IsProcessInJob
OpenJobObjectW
CompareStringOrdinal
GetLastError
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
MultiByteToWideChar
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
RaiseException
WaitForSingleObjectEx
InitializeCriticalSection
HeapDestroy
HeapReAlloc
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapSize
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetModuleHandleW
WideCharToMultiByte
LocaleNameToLCID
DebugBreak
GetTickCount
MulDiv
LoadLibraryExW
IsDebuggerPresent
GlobalDeleteAtom
GlobalAddAtomW
GetStringTypeExW
GetTickCount64
ReleaseMutex
CreateMutexW
SizeofResource
GetSystemDefaultLocaleName
OpenMutexW
SetProcessShutdownParameters
GetModuleFileNameW
OpenProcess

gdi32

GetDeviceCaps
GetStockObject

user32

GetParent
PtInRect
UnhookWinEvent
InvalidateRect
ReleaseDC
GetGUIThreadInfo
SendInput
SetWindowPos
CreateWindowExW
ScreenToClient
SendMessageW
SetTimer
GetClientRect
KillTimer
SystemParametersInfoW
LoadImageW
GetCursorPos
GetMessageW
PostMessageW
DestroyWindow
LoadStringW
ShowWindow
SetLayeredWindowAttributes
IsDialogMessageW
PeekMessageW
SetWinEventHook
TranslateMessage
FindWindowW
IsIconic
UnhookWindowsHookEx
UnregisterClassA
GetForegroundWindow
GetKeyboardLayout
MapWindowPoints
MapVirtualKeyExW
WindowFromPhysicalPoint
GetCursorInfo
CallNextHookEx
MonitorFromRect
SetWindowsHookExW
GetClassNameW
SetWindowFeedbackSetting
SetDesktopColorTransform
SendNotifyMessageW
LoadCursorW
CreateDialogParamW
DispatchMessageW
GetPropW
GetKeyState
GetShellWindow
GetUserObjectInformationW
GetThreadDesktop
ChangeWindowMessageFilterEx
MessageBoxW
SetDlgItemTextW
SendDlgItemMessageW
SetFocus
GetDlgItem
CheckDlgButton
EnableWindow
AdjustWindowRectEx
AllowSetForegroundWindow
MonitorFromPoint
MonitorFromWindow
SetWindowLongPtrW
RemovePropW
GetSystemMetrics
SetClassLongPtrW
GetWindowLongPtrW
IsWindow
GetMonitorInfoW
SetWindowPlacement
GetDoubleClickTime
SetPropW
LoadIconW
SetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
GetMessageExtraInfo
GetWindowRect
GetWindowMinimizeRect
GetDC

msvcrt

wcscmp
_wcslwr_s
wcsrchr
_ltow_s
memcmp
_wtoi
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
memset
_initterm
__setusermatherr
_cexit
_onexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
__C_specific_handler
wcsstr
wcscpy_s
free
calloc
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
wcstoul
_vsnwprintf
??_V@YAXPEAX@Z
wcscspn
memmove_s
wcsspn
_wcsicmp
memcpy_s
__CxxFrameHandler4
??3@YAXPEAX@Z
wcschr
_exit

osksupport

InitializeOSKSupport
UninitializeOSKSupport

dwmapi

DwmSetWindowAttribute

gdiplus

GdiplusShutdown
GdiplusStartup

ntdll

WinSqmAddToStream
WinSqmIsOptedIn
WinSqmIncrementDWORD
WinSqmSetDWORD
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleacc

AccSetRunningUtilityState
AccessibleObjectFromWindow

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

winmm

PlaySoundW
joyReleaseCapture
joySetCapture
waveOutGetNumDevs

wmsgapi

WmsgSendMessage

dui70

?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?IsRTL@Element@DirectUI@@QEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ElementFromPoint@HWNDElement@DirectUI@@QEAAPEAVElement@2@PEAUtagPOINT@@@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?ThemeChange@HWNDElement@DirectUI@@SA?AVUID@@XZ
?Register@HWNDElement@DirectUI@@SAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
??0HWNDElement@DirectUI@@QEAA@XZ
??1HWNDElement@DirectUI@@UEAA@XZ
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
UnInitThread
UnInitProcessPriv
?EndDefer@Element@DirectUI@@QEAAXK@Z
InitThread
InitProcessPriv
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetWidth@Element@DirectUI@@QEAAJH@Z
?GetDisplayNode@Element@DirectUI@@QEAAPEAUHGADGET__@@XZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
?SetY@Element@DirectUI@@QEAAJH@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
??0NativeHWNDHost@DirectUI@@QEAA@XZ

duser

InvalidateGadget

mscms

ord260

shell32

ShellExecuteW

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d082ed2dd44f92a2982761f9bcf0e999

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

osksupport

dwmapi

gdiplus

ntdll

ole32

oleacc

oleaut32

winmm

wmsgapi

dui70

duser

mscms

shell32

Sections

.text Size: 140KB - Virtual size: 139KB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 8KB - Virtual size: 7KB

.didat Size: 4KB - Virtual size: 16B

.rsrc Size: 352KB - Virtual size: 351KB

.reloc Size: 4KB - Virtual size: 900B

.text
Size: 140KB - Virtual size: 139KB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 8KB - Virtual size: 7KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 352KB - Virtual size: 351KB

.reloc
Size: 4KB - Virtual size: 900B