3b9ab7f50d285255b5ea8bb87cb352a60196a1b1a53787235ad641fb0971ecb6_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3b9ab7f50d285255b5ea8bb87cb352a60196a1b1a53787235ad641fb0971ecb6_NeikiAnalytics.exe
Size

248KB
MD5

3e12968224b53c060aa16bcd622eb950
SHA1

af90d6feaea70de19fa325da9fc3b43d300e361e
SHA256

3b9ab7f50d285255b5ea8bb87cb352a60196a1b1a53787235ad641fb0971ecb6
SHA512

283730924d7d5656ae8b80b24add2f25e73cf7fa81c7b018d567a81938ef1d8c6c61af400473644516ac6dea007a179b399cfe61d8470c6fd415cf7e3f09f161
SSDEEP

3072:PwKJ0hMBQM/FylqkjjjTCEswC1qJHqM/ycxMhyclfjfea2o:PlJ7Ql/qEsFiQE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b9ab7f50d285255b5ea8bb87cb352a60196a1b1a53787235ad641fb0971ecb6_NeikiAnalytics.exe

Files

3b9ab7f50d285255b5ea8bb87cb352a60196a1b1a53787235ad641fb0971ecb6_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

367a245d71ead6156997a9e4005d76dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
memmove

gdi32

SetBkColor
SetTextColor

user32

SetForegroundWindow
GetMenuItemID
GetMenuItemCount
GetKeyState
IsWindowVisible
DestroyIcon
SetCursor
LoadStringA
GetCursorPos
SetMenuDefaultItem
GetAsyncKeyState
EnableMenuItem
EndDialog
IsDlgButtonChecked
EnableWindow
CheckDlgButton
ShowWindow
SetFocus
GetDlgItem
UpdateWindow
GetClientRect
InflateRect
GetWindowRect
GetSystemMetrics
FindWindowExA
GetParent
GetSysColor
GetSysColorBrush
GetSubMenu
GetDesktopWindow
CharNextA

kernel32

SizeofResource
LockResource
LoadResource
LoadLibraryW
WriteFile
SetFileTime
RaiseException
CreateThread
CloseHandle
GetCurrentThreadId
GetVersionExA
IsBadReadPtr
GlobalAlloc
CompareFileTime
LocalFileTimeToFileTime
FormatMessageA
GetSystemTimeAsFileTime
SetEvent
WaitForSingleObject
GetTickCount
WaitForMultipleObjects
ExitThread
GlobalFree
GetSystemTime
SystemTimeToFileTime
GlobalSize
GlobalLock
GlobalUnlock
GetUserDefaultLCID
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
lstrlenA
lstrcatA
FreeLibrary
lstrcpyA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InterlockedExchange
DisableThreadLibraryCalls
InitializeCriticalSection
GetLastError
LocalFree
LocalAlloc
lstrcpynA
lstrcmpA
lstrcmpiA
FindClose
FileTimeToLocalFileTime
Sleep

ole32

CoCreateInstance
OleGetClipboard
OleSetClipboard
CoUninitialize
ReleaseStgMedium
StgCreateDocfile
OleUninitialize
OleInitialize
CreateBindCtx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
GetHGlobalFromStream

oleaut32

SetErrorInfo
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SafeArrayCreateVector
SysFreeString
VariantClear
VariantInit
SysAllocString

urlmon

FaultInIEFeature
CopyStgMedium
CreateURLMoniker

shlwapi

ord97
StrCatW
ord59
StrCatBuffW
StrCpyNW
SHGetValueW
SHSetValueW
wnsprintfW
ord95
ord136
ord143
ord122
ord124
ord140
ord87
StrCmpW
ord121
ord24
ord80
ord309
ord83
StrCmpIW
SHDeleteValueW
ord334
ord340
ord107
PathIsRootW
ord333
PathFileExistsW
ord50
ord141
ord94
ord216
ord218
ord132
StrCatBuffA
ord425
ord217
ord65
PathAppendW
ord394
ord52
ord57
ord338
PathIsDirectoryW
SHOpenRegStream2W
ord125
ord172
ord335
ord215
ord102
StrFormatByteSizeA
StrFormatByteSizeW
ord339
PathRemoveFileSpecW
ord426
ord428
ord106
PathFindFileNameW
ord341
ord336
PathFindExtensionA
ord355
PathFindExtensionW
StrChrW
UrlCombineW
AssocCreate
ord51
SHRegGetBoolUSValueW
ord342
SHGetThreadRef
ord72
ord313
ord40
ord103
ord68
wnsprintfA
ord278
StrCmpNA
StrStrIA
StrChrA
StrStrIW
ord176
ord444
ord437
ord174
ord234
ord337
StrToIntW
ord382
UrlEscapeW
UrlUnescapeW
ord354
ord292
ord302
ord71
SHStrDupW
PathIsUNCW
ord375
PathGetDriveNumberW
ord2
StrChrIW
StrDupW
SHRegisterValidateTemplate
StrCmpNIW
ord66
ord346
ord219

shdocvw

ord146
ord218
SHGetIDispatchForFolder

shell32

ord27
ord17
ord16
ord73
SHAddToRecentDocs
SHGetSpecialFolderLocation
ord89
ord26
ExtractIconA
ord195
ord18
ord25
ord67
SHGetDesktopFolder
ord152
ord196
ord174
ExtractAssociatedIconExW
ord155

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

367a245d71ead6156997a9e4005d76dc

Headers

File Characteristics

Imports

msvcrt

gdi32

user32

kernel32

ole32

oleaut32

urlmon

shlwapi

shdocvw

shell32

advapi32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 109KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 110KB - Virtual size: 109KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 8KB - Virtual size: 7KB