084815d227bd3ca0b65010f825c6a1180be8a8af3247b5e65bb7dd6d73723388_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

084815d227bd3ca0b65010f825c6a1180be8a8af3247b5e65bb7dd6d73723388_NeikiAnalytics.exe
Size

324KB
MD5

cffe460567c78165e2a6c6a069fdce00
SHA1

303c86ba2dc65a087e0a76274da8697cc9b179da
SHA256

084815d227bd3ca0b65010f825c6a1180be8a8af3247b5e65bb7dd6d73723388
SHA512

ddb785364454565168b2b26eed067d0a7677b33e3af3ff478817bf757669b277ea11fc727d8b106d8ed0c469e497cb61c87614c9e9f3129a1592fc80e6cc0ee9
SSDEEP

3072:hrUTtt0wffKSZ5nRelB/tUWq6YpfW4Bsz2K+u:Fatig5ng31X/cW4Bsz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
084815d227bd3ca0b65010f825c6a1180be8a8af3247b5e65bb7dd6d73723388_NeikiAnalytics.exe

Files

084815d227bd3ca0b65010f825c6a1180be8a8af3247b5e65bb7dd6d73723388_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

34712ad6beca431b216e5f5973affbfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\RealProgramming4Kids\Desktop\HauntedHarbourDA\Debug\HauntedHarbourSK.pdb

Imports

kernel32

HeapSize
GetProcessHeap
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
DecodePointer
RaiseException
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
HeapReAlloc
GetCurrentProcess
WideCharToMultiByte
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
TerminateProcess
GetLastError

user32

PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
DialogBoxParamW
DefWindowProcW
SetTimer
LoadAcceleratorsW
TranslateAcceleratorW
UpdateWindow
GetDC
ReleaseDC
BeginPaint
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
UnregisterClassW
EndDialog
EndPaint
LoadIconW

gdi32

GetObjectW
GetDIBColorTable
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBColorTable

gdiplus

GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipFree
GdipAlloc
GdiplusStartup

msimg32

TransparentBlt

msvcp140d

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Debug_message@std@@YAXPB_W0I@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140d

__CxxFrameHandler3
memset
memmove
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memcpy
_CxxThrowException
memcmp

ucrtbased

_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_CrtDbgReport
_callnewh
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_initialize_onexit_table
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
terminate
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_controlfp_s
_wmakepath_s
_wsplitpath_s
_initialize_narrow_environment
_invalid_parameter_noinfo
_configure_narrow_argv
_register_onexit_function
_seh_filter_dll
_free_dbg
_errno
strlen
_invalid_parameter
_CrtDbgReportW
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_resetstkoflw
labs
_recalloc
malloc
free
calloc
wcslen
exit
wcscpy_s
wmemcpy_s

Sections

.textbss
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34712ad6beca431b216e5f5973affbfc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

gdiplus

msimg32

msvcp140d

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 86KB

.text Size: 209KB - Virtual size: 208KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 14KB

.idata Size: 6KB - Virtual size: 6KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 6KB - Virtual size: 6KB

.textbss
Size: - Virtual size: 86KB

.text
Size: 209KB - Virtual size: 208KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 14KB

.idata
Size: 6KB - Virtual size: 6KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 6KB - Virtual size: 6KB