2bd3d747cdfef2fa8f2289cd05f1387ac497192d9bd5ca7e7e73d8b88097eaa7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2bd3d747cdfef2fa8f2289cd05f1387ac497192d9bd5ca7e7e73d8b88097eaa7_NeikiAnalytics.exe
Size

764KB
MD5

fa0171d73bdcdd76f5e49c526b90b390
SHA1

8fb322eb1149b72b60c0fb1c64e0c42942c0ddb3
SHA256

2bd3d747cdfef2fa8f2289cd05f1387ac497192d9bd5ca7e7e73d8b88097eaa7
SHA512

19923fcca61250006ba3203373a8fd2d3067ef82823439521da50f08f9628592e06534bff287b8f52530adedab35002e0a4fe26f1ac487e0d23b3059fea60a6b
SSDEEP

12288:qk5zIEyxsgwdDpTpUBziIPWEda/u2uSWTkRk4PhBZiVv:H5zIE7LvURihmaG2uSs8BZit

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bd3d747cdfef2fa8f2289cd05f1387ac497192d9bd5ca7e7e73d8b88097eaa7_NeikiAnalytics.exe

Files

2bd3d747cdfef2fa8f2289cd05f1387ac497192d9bd5ca7e7e73d8b88097eaa7_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

a76734f1a8b6953c65a52c746f1360d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Titan_FP_SP3_REL\win32_x86\release\pdb\Install\CustAct1.pdb

Imports

msi

ord114
ord120
ord148
ord31
ord20
ord164
ord91
ord144
ord158
ord159
ord121
ord160
ord67
ord89
ord79
ord194
ord170
ord73
ord138
ord116
ord33
ord140
ord143
ord117
ord166
ord25
ord146
ord50
ord122
ord115
ord17
ord124
ord49
ord8
ord64
ord57
ord110
ord46
ord103
ord77

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
UrlUnescapeA
PathFileExistsA
PathRemoveBackslashA
PathAddBackslashA
PathIsUNCA

kernel32

GlobalSize
GlobalFree
GetModuleHandleA
lstrcmpA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
GlobalAddAtomA
MoveFileA
GetThreadLocale
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetVolumeInformationA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GlobalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
InterlockedIncrement
GlobalGetAtomNameA
GetAtomNameA
SystemTimeToFileTime
GetCurrentDirectoryA
GlobalFlags
lstrcmpW
GlobalFindAtomA
FreeResource
LocalFileTimeToFileTime
SetFileTime
GetFileTime
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
ExitProcess
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetStdHandle
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalLock
GlobalUnlock
MulDiv
OpenProcess
TerminateProcess
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
GetCurrentProcess
DuplicateHandle
CreateProcessA
GetExitCodeProcess
PeekNamedPipe
ReadFile
CreatePipe
GetUserDefaultLCID
lstrcpynA
GetSystemDefaultLangID
SearchPathA
GetSystemInfo
GetShortPathNameA
SetFileAttributesA
RemoveDirectoryA
GetModuleFileNameA
GetLocaleInfoA
GetPrivateProfileStringA
FindFirstFileA
CreateDirectoryA
FindNextFileA
FindClose
GetTempPathA
CopyFileA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetComputerNameA
GetFileAttributesA
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcessId
FormatMessageA
LocalAlloc
LocalFree
GetPrivateProfileIntA
WritePrivateProfileStringA
GetVersionExA
lstrlenW
lstrlenA
Sleep
MultiByteToWideChar
GetTempFileNameA
GetProcAddress
LoadLibraryA
CreateFileA
WriteFile
CloseHandle
DeleteFileA
GetLastError
FreeLibrary
ExpandEnvironmentStringsA
SetLastError
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
LocalUnlock
LocalLock
MoveFileExA
GetSystemDirectoryA
InterlockedDecrement

