30663238278c07fe44da537fe6d3547e73746184711dd656f43261ff00719d41_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

30663238278c07fe44da537fe6d3547e73746184711dd656f43261ff00719d41_NeikiAnalytics.exe
Size

49KB
MD5

27176e6929528bd96457142c8e737630
SHA1

c3c8b27f8d8986a0b804e3d66cc6e432fe262524
SHA256

30663238278c07fe44da537fe6d3547e73746184711dd656f43261ff00719d41
SHA512

744db83ef62f41739f5c207e1372d4f94d310add73fd382b2d3bbf373e7c7183e5c2cb9e39a9cec294528adf4a60f9fab9d44ffce7db44f2cafcbbdca4d16b63
SSDEEP

1536:rgEhE0NJqxxeFxA7kwiz9ukrWJOjUDIQx:rlZqx6xIw9vsOjUDIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30663238278c07fe44da537fe6d3547e73746184711dd656f43261ff00719d41_NeikiAnalytics.exe

Files

30663238278c07fe44da537fe6d3547e73746184711dd656f43261ff00719d41_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

4ad0382754064ccb2b34fed0e92849e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mmcshext.pdb

Imports

kernel32

lstrcpyW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
lstrcpynW
GetSystemDirectoryW
DisableThreadLibraryCalls
LoadLibraryExW
lstrcatW
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryA
WideCharToMultiByte
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
UnmapViewOfFile
GetFileSize
MapViewOfFile
CloseHandle
CreateFileMappingW
CreateFileW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
MultiByteToWideChar
Sleep
LocalFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExW
GetVersion
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GlobalFree
GetFileAttributesW

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
_CxxThrowException
wcsrchr
wcschr
_purecall
_wcsnicmp
??2@YAPAXI@Z
realloc
free
malloc
_except_handler3
__CxxFrameHandler
??3@YAXPAX@Z
_initterm
_callnewh

msvcp60

?nothrow@std@@3Unothrow_t@1@B
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

user32

DestroyIcon
CharPrevW
CharNextW
LoadImageW
CopyIcon
CopyImage

ole32

CLSIDFromString
StgOpenStorage
CreateStreamOnHGlobal
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysStringLen
VarUI4FromStr
RegisterTypeLi
SysFreeString
SysAllocString
LoadTypeLi

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW

hhsetup

??1CCollection@@QAE@XZ
??0CCollection@@QAE@XZ
?Open@CCollection@@QAEKPBG@Z
?Save@CCollection@@QAEKXZ
?Close@CCollection@@QAEKXZ
?RemoveCollection@CCollection@@QAEKH@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ad0382754064ccb2b34fed0e92849e3

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

msvcp60

user32

ole32

oleaut32

advapi32

hhsetup

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB