575e9389b44b6ab6578434e654abe7a09317cc5ddf4db84ed41b2cfe6d91fa6a_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

575e9389b44b6ab6578434e654abe7a09317cc5ddf4db84ed41b2cfe6d91fa6a_NeikiAnalytics.exe
Size

178KB
MD5

c9b2bb3cc6c0583fca7d02525f3da800
SHA1

609714bd5875e98a5f422d7b73dd3530a33f9486
SHA256

575e9389b44b6ab6578434e654abe7a09317cc5ddf4db84ed41b2cfe6d91fa6a
SHA512

3d879854423146d9bb49819bab7bfb7096f19e975e0b8facbe27b594dc6064db302a5e06313ec2a766e9e03b274d7c5270d54e72d0d1cb39f927cd041b388622
SSDEEP

3072:ROQUfomfaMkeLzZSp0yc5ipysL99nvYcae5jmeL:ROQUQmCMvL9Cc5iJnjbN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
575e9389b44b6ab6578434e654abe7a09317cc5ddf4db84ed41b2cfe6d91fa6a_NeikiAnalytics.exe

Files

575e9389b44b6ab6578434e654abe7a09317cc5ddf4db84ed41b2cfe6d91fa6a_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

e6d5d9df95d1926b69e4286fdbe49e69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\Dascom Printer Config Tool\DsPrn\Ver 2.0.0.11\Release\DsPrn.pdb

Imports

kernel32

FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
InterlockedExchange
InterlockedExchangeAdd
Sleep
DeviceIoControl
GetCommModemStatus
GetTickCount
CloseHandle
CreateFileW
ReadFile
GetFileSize
WriteFile
CreateThread
CancelIo
GetOverlappedResult
InterlockedDecrement
PurgeComm
TerminateThread
WaitForSingleObject
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
CreateEventW
GetLocalTime
EscapeCommFunction
SetCommTimeouts
SetCommConfig
GetCommConfig
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
ClearCommError
lstrlenW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA

user32

PostMessageW
CharUpperW
CharNextW

winspool.drv

ClosePrinter
EnumPrintersW
OpenPrinterW
SetPrinterW
GetPrinterW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
VarBstrCat
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen

rpcrt4

NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

setupapi

SetupDiOpenClassRegKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d5d9df95d1926b69e4286fdbe49e69

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

rpcrt4

setupapi

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 118KB

.orpc Size: 512B - Virtual size: 51B

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 119KB - Virtual size: 118KB

.orpc
Size: 512B - Virtual size: 51B

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 11KB - Virtual size: 11KB