user32

DestroyIcon
InflateRect
GetMenuItemInfoA
DestroyMenu
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDialogBaseUnits
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
CopyRect
wsprintfA
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
EndPaint
BeginPaint
GetWindowDC
ScrollWindowEx
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DeleteMenu
GetWindowTextLengthA
GetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
GetDesktopWindow
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
CharUpperW
CharUpperA
CharLowerW
GetSystemMetrics
IsCharLowerA
IsCharUpperA
IsCharAlphaNumericA
IsCharAlphaA
EnumWindows
GetFocus
IsWindowVisible
GetWindowThreadProcessId
CharLowerA
MessageBoxA
SendMessageTimeoutA
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
ClientToScreen
SetPropA
ValidateRect
GetScrollInfo

gdi32

GetClipRgn
CreateRectRgn
SelectClipPath
GetObjectA
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
SelectClipRgn
DeleteObject
SetColorAdjustment
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
SetArcDirection
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateFontIndirectA
GetTextExtentPoint32A
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsA
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCA
CopyMetaFileA
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetStockObject
GetDeviceCaps
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyA
EnumServicesStatusA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
ControlService
DeleteService
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfigA
UnlockServiceDatabase
QueryServiceConfigA
RegSetKeySecurity
GetSecurityDescriptorDacl
RegGetKeySecurity
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegSetValueA
RegQueryValueA
RegCreateKeyA

shell32

ExtractIconA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHCreateDirectoryExA
SHFileOperationA
SHGetMalloc
SHGetFileInfoA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg

oleaut32

SafeArrayGetElemsize
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayGetDim
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
VariantInit
SafeArrayCreate
SysFreeString
VariantClear
SafeArrayRedim
VariantChangeType
SafeArrayDestroyDescriptor
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysStringLen

odbc32

ord75
ord41
ord45
ord9
ord31
ord24

wininet

GopherGetAttributeA
HttpEndRequestA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetCloseHandle
HttpOpenRequestA
InternetOpenUrlA
GopherOpenFileA
InternetConnectA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
InternetSetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpSendRequestExA

Exports

Exports

BOBJConditionEval
BOBJFeatureLocator
BOBJFeatureUpdate
BOBJUnzip
BrowseForCEInstaller
CheckMDAC25Installed
CheckMDACInstalled
CheckNotesSQL
CheckSQLInstalled
CheckScriptHost
CleanupOldVirtualDirs
CommitWindowsSettings
CreateInetShortcuts
CrystalRedirection
DeferredRemoveFile
DeleteBetaSIAServices
DeleteSIAServices
DetectCEDatabaseFile
DetectWantedProperties
DetectWantedSoftware
FindUpgradableApp
FixRegistry
GetDefaultJVMRuntimeLib
GetMachineName
GetNotesPath
GetNumberOfProcessors
GetPid
InstallPubWizAs
InstallRedist
IsValidConnPort
LaunchJavaAdminPortal
MsiGETASPNETVersion
MsiInstantiateFile
MsiMergeFiles
MsiPrepWebConfigFile
MsiRunCmdlineSilent
MsiUnMergeFiles
OEMZipCopy
OEMZipRegWrite
RemoveExtraServers
RemoveExtraServersOldVersion
SetASPDotNetDllPath
SetCADNODE
SetDesktopLaunchpadDefaultFile
SetExcelAddinInstallRegName
SetExcelAddinUninstallRegName
SetODBCPath
SharepointPropertyUpdate
StartBOBJTomcatService
StartCMSService
StartMySQLService
StartSQLService
StopBOBJTomcatService
StopCMSService
StopMySQLService
StopSvrrestart
SuppressReboot
UninstallCypressLDAP
UpdateFeatureList
UpdateFeatureListRAS
UpdateSampleReportsURLs
ValidateNAMESERVER
WaitForCMSStarted
WaitForTomcatStarted

Sections

.text
Size: 564KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a76734f1a8b6953c65a52c746f1360d1

Headers

File Characteristics

PDB Paths

Imports

msi

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

ole32

oleaut32

odbc32

wininet

Exports

Exports

Sections

.text Size: 564KB - Virtual size: 562KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 24KB - Virtual size: 37KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 564KB - Virtual size: 562KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 24KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB