2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.exe
Size

489KB
MD5

9952005f679c975224db0f9db60f9dd0
SHA1

ec01c25671139205030330ba194f330170c169d7
SHA256

2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b
SHA512

ef47502d9ed75d7b30f93869cfd638011efe3b60ecc312eae11dabc51f83ba539e1c875653309eeb2142e75e5c017f6912acfe8f3a72f02da628227a632fabc3
SSDEEP

12288:EV6XTcre3vpLpMdXExxmMGELwfAlBdtsRfWY:Are5pMd0xZGMwfAlBwW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.exe

Files

2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

e7bb1a134f8fbaa68c71f7885a39a6f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CLBCatQ.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
LoadLibraryA
CreateFileW
SetFilePointer
lstrcatW
WideCharToMultiByte
lstrlenA
WriteFile
lstrlenW
lstrcpyW
MultiByteToWideChar
TerminateProcess
MoveFileW
GetTickCount
GlobalMemoryStatusEx
Sleep
VirtualAlloc
VirtualFree
GetSystemDefaultLCID
lstrcmpiW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpynW
GetCurrentThread
CloseHandle
SetUnhandledExceptionFilter
DeleteFileW
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
InterlockedIncrement
InterlockedCompareExchange
GetModuleFileNameW
DisableThreadLibraryCalls
GetSystemDirectoryW
LocalFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLongPathNameW
GetComputerNameW
GetThreadContext
GetLocalTime
SetFileAttributesW
LockResource
lstrcmpW
WaitForSingleObject
GetExitCodeProcess
GetFileType
GetFileSizeEx
GetSystemDefaultUILanguage
FindResourceExW
FindResourceW
LoadResource
IsDBCSLeadByte
CreateProcessW
CreateFileMappingW
CreateFileMappingA
GetFileAttributesA
GetModuleHandleW
GetLastError
DelayLoadFailureHook
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
OpenFileMappingA
CreateDirectoryW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
CopyFileW
CompareStringA
CompareStringW
FlushFileBuffers
ReadFile
SetEndOfFile
HeapAlloc
GetProcessHeap
HeapFree
IsBadReadPtr
MapViewOfFileEx
lstrcmpiA
IsBadWritePtr
DebugBreak
IsDebuggerPresent
GetVersionExW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
SetLastError
LoadLibraryExW
FormatMessageW
GetModuleFileNameA
CreateFileA
DeleteFileA
OutputDebugStringA
OutputDebugStringW

user32

SetProcessWindowStation
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
LoadStringW
OpenDesktopW
SetThreadDesktop
GetDesktopWindow
GetWindowRect
CharLowerW
wsprintfA
CharNextW
wsprintfW
SetWindowPos
MapWindowPoints
GetClientRect

advapi32

SaferCreateLevel
GetAclInformation
GetSecurityDescriptorDacl
BuildTrusteeWithSidW
GetSecurityDescriptorLength
CreateProcessAsUserW
DuplicateTokenEx
RegConnectRegistryW
RegFlushKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetSecurityDescriptorControl
AddAce
GetAce
AddAccessAllowedAceEx
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
SaferSetLevelInformation
SaferIdentifyLevel
SaferGetLevelInformation
SaferCloseLevel
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
GetTokenInformation
OpenThreadToken
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
OpenProcessToken
MakeAbsoluteSD2
ConvertSidToStringSidW
FreeSid
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
SetThreadToken
GetEffectiveRightsFromAclW

oleaut32

SysAllocString
VariantInit
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
VariantClear
SysFreeString
LoadRegTypeLi
LoadTypeLibEx

comres

COMResModuleInstance

msvcrt

_vsnwprintf
swprintf
wcsncpy
wcstol
wcsncmp
wcsstr
_wcslwr
towupper
memmove
_snprintf
_wcsnicmp
free
_i64tow
qsort
_purecall
wcsrchr
malloc
_wcsicmp
__CxxFrameHandler
_except_handler3
wcschr
_wtol
_ltow
mbstowcs
wcstombs
_waccess
_local_unwind2
_wstrtime
_wstrdate
_resetstkoflw
_initterm
_adjust_fdiv
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_snwprintf
realloc

ntdll

RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
NtQueryInformationProcess

rpcrt4

UuidFromStringW

version

VerQueryValueW

Exports

Exports

?ClearList@@YGXPAVCStructArray@@@Z
?CreateComponentLibraryTS@@YGJPBGJPAPAUIComponentRecords@@@Z
?DataConvert@@YGJGGKPAKPAX1KK0EEK@Z
?DestroyStgDatabase@@YGXPAVStgDatabase@@@Z
?GetDataConversion@@YGJPAPAUIDataConvert@@@Z
?GetDataConvertObject@@YGPAVCGetDataConversion@@XZ
?GetPropValue@@YGJGPAJPAXHPAHAAUtagDBPROP@@@Z
?GetStgDatabase@@YGJPAPAVStgDatabase@@@Z
?OpenComponentLibrarySharedTS@@YGJPBG0KPAU_SECURITY_ATTRIBUTES@@JPAPAUIComponentRecords@@@Z
?OpenComponentLibraryTS@@YGJPBGJPAPAUIComponentRecords@@@Z
?ShutDownDataConversion@@YGXXZ
ActivatorUpdateForIsRouterChanges
CLSIDFromStringByBitness
CheckMemoryGates
CoRegCleanup
ComPlusEnablePartitions
ComPlusEnableRemoteAccess
ComPlusMigrate
ComPlusPartitionsEnabled
ComPlusRemoteAccessEnabled
CreateComponentLibraryEx
DeleteAllActivatorsForClsid
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DowngradeAPL
GetCatalogObject
GetCatalogObject2
GetComputerObject
GetSimpleTableDispenser
InprocServer32FromString
OpenComponentLibraryEx
OpenComponentLibraryOnMemEx
OpenComponentLibraryOnStreamEx
OpenComponentLibrarySharedEx
ServerGetApplicationType
SetSetupOpen
SetSetupSave
SetupOpen
SetupSave
UpdateFromAppChange
UpdateFromComponentChange

Sections

.text
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7bb1a134f8fbaa68c71f7885a39a6f2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

oleaut32

comres

msvcrt

ntdll

rpcrt4

version

Exports

Exports

Sections

.text Size: 450KB - Virtual size: 449KB

.data Size: 5KB - Virtual size: 22KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 450KB - Virtual size: 449KB

.data
Size: 5KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 24KB