439e154eb4990b551a9a617fa3f7ef3eae67c856cf08d47a4125deb3a0117522_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

439e154eb4990b551a9a617fa3f7ef3eae67c856cf08d47a4125deb3a0117522_NeikiAnalytics.exe
Size

92KB
MD5

56dc09c8c9986a4855135fb1c3f06880
SHA1

5431fd75c28a6ba15e967a2ce07fa30e5898562f
SHA256

439e154eb4990b551a9a617fa3f7ef3eae67c856cf08d47a4125deb3a0117522
SHA512

2d17c6312a3b77444d4403ea44c6bce7396b4038bd77a70169f6808f351e24c7d7011501e63f3f21d3f09b5672a7a611e6e2d3b03d1d883fd875970f5ed571d2
SSDEEP

1536:4KM4cLQdE4wnUJaPtGiqmnm6XhTEAodSnax:6LQpwnUc4Unm6XoMnax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
439e154eb4990b551a9a617fa3f7ef3eae67c856cf08d47a4125deb3a0117522_NeikiAnalytics.exe

Files

439e154eb4990b551a9a617fa3f7ef3eae67c856cf08d47a4125deb3a0117522_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

68caaa4929dab3100a8ffaa29ed5126f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Dell\デスクトップ\MC501CB_ExPrp_060808_Japanese\source\plugin\Release\Mv25U870Prp.pdb

Imports

kernel32

CreateThread
GetTickCount
lstrcmpiA
GetThreadPriority
SetThreadPriority
InterlockedExchange
lstrcmpiW
lstrcpyW
GetModuleHandleW
Sleep
FormatMessageA
GetCurrentThread
GetLastError
SetErrorMode
GetProcAddress
VirtualAlloc
CreateSemaphoreW
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
lstrcmpW
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
lstrlenW
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
InterlockedIncrement
FreeLibrary
InterlockedDecrement
LoadLibraryW
GetVersionExW
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
CloseHandle
CreateEventW
SetEvent
ResetEvent

user32

MessageBoxA
LoadStringA
SetDlgItemInt
SendMessageA
DispatchMessageW
GetQueueStatus
RegisterWindowMessageW
PostThreadMessageW
wvsprintfW
MsgWaitForMultipleObjects
GetDlgItem
SetWindowLongA
GetDlgItemInt
IsDlgButtonChecked
GetWindowLongA
CheckRadioButton
CheckDlgButton
EnableWindow
SetDlgItemTextA
wsprintfW
GetWindowLongW
SetWindowLongW
CreateDialogParamW
MoveWindow
InvalidateRect
ShowWindow
DestroyWindow
DefWindowProcW
LoadStringW
GetWindowRect
GetDesktopWindow
PeekMessageW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries

winmm

timeSetEvent
timeGetTime

msvcrt

_purecall
??2@YAPAXI@Z
wcsncat
wcslen
wcscpy
??3@YAXPAX@Z
sprintf

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68caaa4929dab3100a8ffaa29ed5126f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

winmm

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 354B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 354B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 2KB