5c512f8de0b8bead05f3c8b12b18dce207aa826117686b725fc513d5e12ca971_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5c512f8de0b8bead05f3c8b12b18dce207aa826117686b725fc513d5e12ca971_NeikiAnalytics.exe
Size

216KB
MD5

b830853aa7ceca84d8e4ff6e5d07e8a0
SHA1

853708a9efc9f9299d91c1bf18d9968522021da2
SHA256

5c512f8de0b8bead05f3c8b12b18dce207aa826117686b725fc513d5e12ca971
SHA512

746baa06d6f1233a8183a911779e21b91f0ae8cb820aeae9d166e38630d100c80b965f37ba5674d471bf89d987e7168af5311d7de62b90fcd6138c5407f12120
SSDEEP

3072:alMOfik0PxaipM4RbSAksX0c1s5cYCmoNtihp79qBIUXBJyPc1gx9qLNo:EMOfKRt3u5eihp7Upyq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c512f8de0b8bead05f3c8b12b18dce207aa826117686b725fc513d5e12ca971_NeikiAnalytics.exe

Files

5c512f8de0b8bead05f3c8b12b18dce207aa826117686b725fc513d5e12ca971_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olethk32.pdb

Imports

msvcrt

_lock
__dllonexit
_unlock
_amsg_exit
_onexit
free
malloc
_XcptFilter
memcpy
_except_handler4_common
_initterm
memset

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
TlsAlloc
CompareStringW
lstrlenW
GetModuleFileNameW
TlsSetValue
LocalAlloc
LocalFree
TlsGetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
Sleep
WideCharToMultiByte
AreFileApisANSI
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MultiByteToWideChar
GetShortPathNameW
InterlockedExchange

gdi32

GetObjectType
DeleteMetaFile

user32

RegisterClipboardFormatW
CharPrevW
AttachThreadInput

ntvdm.exe

ExpLdt

wow32

WOWDirectedYield16
WOWYield16
WOWFreeMetafile
WOWGlobalUnlockFree16
WOWGlobalLock16
WOWGlobalAllocLock16
WOWGlobalFree16
WOWGlobalLockSize16
WOWGlobalUnlock16
CopyDropFilesFrom32
CopyDropFilesFrom16
WOWHandle16
WOWHandle32
WOWCallback16
WOWCallback16Ex
WOWGetVDMPointer

ole32

OleRegGetUserType
CoRevokeClassObject
CoRegisterClassObject
OleInitializeWOW
CoInitializeWOW
CoUninitialize
DllGetClassObjectWOW
ReadOleStg
WriteOleStg
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoDisconnectObject
CoLockObjectExternal
CoGetStandardMarshal
CoIsHandlerConnected
CoQueryReleaseObject
CoUnloadingWOW
OleSetMenuDescriptor
CoGetCallerTID
CoGetMalloc
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
UtConvertDvtd32toDvtd16
UtGetDvtd32Info
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleIsCurrentClipboard
SetConvertStg
GetConvertStg
OleSetAutoConvert
OleGetAutoConvert
OleDoAutoConvert
OleConvertOLESTREAMToIStorageEx
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
OleRegEnumVerbs
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleCreateEmbeddingHelper
OleCreateDefaultHandler
CreateOleAdviseHolder
OleLockRunning
OleIsRunning
OleRun
OleDraw
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleNoteObjectVisible
OleSetContainedObject
OleSaveToStream
OleLoadFromStream
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateLink
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
OleQueryCreateFromData
OleQueryLinkFromData
OleUninitialize
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStm
ReadClassStm
WriteClassStg
ReadClassStg
GetRunningObjectTable
CreatePointerMoniker
CreateAntiMoniker
CreateItemMoniker
CreateFileMoniker
GetClassFile
CreateGenericComposite
CreateBindCtx
MonikerCommonPrefixWith
MonikerRelativePathTo
MkParseDisplayName
BindMoniker
CreateDataCache
CreateDataAdviseHolder
StgSetTimes
StgIsStorageILockBytes
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfileOnILockBytes
StgCreateDocfile
CoTreatAsClass
CoGetTreatAsClass
CoRegisterMessageFilter
CoFileTimeNow
CoDosDateTimeToFileTime
CoFileTimeToDosDateTime
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
CoIsOle1Class
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoFreeAllLibraries

Exports

Exports

CSm16ReleaseHandler_Release32
CallbackProcessing_3216
ConvertHr1632Thunk
ConvertHr3216Thunk
ConvertObjDescriptor
IUnknownObj32
IntOpInitialize
IntOpUninitialize
InvokeOn32
ThkAddAppCompatFlag
ThkMgrInitialize
ThkMgrUninitialize
TransformHRESULT_1632
TransformHRESULT_3216

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

ntvdm.exe

wow32

ole32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 67KB - Virtual size: 66KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB