218be80f626380143de400f40b706360990885ada8b645c8a8bf067aae08719a_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

218be80f626380143de400f40b706360990885ada8b645c8a8bf067aae08719a_NeikiAnalytics.exe
Size

6.8MB
MD5

73d11206bf25ee9552562b2076029c80
SHA1

f7f2e4cb45f902849884f7bf9325fd879e6edf5f
SHA256

218be80f626380143de400f40b706360990885ada8b645c8a8bf067aae08719a
SHA512

9929236cc7d208eb954a777b65d67779f629df0a727237a538eda8a060836e33d0c1a8413bcb6f5c0094a69d97f86108f0feaa813ffbb17979fd9f78cdf80551
SSDEEP

98304:02PkXPRHhOgV8dVR7BTiIKXhSaaiF+ACOaq+5:02Ps7oKXI2PH+5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
218be80f626380143de400f40b706360990885ada8b645c8a8bf067aae08719a_NeikiAnalytics.exe

Files

218be80f626380143de400f40b706360990885ada8b645c8a8bf067aae08719a_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

153e0c1364ba45c27c022469bf04cbf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mtc_artillery_overlay.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

user32

GetMessageW
GetAncestor
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
PostMessageW
PostThreadMessageW
RedrawWindow
DefWindowProcW
DispatchMessageA
GetMessageA
FlashWindowEx
PostQuitMessage
AppendMenuW
CreateMenu
CheckMenuItem
SetMenuItemInfoW
ChangeDisplaySettingsExW
PeekMessageW
SetWindowPlacement
VkKeyScanW
GetAsyncKeyState
GetKeyboardState
SetWindowLongW
EnableMenuItem
GetSystemMenu
ShowWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
IsProcessDPIAware
GetDC
GetWindowPlacement
SystemParametersInfoA
SetWindowPos
IsWindowVisible
InvalidateRgn
LoadCursorW
SetForegroundWindow
ClipCursor
GetClipCursor
DestroyWindow
ShowCursor
AdjustWindowRectEx
SetCursor
ValidateRect
GetMenu
GetUpdateRect
GetWindowLongW
GetClientRect
ToUnicodeEx
ClientToScreen
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
SendMessageW
DestroyIcon
CreateIcon
GetWindowRect
SendInput
MapVirtualKeyW
MonitorFromRect
TrackMouseEvent
GetWindowLongPtrW
SetWindowDisplayAffinity
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetRawInputData
MonitorFromPoint
EnumDisplayMonitors
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
GetTouchInputInfo
EnumChildWindows
ScreenToClient
CloseTouchInputHandle
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
SetMenu
MessageBoxW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetForegroundWindow
SetCursorPos
ReleaseCapture
IsIconic
GetActiveWindow

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass

kernel32

LCIDToLocaleName
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
SetUnhandledExceptionFilter
RaiseException
GetSystemTimeAsFileTime
CloseHandle
SleepConditionVariableSRW
EncodePointer
RtlVirtualUnwind
LoadLibraryA
GetUserDefaultUILanguage
lstrlenW
LoadLibraryW
InitializeSListHead
UnhandledExceptionFilter
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
AcquireSRWLockExclusive
GetFullPathNameW
CreateThread
WriteConsoleW
MultiByteToWideChar
UpdateProcThreadAttribute
GetProcAddress
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
ReadFileEx
CreateNamedPipeW
ExitProcess
GetFinalPathNameByHandleW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetCurrentThreadId
LoadLibraryExW
TlsGetValue
IsDebuggerPresent
TlsSetValue
WakeAllConditionVariable
FreeLibrary
GetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
GetSystemInfo
GetFileInformationByHandleEx
CreateFileW
FindClose
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
TerminateProcess
SetHandleInformation
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
TlsFree
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
CreateIoCompletionPort
RtlLookupFunctionEntry
GetQueuedCompletionStatusEx
RtlCaptureContext
PostQueuedCompletionStatus
QueryPerformanceCounter
SetFileCompletionNotificationModes
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
GetProcessHeap
HeapFree
SetThreadStackGuarantee
HeapAlloc
AddVectoredExceptionHandler
CompareStringOrdinal
FormatMessageW
WaitForSingleObject
DeleteProcThreadAttributeList
ReleaseSRWLockExclusive
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
FreeEnvironmentStringsW

ole32

RegisterDragDrop
CoInitializeEx
RevokeDragDrop
CoTaskMemFree
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal

shell32

SHAppBarMessage
DragFinish
DragQueryFileW
SHGetKnownFolderPath

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ws2_32

WSAIoctl
WSAGetLastError
WSASend
WSAStartup
WSACleanup
freeaddrinfo
send
recv
closesocket
shutdown
getsockopt
ioctlsocket
connect
getpeername
getsockname
WSASocketW
getaddrinfo
bind
setsockopt

crypt32

CertVerifyTimeValidity
CertGetEnhancedKeyUsage
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore

advapi32

SystemFunction036
EventRegister
EventSetInformation
RegGetValueW
EventWriteTransfer
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister

uxtheme

SetWindowTheme

ntdll

NtReadFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
NtWriteFile
NtCreateFile

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
SysStringLen

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

__setusermatherr
round
trunc
floor
pow

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
strlen
wcsncmp
_wcsicmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initialize_onexit_table
_cexit
__p___argv
_register_thread_local_exe_atexit_callback
_crt_atexit
__p___argc
_register_onexit_function
_exit
_initialize_narrow_environment
_configure_narrow_argv
exit
_initterm_e
abort
_initterm
_get_initial_narrow_environment
_seh_filter_exe
terminate
_set_app_type

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
_set_new_mode
free

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

153e0c1364ba45c27c022469bf04cbf2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

user32

comctl32

kernel32

ole32

shell32

gdi32

dwmapi

ws2_32

crypt32

advapi32

uxtheme

ntdll

oleaut32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 3KB - Virtual size: 14KB

.pdata Size: 214KB - Virtual size: 214KB

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 22KB - Virtual size: 21KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 3KB - Virtual size: 14KB

.pdata
Size: 214KB - Virtual size: 214KB

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 22KB - Virtual size: 21KB