201f23641dea4c94ecfffde5a52add4fae3af142507bdd54900ae1169283e9fd_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

201f23641dea4c94ecfffde5a52add4fae3af142507bdd54900ae1169283e9fd_NeikiAnalytics.exe
Size

1.2MB
MD5

c3dcd281500b403fa92199a27f7075b0
SHA1

3bc22286559c844e30ffaf1453c9499202f6b1bd
SHA256

201f23641dea4c94ecfffde5a52add4fae3af142507bdd54900ae1169283e9fd
SHA512

f73b94e0dc31ddcf12f96af896c7d424d4795f4722859e77cd17043b9c9cfa6dc52d5040e410e87cf3c956362a00bc658537f4511de0a83014f68d7d327af8aa
SSDEEP

12288:26ew/KJUo0XXn7UX14iXik8fNY1UMhonSkL1:iw/yKQFTXiFlhR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
201f23641dea4c94ecfffde5a52add4fae3af142507bdd54900ae1169283e9fd_NeikiAnalytics.exe

Files

201f23641dea4c94ecfffde5a52add4fae3af142507bdd54900ae1169283e9fd_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

b4a71eaac0a076b617e796182194c627

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

harmony10

FEAT_getFeatureList
INIT_setTimeout
INIT_monitorServer
JOBM_openSession
ATTR_openSession
ACCT_openSession
LOCL_openSession
SERVER_getInfo
SERVER_freeInfo
DEV_getInfo
DEV_freeInfo
JOBM_lockJobList
JOBM_unlockJobList
ACCT_getEventsWithSelectedAttributes
INIT_connectToNonStandardServer
DEV_getEventsEx
DEV_getCurrentEvents
JOBM_performAction
NB_registerCallback
ATTR_getAttributeKey
ATTR_freeKey
JOBM_getNumJobs
JOBM_getJobListWithSelectedAttributes
LOCL_getStringWithContext
LOCL_getString
ATTR_getAttributeValues
harmony_free
LOCL_closeSession
JOBM_closeSession
ATTR_closeSession
ACCT_closeSession
INIT_disconnectFromServer
NB_checkTicket
ATTR_getAttributeKeys
NB_block
JOBM_getFilteredEvents
NB_cancel
JOBM_getJobAttributes
NB_destroy

harmony_efi

EFIM_createBDP

netapi32

NetWkstaUserGetInfo
NetApiBufferFree

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

FileTimeToSystemTime
SystemTimeToFileTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCurrentDirectoryW
MoveFileW
DeleteFileW
GetStringTypeExW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
GetVolumeInformationW
GetFullPathNameW
TlsFree
GetShortPathNameW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
LocalUnlock
LocalLock
SetErrorMode
GetTempFileNameW
GetDiskFreeSpaceW
GetStartupInfoW
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalReAlloc
LocalAlloc
InterlockedIncrement
GlobalFlags
GetCurrentThread
lstrcmpiA
ConvertDefaultLocale
EnumResourceLanguagesW
GetVersion
GlobalGetAtomNameW
lstrcmpA
RaiseException
SuspendThread
SetThreadPriority
InterlockedDecrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
GetModuleHandleW
GetVersionExA
SetLastError
CopyFileW
GlobalSize
FormatMessageW
LocalFree
FreeResource
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
GetPrivateProfileStringW
CreateMutexW
GetCurrentProcessId
ResumeThread
GetTickCount
lstrlenW
SetCurrentDirectoryW
lstrcmpiW
GetComputerNameW
WideCharToMultiByte
lstrcpynW
lstrcmpW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateEventW
GetModuleFileNameW
MulDiv
ResetEvent
SetEvent
GetTempPathW
FindFirstFileW
GetLocaleInfoW
OpenMutexW
ReleaseMutex
GlobalHandle
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
lstrcpyW
ExpandEnvironmentStringsW
lstrcatW
GetCurrentProcess
CloseHandle
GetCurrentThreadId
GetLastError
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
Sleep
CreateFileA
CreateFileW

user32

DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
GetKeyNameTextW
MapVirtualKeyW
TranslateAcceleratorW
SetMenu
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
SetCursor
ReuseDDElParam
UnpackDDElParam
DestroyMenu
GetMenuItemInfoW
SystemParametersInfoW
WindowFromPoint
PostQuitMessage
ShowOwnedPopups
WaitMessage
GetDialogBaseUnits
GetSysColorBrush
IsRectEmpty
UnionRect
GetWindowThreadProcessId
CharUpperW
IsClipboardFormatAvailable
GetTabbedTextExtentW
GetDCEx
LockWindowUpdate
GetSystemMenu
SetParent
CheckMenuItem
GetMenuCheckMarkDimensions
ScrollWindowEx
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
WinHelpW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
UnregisterClassA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
TabbedTextOutW
ShowScrollBar
IsWindowVisible
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
RegisterClassW
UnregisterClassW
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
EndDialog
IsIconic
ShowWindow
DeleteMenu
GetKeyState
LoadStringW
ReleaseCapture
PtInRect
SetCapture
GetCapture
EnableMenuItem
SetRect
MessageBeep
GetMessageW
TranslateMessage
MessageBoxW
LoadCursorW
GetCursorPos
LoadImageW
GetSystemMetrics
PostThreadMessageW
SetForegroundWindow
SetActiveWindow
KillTimer
SetTimer
ReleaseDC
GetDC
IsZoomed
LoadMenuW
GetSubMenu
LoadBitmapW
OffsetRect
SetRectEmpty
PostMessageW
wsprintfW
GetThreadDesktop
GetUserObjectInformationW
GetSysColor
DestroyIcon
SendMessageW
LoadIconW
GetParent
InvalidateRect
UpdateWindow
GetClientRect
GetWindowRect
DrawIcon
FillRect
InflateRect
CopyRect
EnableWindow
ValidateRect
SetMenuItemBitmaps
GetScrollPos
ModifyMenuW
GetNextDlgTabItem
DispatchMessageW

gdi32

OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
DeleteObject
SelectClipRgn
GetClipRgn
CopyMetaFileW
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
IntersectClipRect
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32W
SetRectRgn
CombineRgn
SelectClipPath
GetMapMode
DPtoLP
GetTextMetricsW
StretchDIBits
GetCharWidthW
CreateFontW
GetBkColor
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
SetBrushOrgEx
CreateDCW
CreateRectRgn
CreatePatternBrush
GetTextColor
StretchBlt
FillRgn
CreatePolygonRgn
GetObjectW
CreateBitmap
CreatePen
GetStockObject
GetDeviceCaps
CreateDIBitmap
BitBlt
RealizePalette
CreateCompatibleDC
CreatePalette
CreateCompatibleBitmap
CreateFontIndirectW
GetPixel
GetWindowExtEx
PolyDraw
CreateSolidBrush
GetViewportExtEx

comdlg32

PrintDlgW
GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW
ReplaceTextW
FindTextW
CommDlgExtendedError

winspool.drv

OpenPrinterW
EnumPrintersW
ClosePrinter
DocumentPropertiesW
GetJobW
GetPrinterDriverW
EnumPortsW

advapi32

GetFileSecurityW
RegCreateKeyW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
LookupAccountNameW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
GetUserNameW
OpenProcessToken
GetTokenInformation
SetFileSecurityW

shell32

DragFinish
Shell_NotifyIconW
DragQueryFileW
ExtractIconW
SHGetFileInfoW

comctl32

ImageList_AddMasked
ord17
ord13
ImageList_Read
ImageList_Write
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Merge
ImageList_Draw
ImageList_GetImageInfo
InitCommonControlsEx

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathIsUNCW

ole32

CLSIDFromString
StringFromGUID2
CoCreateInstance
CoDisconnectObject
CoTreatAsClass
StringFromCLSID
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
ReleaseStgMedium

oleaut32

VarDecFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VariantCopy
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VarBstrFromDec
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VarDateFromStr
SysReAllocStringLen

ws2_32

WSAGetLastError
WSAAsyncSelect
recvfrom
sendto
connect
gethostbyname
recv
send
inet_addr
WSASetLastError
getpeername
ntohs
inet_ntoa
WSAStartup
WSACleanup
closesocket
htonl
htons
accept
socket
select
bind
getsockname

Sections

.text
Size: 580KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4a71eaac0a076b617e796182194c627

Headers

File Characteristics

Imports

harmony10

harmony_efi

netapi32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

Sections

.text Size: 580KB - Virtual size: 576KB

.rdata Size: 108KB - Virtual size: 105KB

.data Size: 20KB - Virtual size: 33KB

.idata Size: 20KB - Virtual size: 18KB

.didat Size: 4KB - Virtual size: 793B

.shr Size: 4KB - Virtual size: 260B

.rsrc Size: 520KB - Virtual size: 517KB

.text
Size: 580KB - Virtual size: 576KB

.rdata
Size: 108KB - Virtual size: 105KB

.data
Size: 20KB - Virtual size: 33KB

.idata
Size: 20KB - Virtual size: 18KB

.didat
Size: 4KB - Virtual size: 793B

.shr
Size: 4KB - Virtual size: 260B

.rsrc
Size: 520KB - Virtual size: 517KB