28134608d0018e8b65ee00fa421fd8bde87231f77fd3e82b9d94981eac8a9040_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

28134608d0018e8b65ee00fa421fd8bde87231f77fd3e82b9d94981eac8a9040_NeikiAnalytics.exe
Size

944KB
MD5

ba7ace7a58957de2503f9eef21a2ebd0
SHA1

7e0a7ef43c6fc7934b878fb0bbe30023128957f3
SHA256

28134608d0018e8b65ee00fa421fd8bde87231f77fd3e82b9d94981eac8a9040
SHA512

e165744618de22ac47667a351355b2ff1cfc9fe10d28d432b0680055499a1f33d296557b69d899b31dd97bdfb03dff8461d8de6323f978bd5c53fd072390ed2b
SSDEEP

12288:7Gz0OvT4p6TFcYTd3aqJW2d1ai8Ngg1oZSeT1Y5jnPMKgmIJ:w0iZFcmdqqJn1ai86gx5bM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28134608d0018e8b65ee00fa421fd8bde87231f77fd3e82b9d94981eac8a9040_NeikiAnalytics.exe

Files

28134608d0018e8b65ee00fa421fd8bde87231f77fd3e82b9d94981eac8a9040_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

f9800ee57d7c67c033caa682c471c5ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\el\dec\target\x86\ship\misc_urlredirection\x-none\URLRedirection.pdb

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegEnumValueA
RegDeleteValueA
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueW
RevertToSelf
EventRegister
EventUnregister
OpenProcessToken
OpenThreadToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CreateWellKnownSid
EqualSid
EventWriteTransfer

kernel32

TlsAlloc
FlsAlloc
TlsGetValue
FlsGetValue
TlsSetValue
FlsSetValue
CompareStringEx
GetLocaleInfoEx
CloseHandle
ReleaseSemaphore
GetCurrentThreadId
WaitForSingleObjectEx
CreateEventExW
ResetEvent
SetEvent
MapViewOfFile
LCIDToLocaleName
LocaleNameToLCID
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
GetTickCount64
UnmapViewOfFile
LockResource
GetUserDefaultLocaleName
IsValidCodePage
WideCharToMultiByte
FileTimeToSystemTime
GetStringTypeExW
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
OpenProcess
GetCurrentProcessId
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
EnumSystemLocalesEx
GetSystemDefaultLocaleName
FlsFree
GetModuleHandleExW
GetVersionExW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LocalFree
GetLongPathNameW
TlsFree
GetLogicalProcessorInformationEx
CancelWaitableTimer
SetWaitableTimerEx
CreateWaitableTimerW
GetProcessAffinityMask
InterlockedPushEntrySList
QueryDepthSList
RtlCaptureStackBackTrace
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForMultipleObjectsEx
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
QueryPerformanceCounter
SetThreadLocale
GetThreadLocale
DisableThreadLibraryCalls
EncodePointer
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GlobalFree
CreateFileMappingA
OpenFileMappingA
CreateSemaphoreA
OpenSemaphoreA
CreateMutexA
OpenMutexA
CreateEventA
OpenEventA
lstrcmpiW
RaiseException
MultiByteToWideChar
GetLastError
InitializeCriticalSectionEx
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
DecodePointer
SetLastError
GetModuleHandleA
LoadLibraryExW
LoadLibraryW
IsDebuggerPresent
OutputDebugStringW
CreateEventW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetCurrentThread
GetQueuedCompletionStatus
Sleep
CreateThread
OutputDebugStringA
WaitForSingleObject
IsProcessorFeaturePresent
InterlockedPopEntrySList
ReleaseMutex
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
GetTickCount
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoUninitialize
CoInitializeEx
CoRevokeInitializeSpy
CoRegisterInitializeSpy
StringFromGUID2

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysAllocString

msohev

_PHevCreateFileInfoForAddons@4
_FHevAddToFileInfo@12
_FHevActivateApp@12
_HevDestroyFileInfo@4

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
memmove
_CxxThrowException
memcmp
memcpy
wcsrchr
__CxxFrameHandler3
wcschr
__std_type_info_compare
__std_terminate
wcsstr
__std_exception_destroy
_purecall
__std_exception_copy

msvcp140

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Incref@facet@locale@std@@UAEXXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Query_perf_counter
_Query_perf_frequency
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Thrd_id
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
_Thrd_sleep
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
?_Xbad_alloc@std@@YAXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

strnlen
wcscpy_s
_wcsicmp
wcstok_s
wcsncat_s
strcmp
wcscat_s
strncpy_s
wcscmp
wcsnlen
isdigit
_stricmp
towlower
wcsncpy_s
_towupper_l

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_recalloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_clearfp
_initterm
terminate
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_errno
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf

api-ms-win-crt-math-l1-1-0

_libm_sse2_exp_precise
_libm_sse2_log_precise
_except1

api-ms-win-crt-convert-l1-1-0

_wtoi
_i64tow_s

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char
_create_locale

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9800ee57d7c67c033caa682c471c5ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

oleaut32

msohev

vcruntime140

msvcp140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 20KB - Virtual size: 45KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 322KB - Virtual size: 324KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 20KB - Virtual size: 45KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 322KB - Virtual size: 324KB