2b1b877651c625649480b0205f60f80d3a0c41872217a47d161e5d890335c8cd_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b1b877651c625649480b0205f60f80d3a0c41872217a47d161e5d890335c8cd_NeikiAnalytics.exe
Size

1.9MB
MD5

fa5e9652836dd66c09aca77c2d1fa790
SHA1

1e7ac52ca609ad1fc5706eb18aaefc641ee22500
SHA256

2b1b877651c625649480b0205f60f80d3a0c41872217a47d161e5d890335c8cd
SHA512

faf09e445f60df7d8535a2d41711b28308f56766a0750438beefc72666a51258c087e5c7efcbf3b7567bd889e2e7d2a2b7a0d84c370f4b9d95e08b17e6c08668
SSDEEP

24576:JH7m2pkBqBCiEsytGkf4PrqXFnbQH4+rsXv3bARd882o6OZZr9i3WoTkkalPCD:b0qBgXXGTsXvrW12KZr0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b1b877651c625649480b0205f60f80d3a0c41872217a47d161e5d890335c8cd_NeikiAnalytics.exe

Files

2b1b877651c625649480b0205f60f80d3a0c41872217a47d161e5d890335c8cd_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

2bb6e6de0062a9988f86ef6cef6248cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
GetVersionExA
GetModuleHandleA
CloseHandle
GetSystemDefaultLangID
GetLastError
GetTickCount
ReadFile
GetFileSize
CreateFileA
lstrcatA
DeleteFileA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
RaiseException
HeapAlloc
GetStartupInfoA
GetVersion
ExitProcess
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetSystemTimeAsFileTime
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
FreeLibrary
LoadLibraryA
GetCurrentProcess
HeapSize
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
SetEndOfFile
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
GetExitCodeProcess
IsProcessorFeaturePresent
CreateEventA
SetEvent
WaitForSingleObjectEx
GetProcAddress
QueryPerformanceCounter
lstrcpyA
QueryPerformanceFrequency
Sleep
GetLocalTime
OutputDebugStringA
InterlockedExchange
CreateProcessA
GetCommandLineA
GetFileType
TerminateProcess
HeapFree
SetEnvironmentVariableA

user32

GetDC
ChangeDisplaySettingsA
GetWindowRect
ClientToScreen
LoadStringA
LoadBitmapA
DestroyWindow
ReleaseDC
SetCursorPos
MessageBoxA
SetRectEmpty
EnumDisplaySettingsA
FillRect
ScreenToClient
GetCursorPos
GetWindowLongA
GetClientRect
SetWindowPos
ClipCursor
GetAsyncKeyState
GetKeyState
RegisterWindowMessageA
GetForegroundWindow
PostThreadMessageA
GetMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
DefWindowProcA
BeginPaint
EndPaint
SetCursor
SetCapture
ReleaseCapture
LoadCursorA
LoadIconA
RegisterClassExA
GetSystemMetrics
SetRect
ShowWindow
CreateWindowExA
GetClassLongA
SetWindowLongA
SendMessageA
UnregisterClassA
UpdateWindow
ShowCursor
WaitForInputIdle

d3d8

Direct3DCreate8

winmm

mixerGetLineInfoA
mixerGetLineControlsA
auxGetNumDevs
waveOutGetNumDevs
auxGetDevCapsA
mixerGetControlDetailsA
mixerGetNumDevs
mixerSetControlDetails
timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeKillEvent
timeSetEvent
waveOutClose
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutOpen
waveOutReset
mciSendCommandA
timeGetTime
mciGetErrorStringA

ddraw

DirectDrawCreate
DirectDrawEnumerateA

dinput

DirectInputCreateA
DirectInputCreateEx

dsound

ord1

avifil32

AVIFileInit

gdi32

CreateFontIndirectA
TextOutW
SetBkColor
CreateDCA
CreateCompatibleBitmap
CreateSolidBrush
CreateFontA
GetGlyphOutlineA
SelectObject
BitBlt
CreateCompatibleDC
DeleteDC
SetPixel
GetPixel
GetObjectA
SetTextColor
SetBkMode
TextOutA
DeleteObject
CreateDIBSection

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

ws2_32

inet_addr
ntohl
inet_ntoa
htonl
gethostbyname
gethostname
getsockname
socket
bind
connect
WSAGetLastError
select
ioctlsocket
setsockopt
WSACleanup
WSAStartup
recvfrom
htons
sendto
recv
ntohs
send
closesocket

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

Sections

.text
Size: 1.7MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kkldawv
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2bb6e6de0062a9988f86ef6cef6248cf

Headers

File Characteristics

Imports

kernel32

user32

d3d8

winmm

ddraw

dinput

dsound

avifil32

gdi32

advapi32

ole32

ws2_32

snmpapi

Sections

.text Size: 1.7MB - Virtual size: 1.6MB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 72KB - Virtual size: 2.2MB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 44KB - Virtual size: 44KB

kkldawv Size: - Virtual size: 4KB

.text
Size: 1.7MB - Virtual size: 1.6MB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 72KB - Virtual size: 2.2MB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 44KB - Virtual size: 44KB

kkldawv
Size: - Virtual size: 4KB