CLBCatQ.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
General
-
Target
2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.exe
-
Size
489KB
-
MD5
9952005f679c975224db0f9db60f9dd0
-
SHA1
ec01c25671139205030330ba194f330170c169d7
-
SHA256
2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b
-
SHA512
ef47502d9ed75d7b30f93869cfd638011efe3b60ecc312eae11dabc51f83ba539e1c875653309eeb2142e75e5c017f6912acfe8f3a72f02da628227a632fabc3
-
SSDEEP
12288:EV6XTcre3vpLpMdXExxmMGELwfAlBdtsRfWY:Are5pMd0xZGMwfAlBwW
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.exe
Files
-
2fd5c226a3479ede667de7e66a5c1b1178ccc7374c0d6484fe6425719c30f98b_NeikiAnalytics.exe.dll regsvr32 windows:6 windows x86 arch:x86
e7bb1a134f8fbaa68c71f7885a39a6f2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
LoadLibraryA
CreateFileW
SetFilePointer
lstrcatW
WideCharToMultiByte
lstrlenA
WriteFile
lstrlenW
lstrcpyW
MultiByteToWideChar
TerminateProcess
MoveFileW
GetTickCount
GlobalMemoryStatusEx
Sleep
VirtualAlloc
VirtualFree
GetSystemDefaultLCID
lstrcmpiW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpynW
GetCurrentThread
CloseHandle
SetUnhandledExceptionFilter
DeleteFileW
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
InterlockedIncrement
InterlockedCompareExchange
GetModuleFileNameW
DisableThreadLibraryCalls
GetSystemDirectoryW
LocalFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLongPathNameW
GetComputerNameW
GetThreadContext
GetLocalTime
SetFileAttributesW
LockResource
lstrcmpW
WaitForSingleObject
GetExitCodeProcess
GetFileType
GetFileSizeEx
GetSystemDefaultUILanguage
FindResourceExW
FindResourceW
LoadResource
IsDBCSLeadByte
CreateProcessW
CreateFileMappingW
CreateFileMappingA
GetFileAttributesA
GetModuleHandleW
GetLastError
DelayLoadFailureHook
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
OpenFileMappingA
CreateDirectoryW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
CopyFileW
CompareStringA
CompareStringW
FlushFileBuffers
ReadFile
SetEndOfFile
HeapAlloc
GetProcessHeap
HeapFree
IsBadReadPtr
MapViewOfFileEx
lstrcmpiA
IsBadWritePtr
DebugBreak
IsDebuggerPresent
GetVersionExW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
SetLastError
LoadLibraryExW
FormatMessageW
GetModuleFileNameA
CreateFileA
DeleteFileA
OutputDebugStringA
OutputDebugStringW
user32
SetProcessWindowStation
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
LoadStringW
OpenDesktopW
SetThreadDesktop
GetDesktopWindow
GetWindowRect
CharLowerW
wsprintfA
CharNextW
wsprintfW
SetWindowPos
MapWindowPoints
GetClientRect
advapi32
SaferCreateLevel
GetAclInformation
GetSecurityDescriptorDacl
BuildTrusteeWithSidW
GetSecurityDescriptorLength
CreateProcessAsUserW
DuplicateTokenEx
RegConnectRegistryW
RegFlushKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetSecurityDescriptorControl
AddAce
GetAce
AddAccessAllowedAceEx
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
SaferSetLevelInformation
SaferIdentifyLevel
SaferGetLevelInformation
SaferCloseLevel
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
GetTokenInformation
OpenThreadToken
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
OpenProcessToken
MakeAbsoluteSD2
ConvertSidToStringSidW
FreeSid
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
SetThreadToken
GetEffectiveRightsFromAclW
oleaut32
SysAllocString
VariantInit
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
VariantClear
SysFreeString
LoadRegTypeLi
LoadTypeLibEx
comres
COMResModuleInstance
msvcrt
_vsnwprintf
swprintf
wcsncpy
wcstol
wcsncmp
wcsstr
_wcslwr
towupper
memmove
_snprintf
_wcsnicmp
free
_i64tow
qsort
_purecall
wcsrchr
malloc
_wcsicmp
__CxxFrameHandler
_except_handler3
wcschr
_wtol
_ltow
mbstowcs
wcstombs
_waccess
_local_unwind2
_wstrtime
_wstrdate
_resetstkoflw
_initterm
_adjust_fdiv
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_snwprintf
realloc
ntdll
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
NtQueryInformationProcess
rpcrt4
UuidFromStringW
version
VerQueryValueW
Exports
Exports
?ClearList@@YGXPAVCStructArray@@@Z
?CreateComponentLibraryTS@@YGJPBGJPAPAUIComponentRecords@@@Z
?DataConvert@@YGJGGKPAKPAX1KK0EEK@Z
?DestroyStgDatabase@@YGXPAVStgDatabase@@@Z
?GetDataConversion@@YGJPAPAUIDataConvert@@@Z
?GetDataConvertObject@@YGPAVCGetDataConversion@@XZ
?GetPropValue@@YGJGPAJPAXHPAHAAUtagDBPROP@@@Z
?GetStgDatabase@@YGJPAPAVStgDatabase@@@Z
?OpenComponentLibrarySharedTS@@YGJPBG0KPAU_SECURITY_ATTRIBUTES@@JPAPAUIComponentRecords@@@Z
?OpenComponentLibraryTS@@YGJPBGJPAPAUIComponentRecords@@@Z
?ShutDownDataConversion@@YGXXZ
ActivatorUpdateForIsRouterChanges
CLSIDFromStringByBitness
CheckMemoryGates
CoRegCleanup
ComPlusEnablePartitions
ComPlusEnableRemoteAccess
ComPlusMigrate
ComPlusPartitionsEnabled
ComPlusRemoteAccessEnabled
CreateComponentLibraryEx
DeleteAllActivatorsForClsid
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DowngradeAPL
GetCatalogObject
GetCatalogObject2
GetComputerObject
GetSimpleTableDispenser
InprocServer32FromString
OpenComponentLibraryEx
OpenComponentLibraryOnMemEx
OpenComponentLibraryOnStreamEx
OpenComponentLibrarySharedEx
ServerGetApplicationType
SetSetupOpen
SetSetupSave
SetupOpen
SetupSave
UpdateFromAppChange
UpdateFromComponentChange
Sections
.text Size: 450KB - Virtual size: 449KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