2bb704a32aad567580ecfd4f568a964f1d002d925e6d8bf2641074adc1819f2f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2bb704a32aad567580ecfd4f568a964f1d002d925e6d8bf2641074adc1819f2f_NeikiAnalytics.exe
Size

216KB
MD5

f68efdf08994ae0523cd659ec9a05790
SHA1

811042de8a4343a7c415d259de76cbfcee66c84c
SHA256

2bb704a32aad567580ecfd4f568a964f1d002d925e6d8bf2641074adc1819f2f
SHA512

2054cca3ed166b962894122158ea7ff191d9d583cc18ce99f1d078775af78cea9835923cadd0134234961bacaf49a2538ed8516f2d75538f3b47866b82266d39
SSDEEP

3072:alTOvqy0PxaipURsRbSQUYHKFtYCmoaFihpyt79IUXBJP+cu+ZjeUs:ETOvciC5csihpyZZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bb704a32aad567580ecfd4f568a964f1d002d925e6d8bf2641074adc1819f2f_NeikiAnalytics.exe

Files

2bb704a32aad567580ecfd4f568a964f1d002d925e6d8bf2641074adc1819f2f_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olethk32.pdb

Imports

msvcrt

_lock
__dllonexit
_unlock
_amsg_exit
_onexit
free
malloc
_XcptFilter
memcpy
_except_handler4_common
_initterm
memset

kernel32

GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
TlsAlloc
CompareStringW
lstrlenW
GetModuleFileNameW
TlsSetValue
LocalAlloc
LocalFree
TlsGetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
Sleep
WideCharToMultiByte
AreFileApisANSI
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MultiByteToWideChar
GetShortPathNameW
InterlockedExchange

gdi32

GetObjectType
DeleteMetaFile

user32

RegisterClipboardFormatW
CharPrevW
AttachThreadInput

ntvdm.exe

ExpLdt

wow32

WOWDirectedYield16
WOWYield16
WOWFreeMetafile
WOWGlobalUnlockFree16
WOWGlobalLock16
WOWGlobalAllocLock16
WOWGlobalFree16
WOWGlobalLockSize16
WOWGlobalUnlock16
CopyDropFilesFrom32
CopyDropFilesFrom16
WOWHandle16
WOWHandle32
WOWCallback16
WOWCallback16Ex
WOWGetVDMPointer

ole32

OleRegGetUserType
CoRevokeClassObject
CoRegisterClassObject
OleInitializeWOW
CoInitializeWOW
CoUninitialize
DllGetClassObjectWOW
ReadOleStg
WriteOleStg
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoDisconnectObject
CoLockObjectExternal
CoGetStandardMarshal
CoIsHandlerConnected
CoQueryReleaseObject
CoUnloadingWOW
OleSetMenuDescriptor
CoGetCallerTID
CoGetMalloc
UtConvertDvtd16toDvtd32
UtGetDvtd16Info
UtConvertDvtd32toDvtd16
UtGetDvtd32Info
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleIsCurrentClipboard
SetConvertStg
GetConvertStg
OleSetAutoConvert
OleGetAutoConvert
OleDoAutoConvert
OleConvertOLESTREAMToIStorageEx
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertIStorageToOLESTREAM
OleRegEnumVerbs
OleRegEnumFormatEtc
OleRegGetMiscStatus
OleCreateEmbeddingHelper
OleCreateDefaultHandler
CreateOleAdviseHolder
OleLockRunning
OleIsRunning
OleRun
OleDraw
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleNoteObjectVisible
OleSetContainedObject
OleSaveToStream
OleLoadFromStream
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateLink
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
OleQueryCreateFromData
OleQueryLinkFromData
OleUninitialize
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStm
ReadClassStm
WriteClassStg
ReadClassStg
GetRunningObjectTable
CreatePointerMoniker
CreateAntiMoniker
CreateItemMoniker
CreateFileMoniker
GetClassFile
CreateGenericComposite
CreateBindCtx
MonikerCommonPrefixWith
MonikerRelativePathTo
MkParseDisplayName
BindMoniker
CreateDataCache
CreateDataAdviseHolder
StgSetTimes
StgIsStorageILockBytes
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfileOnILockBytes
StgCreateDocfile
CoTreatAsClass
CoGetTreatAsClass
CoRegisterMessageFilter
CoFileTimeNow
CoDosDateTimeToFileTime
CoFileTimeToDosDateTime
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
CoIsOle1Class
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoFreeAllLibraries

Exports

Exports

CSm16ReleaseHandler_Release32
CallbackProcessing_3216
ConvertHr1632Thunk
ConvertHr3216Thunk
ConvertObjDescriptor
IUnknownObj32
IntOpInitialize
IntOpUninitialize
InvokeOn32
ThkAddAppCompatFlag
ThkMgrInitialize
ThkMgrUninitialize
TransformHRESULT_1632
TransformHRESULT_3216

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac50ea0bea4c6129f487450fdcdbc96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

ntvdm.exe

wow32

ole32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 67KB - Virtual size: 66KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB