1edb8ea8e2f679519efad9697f0796702b3c806034b2abe01405f0b9cc94551d_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1edb8ea8e2f679519efad9697f0796702b3c806034b2abe01405f0b9cc94551d_NeikiAnalytics.exe
Size

1.5MB
MD5

6290159b875638663ffd516b94ad7cc0
SHA1

cc4a0606180fe4ad7241fa31cbdf805e6390537e
SHA256

1edb8ea8e2f679519efad9697f0796702b3c806034b2abe01405f0b9cc94551d
SHA512

15aef611253aff9d9dc83da8746dab1b497f5fb433ead37faff1dc0653ce8967c480b7971e2fd56fc348020ab1e7cc710865c4c5af03dbd0fef39846f001423a
SSDEEP

24576:MJFaU7NXgkn6wcW8mF9P9MG1q/j7h3QvyvM0W7439KQ9l2oWIoWIoWoJ:gFngkn6mGh+aW743YQ99WRWRWoJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1edb8ea8e2f679519efad9697f0796702b3c806034b2abe01405f0b9cc94551d_NeikiAnalytics.exe

Files

1edb8ea8e2f679519efad9697f0796702b3c806034b2abe01405f0b9cc94551d_NeikiAnalytics.exe
.dll regsvr32 windows:10 windows x86 arch:x86

a750f692885eb16e04784cec5f1bc806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PhotoViewer.pdb

Imports

msvcrt

memcpy_s
??1type_info@@UAE@XZ
strchr
towlower
wcschr
wcspbrk
wcstol
wcstok
_wcslwr_s
wcscspn
wcsspn
_wtoi
strncpy_s
_beginthreadex
_wcsicmp
_vscwprintf
vswprintf_s
memmove
swprintf_s
_wcsupr_s
wcsstr
_vsnwprintf
_vsnprintf
rand
time
srand
wcsrchr
_CxxThrowException
__CxxFrameHandler3
_ftol2
_ftol2_sse
ceil
memcmp
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
calloc
memmove_s
memset
_purecall
wcscat_s
wcscpy_s
free
malloc
wcsncpy_s
_CIpow
memcpy

kernel32

CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
DisableThreadLibraryCalls
GetCurrentThreadId
MultiByteToWideChar
RaiseException
lstrcmpiW
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
GetLastError
GetProcAddress
GetModuleHandleW
GetModuleHandleA
AcquireSRWLockShared
InitializeSRWLock
SetEvent
CreateFileW
SystemTimeToFileTime
ReleaseSemaphore
GetSystemTime
CreateThread
FindResourceW
CreateFileMappingW
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
SetFileTime
GetFileTime
FileTimeToDosDateTime
GetLocalTime
GetTempFileNameW
GetTempPathW
MoveFileExW
GetFullPathNameW
GlobalAlloc
GlobalFree
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
CreateSemaphoreW
CreateEventW
GetExitCodeThread
TerminateProcess
InterlockedPushEntrySList
DecodePointer
VirtualAlloc
FlushInstructionCache
IsProcessorFeaturePresent
InterlockedPopEntrySList
VirtualFree
EncodePointer
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
GetProcessHeap
GetModuleHandleExW
HeapFree
HeapAlloc
GetUserDefaultUILanguage
EnumUILanguagesW
GetLocaleInfoW
CompareStringOrdinal
GetSystemDirectoryW
LocalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
CopyFileW
LocalFree
CreateDirectoryW
MulDiv
SetThreadExecutionState
lstrlenW
GetVersionExW
GetFileAttributesExW
InitOnceComplete
InitOnceBeginInitialize
PulseEvent
WaitForMultipleObjects
GlobalMemoryStatusEx
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CreateMutexW
LoadLibraryA

advapi32

RegQueryValueExW
TraceEvent
DuplicateEncryptionInfoFile
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey

user32

GetWindow
GetForegroundWindow
GetClassLongW
GetSysColorBrush
NotifyWinEvent
GetNextDlgTabItem
SetRect
AdjustWindowRectEx
MonitorFromRect
SetWindowLongW
CreateWindowExW
GetWindowTextW
GetWindowTextLengthW
TrackMouseEvent
LoadCursorW
EnumChildWindows
ChildWindowFromPointEx
OffsetRect
EnumDisplayMonitors
IntersectRect
MessageBoxW
GetProcessDefaultLayout
MoveWindow
SetRectEmpty
GetAncestor
RegisterClipboardFormatW
InsertMenuW
EnableMenuItem
SetMenuItemInfoW
GetMenuItemID
InflateRect
EndMenu
CallNextHookEx
GetDlgCtrlID
UnhookWindowsHookEx
ClientToScreen
SetWindowsHookExW
SetMenuInfo
EnumDisplaySettingsW
EnumDisplayDevicesW
LoadMenuW
ShowCursor
LoadAcceleratorsW
SetMenu
GetCursor
CallWindowProcW
AnimateWindow
TranslateAcceleratorW
IsDialogMessageW
LoadImageW
LoadIconW
GetMessageW
RemoveMenu
AppendMenuW
MessageBeep
SetWindowPos
LoadStringA
LoadStringW
DestroyMenu
TrackPopupMenuEx
CreatePopupMenu
PtInRect
GetMessagePos
GetMenuItemInfoW
GetMenuItemCount
InsertMenuItemW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
IsRectEmpty
WindowFromPoint
GetCursorPos
CloseGestureInfoHandle
GetGestureInfo
SetGestureConfig
ScreenToClient
ReleaseCapture
GetCapture
SetCursor
SetCapture
SetWindowTextW
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSysColor
DeferWindowPos
GetParent
MapWindowPoints
KillTimer
UpdateWindow
InvalidateRect
FillRect
SetTimer
SetForegroundWindow
GetSystemMetrics
DeleteMenu
GetSubMenu
GetKeyState
IsChild
SetWindowPlacement
GetWindowPlacement
GetClassInfoExW
RegisterClassExW
PostMessageW
DefWindowProcW
IsWindowVisible
IsWindowEnabled
GetFocus
ShowWindow
EnableWindow
GetActiveWindow
GetMonitorInfoW
PostThreadMessageW
GetWindowLongW
WindowFromDC
GetNextDlgGroupItem
SystemParametersInfoW
GetClientRect
GetWindowRect
EndDeferWindowPos
UnregisterClassA
DestroyWindow
CharNextW
MonitorFromPoint
SetFocus
IsIconic
IsZoomed
PostQuitMessage
SendMessageW
BeginDeferWindowPos
IsWindow

oleaut32

VariantCopy
SysStringLen
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
SysAllocStringLen

ole32

CoRegisterClassObject
CoAllowSetForegroundWindow
CoInitializeEx
CLSIDFromString
ReleaseStgMedium
PropVariantClear
OleSetClipboard
CoLockObjectExternal
OleFlushClipboard
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CreateBindCtx
OleUninitialize
OleInitialize
CoInitialize
OleGetClipboard
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoRevokeClassObject

shell32

SHCreateItemFromParsingName
SHChangeNotifySuspendResume
ord28
ord750
ord71
Shell_GetCachedImageIndexW
SHBindToObject
SHGetFileInfoW
SHParseDisplayName
SHBindToParent
ord100
SHOpenWithDialog
SHGetPropertyStoreForWindow
SHOpenFolderAndSelectItems
ord2
ord645
ord644
ord4
SHChangeNotify
SHCreateShellItemArrayFromDataObject
ord17
SHGetInstanceExplorer
SHAddToRecentDocs
SHGetIDListFromObject
SHGetItemFromDataObject
ord102
ord155
SHCreateItemWithParent
SHGetSpecialFolderPathW
SHCreateItemFromIDList
ord162

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

d3d9

Direct3DCreate9

oleacc

CreateStdAccessibleProxyW
AccessibleObjectFromWindow
LresultFromObject

shlwapi

PathFileExistsW
ord215
ord174
SHStrDupW
PathIsRootW
PathIsRelativeW
PathRenameExtensionW
PathIsDirectoryW
PathRemoveExtensionW
PathFindExtensionW
ord176
StrChrW
ord388
ord16
SHReleaseThreadRef
SHCreateStreamOnFileEx
ord157
PathRemoveFileSpecW
PathAppendW
PathAddBackslashW
PathFindFileNameW
PathMatchSpecW

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

efswrt

EnterpriseDataGetStatus

gdiplus

GdipGetStringFormatAlign
GdipGetFontHeight
GdipFillPolygonI
GdipSetInterpolationMode
GdipDeleteFont
GdipSetStringFormatHotkeyPrefix
GdipCreateLineBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetStringFormatTrimming
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetPixelOffsetMode
GdipGetPixelOffsetMode
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatDigitSubstitution
GdipMultiplyWorldTransform
GdipCreateMatrix2
GdipSetWorldTransform
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetSolidFillColor
GdipSetPageUnit
GdipGetPageUnit
GdipDrawImageRectRect
GdipSetTextureTransform
GdipTranslateMatrix
GdipCreateTexture2
GdipDrawLineI
GdipSetPenMode
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterPoint
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
GdipStartPathFigure
GdipCreatePath
GdipSetLineSigmaBlend
GdipSetClipRegion
GdipGetClip
GdipDeleteRegion
GdipGetMatrixElements
GdipGetClipBoundsI
GdipCreateHBITMAPFromBitmap
GdipCreateHalftonePalette
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectI
GdipReleaseDC
GdipGetDC
GdipGetWorldTransform
GdipDeleteMatrix
GdipCreateMatrix
GdipTranslateWorldTransform
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipDeletePath
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawImageRectRectI
GdipFillPath
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipGetDpiY
GdipGetDpiX
GdipCreateFromHWND
GdipDeleteGraphics
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDrawImagePointsRectI
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFillRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipFillRectangle
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipCreateRegion
GdipSetRenderingOrigin
GdipGetImagePixelFormat
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawPath
GdipSetClipHrgn
GdipCreateBitmapFromStream
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCloneBrush
GdipSetClipRectI
GdipDrawRectangleI
GdipCreatePen2
GdipCreateHatchBrush
GdipMeasureString

gdi32

CreateRectRgnIndirect
CreateRectRgn
SetGraphicsMode
GetWorldTransform
CombineTransform
ModifyWorldTransform
SetWorldTransform
SetLayout
CreateSolidBrush
PatBlt
CreateDIBSection
ExtTextOutW
SetBkColor
CreateCompatibleDC
GetObjectA
BitBlt
SelectPalette
RealizePalette
GetDIBits
GetObjectW
DeleteObject
GetDeviceCaps
GetClipRgn
OffsetRgn
GetRegionData
ExtCreateRegion
DeleteDC
GetStockObject
GetLayout
SelectObject
SetDIBitsToDevice

uxtheme

IsAppThemed
CloseThemeData
OpenThemeData
GetThemeColor

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

propsys

PropVariantToUInt32

windowscodecs

WICConvertBitmapSource
WICMapGuidToShortName

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ImageView_COMServerW
ImageView_FullscreenW
imageview_fullscreenW

Sections

.text
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 937KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a750f692885eb16e04784cec5f1bc806

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

oleaut32

ole32

shell32

dwmapi

d3d9

oleacc

shlwapi

api-ms-win-shcore-scaling-l1-1-1

efswrt

gdiplus

gdi32

uxtheme

version

wtsapi32

propsys

windowscodecs

Exports

Exports

Sections

.text Size: 594KB - Virtual size: 594KB

.data Size: 4KB - Virtual size: 7KB

.idata Size: 15KB - Virtual size: 15KB

.didat Size: 512B - Virtual size: 92B

.rsrc Size: 937KB - Virtual size: 936KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 594KB - Virtual size: 594KB

.data
Size: 4KB - Virtual size: 7KB

.idata
Size: 15KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 92B

.rsrc
Size: 937KB - Virtual size: 936KB

.reloc
Size: 34KB - Virtual size: 34KB