5087cff0ee72c6b428d616fdd1ecbeb5d3b8bf3eb932f4f329bbb8a87e21d0da_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5087cff0ee72c6b428d616fdd1ecbeb5d3b8bf3eb932f4f329bbb8a87e21d0da_NeikiAnalytics.exe
Size

1.3MB
MD5

1f0aeeb5ed73d1cf99cc7e0eac698b10
SHA1

c93a3b6d19d8650012e716e1b7e85e1f670493df
SHA256

5087cff0ee72c6b428d616fdd1ecbeb5d3b8bf3eb932f4f329bbb8a87e21d0da
SHA512

b520e748505d3ce245b896ac5df6fac245986f42007ceb7bff65d875203afac7d05dbd365cd636cadf570fb92ef72ec388f7cd615cf117ca3d2fa7979bd9e33f
SSDEEP

24576:94ahOtdJajGUDk/bS/3EnuIoowjVGtpLKkUs:9FhOtdJajZDk/9OVGtpWo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5087cff0ee72c6b428d616fdd1ecbeb5d3b8bf3eb932f4f329bbb8a87e21d0da_NeikiAnalytics.exe

Files

5087cff0ee72c6b428d616fdd1ecbeb5d3b8bf3eb932f4f329bbb8a87e21d0da_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

acbb4d7d64029e41bc650e56a886ab5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\build\ob\bora-1427931\mojo\vdi\build\release\install\InstUtil\x64\vdmServerInstUtil.pdb

Imports

ws2_32

WSACleanup
socket
WSAStartup
inet_ntoa
WSAGetLastError
gethostbyname
freeaddrinfo
getaddrinfo
connect
inet_addr
bind
htons
closesocket

kernel32

CopyFileA
MoveFileExW
FindNextFileW
FindClose
FindFirstFileW
RemoveDirectoryW
ExpandEnvironmentStringsA
DeleteFileA
SetFileAttributesA
LoadLibraryExA
CreateDirectoryA
FindFirstFileA
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
CreateFileA
GetTempPathA
GetModuleFileNameA
OpenProcess
FindNextFileA
GetCurrentThread
GetFileAttributesW
GetSystemDirectoryA
GetDiskFreeSpaceExW
GlobalFree
GlobalAlloc
GetCurrentProcess
lstrlenW
WriteFile
FormatMessageA
SetLastError
SetHandleInformation
CreatePipe
ReadFile
SetFilePointer
WriteConsoleA
CreateFileW
HeapSize
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetCurrentDirectoryW
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetWindowsDirectoryA
GetFileAttributesA
LocalAlloc
lstrcmpA
lstrlenA
GetModuleHandleW
LocalFree
LoadLibraryA
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetStdHandle
GetFileType
MultiByteToWideChar
GetVersion
GetCurrentThreadId
GetModuleHandleA
FindResourceA
SizeofResource
FormatMessageW
Sleep
DeleteFileW
WideCharToMultiByte
TerminateProcess
GetLastError
GetVersionExA
GetComputerNameExA
GetComputerNameExW
GetConsoleOutputCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
CompareStringA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
CreateProcessW
InitializeCriticalSection
LCMapStringW
LCMapStringA
DeleteCriticalSection
GetStartupInfoA
SetHandleCount
ExitProcess
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
DebugBreak
WriteConsoleW
GetTimeFormatA
GetDateFormatA
GetConsoleMode
GetConsoleCP
SetFileAttributesW
DuplicateHandle
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCommandLineA
FlsSetValue
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
HeapAlloc
HeapFree
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
SetCurrentDirectoryW

user32

LoadStringA
GetForegroundWindow
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
GetWindowTextW
FindWindowW
MessageBoxW

advapi32

RegEnumKeyA
ImpersonateLoggedOnUser
LogonUserW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
OpenProcessToken
GetTokenInformation
ConvertStringSidToSidW
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExA
OpenThreadToken
ImpersonateSelf
GetFileSecurityW
MapGenericMask
AccessCheck
RegEnumValueW
RegDeleteValueW
RevertToSelf
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

iphlpapi

GetAdaptersInfo

msi

ord138
ord158
ord118
ord117
ord17
ord8
ord64
ord171
ord48
ord144
ord145
ord73
ord74
ord120
ord160
ord159
ord31
ord49
ord103
ord124
ord121
ord125

netapi32

NetApiBufferFree
NetGetAnyDCName
DsGetDcNameW

setupapi

SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiGetINFClassA
SetupDiEnumDriverInfoA
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiBuildDriverInfoList
SetupDiGetDeviceInstanceIdA
SetupDiCreateDeviceInfoList
SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

wininet

InternetCrackUrlW

secur32

GetUserNameExW

fwpuclnt

IPsecSaDestroyEnumHandle0
IPsecSaEnum0
FwpmEngineClose0
FwpmEngineOpen0
FwpmFreeMemory0
IPsecSaCreateEnumHandle0

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore

wldap32

ord27
ord118
ord36
ord157
ord143
ord88
ord208
ord26
ord140
ord224
ord41
ord25
ord13
ord45
ord22

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

VMCeipCheck
VMCeipSaveOptions
VMCheckOSPreReqs
VMCheckSASDevice
VMConfigRsa
VMDeleteVMwareRegKey
VMGenerateApacheSSLCert
VMGenerateSSLKeys
VMSSCheckPairingMechanism
VMSSProcessPairedServerSettings
VMSSRemoveIPSecRules
VMSSValidatePairedServer
VMSSValidatePairedServerPassword
VMSSValidatePairedServerSettings
VMSetInitialAdminSID
VMSetMiscProperties
VMSetProductFeatures
VMValidateDataRecoveryPassword

Sections

.text
Size: 823KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acbb4d7d64029e41bc650e56a886ab5a

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

iphlpapi

msi

netapi32

setupapi

wininet

secur32

fwpuclnt

crypt32

wldap32

version

Exports

Exports

Sections

.text Size: 823KB - Virtual size: 822KB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 103KB - Virtual size: 123KB

.pdata Size: 53KB - Virtual size: 52KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 823KB - Virtual size: 822KB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 103KB - Virtual size: 123KB

.pdata
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 22KB - Virtual size: 22KB