4dfb73ae5000ffd545d51e29a357ef9b9151d0423f0434909596e1623a129dc5_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4dfb73ae5000ffd545d51e29a357ef9b9151d0423f0434909596e1623a129dc5_NeikiAnalytics.exe
Size

111KB
MD5

afefc7408b17fe09a8cf00bbe7e71250
SHA1

b6312ebf71ab1e1cb68302a36866dc67c1f63a2b
SHA256

4dfb73ae5000ffd545d51e29a357ef9b9151d0423f0434909596e1623a129dc5
SHA512

49752605f9a3505531b4b04682e0c6588bc0af1b912599eabb564c2c4314115bab0ce6947b5d2ee4aed2077c93a740336f937696e1c2a6376c380673746f30ac
SSDEEP

1536:oGqbIOwzzj7oTzyGLhzkSXA91NlMAdqE+tKxv/W4ZQYOxthhMvOtUvugrng7gG7k:ovbbwvEdID+AdlwwHBQYWhYOtKM0Mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dfb73ae5000ffd545d51e29a357ef9b9151d0423f0434909596e1623a129dc5_NeikiAnalytics.exe

Files

4dfb73ae5000ffd545d51e29a357ef9b9151d0423f0434909596e1623a129dc5_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

2612456614f7729db72ff9caf32bbe68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\sandbox\20101020_104113\pmp_p4s\Release\pmp_p4s.pdb

Imports

kernel32

QueueUserAPC
InitializeCriticalSection
CloseHandle
WaitForSingleObject
CreateEventW
GetCurrentThread
GetVersionExW
WideCharToMultiByte
FindClose
FindFirstFileW
lstrcpynW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
InterlockedExchange
GetProcAddress
GetModuleHandleW
GetVersionExA
DeviceIoControl
SleepEx
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeEnvironmentStringsA
SetEvent
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
IsDebuggerPresent

user32

wsprintfA
SendMessageW
wsprintfW

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

ole32

PropVariantClear
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitialize
CoCreateInstance

tataki

??1DCCanvas@@UAE@XZ
??0SkinBitmap@@QAE@PAKHH_N@Z
??0BltCanvas@@QAE@HHPAUHWND__@@H@Z
?stretch@SkinBitmap@@QAEXPAVifc_canvas@@HHHH@Z
?getBits@BltCanvas@@QAEPAXXZ
??1BltCanvas@@UAE@XZ
??1SkinBitmap@@QAE@XZ
Init
Quit
??0DCCanvas@@QAE@PAUHDC__@@PAVBaseWnd@@@Z

msvcr90

wcscmp
?terminate@@YAXXZ
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_crt_debugger_hook
_decode_pointer
__clean_type_info_names_internal
free
realloc
memcpy
wcsstr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
malloc
memset
wcslen
_wcsicmp
wcscpy
calloc
_wcsdup
memcmp
wcschr
wcsrchr
_difftime64
_purecall
_mktime64
_onexit
bsearch
fclose
ftell
fseek
fopen
_localtime64
_wcsnicmp
iswalnum
qsort
_wtoi
_wunlink
wcscat
_unlock
__dllonexit
_encode_pointer
_lock
?_type_info_dtor_internal_method@type_info@@QAEXXZ

Exports

Exports

winampGetPMPDevicePlugin
winampUninstallPlugin

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2612456614f7729db72ff9caf32bbe68

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

tataki

msvcr90

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB