59ab353e5339c2717e8ff8822c65f27b0daae3c99b0025910faec1e1510a3857_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

59ab353e5339c2717e8ff8822c65f27b0daae3c99b0025910faec1e1510a3857_NeikiAnalytics.exe
Size

800KB
MD5

2d8d96da1d117bd22a867cfa174a8410
SHA1

f4df023767d8dcee774bb4b992688789978d5a83
SHA256

59ab353e5339c2717e8ff8822c65f27b0daae3c99b0025910faec1e1510a3857
SHA512

2e9c4068783244a27de9d116fc3f62571dfab3f8bd75f503c3e75c62f30c28af89eba5ee977bcc55fd3e8d242e8d1891ddfde23dd8de92033abd0e536676a8af
SSDEEP

12288:zt1nO/Oy3c3AOYKFi+P1zHsfpBznLCS5xasfpBznLCSZQmTSuXu:zf9y3c3NYKs+P14fjznLPfjznzTSu+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59ab353e5339c2717e8ff8822c65f27b0daae3c99b0025910faec1e1510a3857_NeikiAnalytics.exe

Files

59ab353e5339c2717e8ff8822c65f27b0daae3c99b0025910faec1e1510a3857_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

595bcee471ee7dae5f86ec00ecc10efe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nmlang

ord1

nmcred

?GetPassword@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD11QAD@Z
?SetPassword@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD11@Z
?SetPassword@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD111@Z
?SetStatus@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD1W423@@Z
?SetStatus@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD11W423@@Z
?Release@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD11@Z
?Release@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD1@Z
?AddRef@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD11@Z
?AddRef@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD1@Z
?GetStatus@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD1@Z
?GetStatus@CCredentials@@QAE?AW4eCredStatus@CCredential@@W4eProtocols@3@QBD11@Z
??0CCredentials@@QAE@XZ
??1CCredentials@@QAE@XZ

winmm

timeSetEvent
timeBeginPeriod

nmcodec

?Close@CPAudioFile@@QAE?AW4eAFResult@@XZ
?GetAudioInfo@CPAudioFile@@QAE?AW4eAFResult@@AAUCPAudioInfo@@@Z
?Open@CPAudioFile@@QAE?AW4eAFResult@@PADW4eAudioFormat@@@Z
??0CPAudioFile@@QAE@XZ
??1CPAudioFile@@QAE@XZ

mapi32

ord17
ord15
ord13
ord75
ord185
ord139
ord147
ord195
ord140

mfc42

ord772
ord500
ord4129
ord2763
ord5710
ord5607
ord501
ord773
ord1105
ord1083
ord5600
ord5856
ord4204
ord6876
ord940
ord1871
ord3663
ord795
ord609
ord641
ord2514
ord2864
ord656
ord6282
ord6283
ord5683
ord6663
ord5609
ord715
ord415
ord1081
ord5597
ord2775
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2575
ord4396
ord3574
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord4080
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3698
ord765
ord2086
ord567
ord2370
ord2302
ord4234
ord6734
ord6334
ord6215
ord6197
ord6380
ord1768
ord2642
ord4710
ord616
ord3361
ord324
ord4299
ord4224
ord3721
ord6199
ord2860
ord2859
ord6142
ord2379
ord3610
ord2301
ord5981
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3874
ord3092
ord640
ord5875
ord6172
ord5789
ord5785
ord5791
ord1640
ord323
ord3803
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord269
ord826
ord600
ord1578
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord540
ord2818
ord939
ord535
ord941
ord542
ord924
ord800
ord537
ord4202
ord2764
ord4278
ord6569
ord2765
ord1802
ord4083
ord858
ord802
ord823
ord825
ord2614
ord860
ord4160
ord6467
ord2725
ord1168
ord1199
ord561
ord815
ord3738
ord4424
ord2645
ord4622
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord5290

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
_findfirst
_findnext
_findclose
putc
fprintf
_commit
rename
strerror
toupper
clock
_ismbcprint
strcspn
qsort
gmtime
strpbrk
fflush
fwrite
fread
fgets
getchar
exit
memmove
strncpy
srand
rand
localtime
strtok
time
strrchr
__mb_cur_max
_isctype
_pctype
tolower
strchr
_iob
fputs
_getch
_exit
putchar
fclose
getenv
_tempnam
fopen
vsprintf
_get_osfhandle
_errno
abort
_purecall
_mbstok
_ftol
_rmdir
strncmp
atoi
strtoul
atol
_ismbcdigit
isupper
islower
isdigit
_mbsnextc
_mbsdec
_mbsinc
strstr
free
_strdup
_mbsicmp
_mbscmp
sprintf
_vsnprintf
__CxxFrameHandler
_strnicmp
_getpid
_unlink
_write
_stat
_close
_read
_fstat
_open
_setmode
_fileno
_strlwr
_utime
_lseek
_chsize
_fdopen
_mkdir
_stricmp

kernel32

UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
FindNextFileA
FindFirstFileA
GetLastError
DeleteFileA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateMutexA
InitializeCriticalSection
DeleteCriticalSection
TerminateThread
Sleep
InterlockedIncrement
InterlockedDecrement
CloseHandle
WaitForSingleObject
SystemTimeToFileTime
GetTempFileNameA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
ResetEvent
CreateEventA
SetEvent
OpenEventA
GetSystemTime
FileTimeToSystemTime
ExpandEnvironmentStringsA
GetWindowsDirectoryA
lstrcpynA
WideCharToMultiByte
MulDiv
GetTimeZoneInformation
GetCurrentProcessId
LockFileEx
UnlockFileEx
GetCurrentProcess
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
LocalFree
LocalAlloc
GetTickCount
CreateFileA
GetLocalTime
GetFileSize
SetFilePointer
ReadFile
WriteFile
ReleaseMutex
SetEndOfFile

user32

CreateWindowExA
UnregisterClassA
RegisterClassA
DefWindowProcA
LoadCursorA
DestroyIcon
DestroyWindow
TranslateMessage
DispatchMessageA
BringWindowToTop
GetParent
IsWindowVisible
EnableWindow
MapWindowPoints
GetWindowRect
GetClientRect
SetTimer
ReleaseDC
GetDC
KillTimer
MessageBeep
GetComboBoxInfo
SetRectEmpty
GetDesktopWindow
InvalidateRect
GetAsyncKeyState
LoadImageA
SendMessageA
PeekMessageA
SetCursor

gdi32

SelectPalette
CreateDIBitmap
CreatePalette
CreateCompatibleDC
RealizePalette
BitBlt
GetObjectA
DeleteObject
GetStockObject

advapi32

LogonUserA
RegEnumKeyExA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ImpersonateLoggedOnUser
RegisterEventSourceA
ReportEventA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

Shell_NotifyIconA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

wsock32

gethostname
htons
ioctlsocket
gethostbyname
select
gethostbyaddr
WSAStartup
WSACleanup
WSAGetLastError
recvfrom
sendto
getsockname
getservbyname
ntohs
getpeername
send
recv
inet_addr
htonl
connect
shutdown
closesocket
setsockopt
socket

Exports

Exports

MSProviderInit

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

595bcee471ee7dae5f86ec00ecc10efe

Headers

File Characteristics

Imports

nmlang

nmcred

winmm

nmcodec

mapi32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

wsock32

Exports

Exports

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 396KB - Virtual size: 395KB

.data Size: 72KB - Virtual size: 76KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 396KB - Virtual size: 395KB

.data
Size: 72KB - Virtual size: 76KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 32KB - Virtual size: 29KB