30f74affb662a6c1881f439836b9f61f1dd262519a00947d0363e3e146247347_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

30f74affb662a6c1881f439836b9f61f1dd262519a00947d0363e3e146247347_NeikiAnalytics.exe
Size

5.1MB
MD5

ae3c16209132253c42a15ca105e4d1c0
SHA1

5116feaca5eaa30588e5de032f3c7784c255727c
SHA256

30f74affb662a6c1881f439836b9f61f1dd262519a00947d0363e3e146247347
SHA512

46bd12d7c4709cda1b53204ce31409ecbb107a2e47d6e3115fe42f637737742400a9ca3a7ecc4a49062f832eb3e968372d2efebe0f641e361986c22a289a964a
SSDEEP

49152:qjcw+UKZ+4SUQFGWvKHzaoK6pwKsFb66/QugN1E2pyFp1kZ6tKypcOmqQKCZHh/L:ch1sp6pfGnBhvH+cYr3IMTyXV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f74affb662a6c1881f439836b9f61f1dd262519a00947d0363e3e146247347_NeikiAnalytics.exe

Files

30f74affb662a6c1881f439836b9f61f1dd262519a00947d0363e3e146247347_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

74420008afd0fdd414618e67947a57b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

imsdk.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

bcryptprimitives

ProcessPrng

advapi32

SystemFunction036

kernel32

DisableThreadLibraryCalls
IsProcessorFeaturePresent
TerminateProcess
InitializeSListHead
IsDebuggerPresent
DeleteCriticalSection
SwitchToThread
CloseHandle
CopyFileExW
GetLastError
DeleteFileW
GetTimeZoneInformationForYear
HeapFree
HeapReAlloc
GetSystemInfo
SetLastError
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
lstrlenW
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FindFirstFileW
FindClose
CreateThread
SetThreadStackGuarantee
QueryPerformanceCounter
GetSystemTimePreciseAsFileTime
HeapAlloc
GetProcessHeap
SetHandleInformation
PostQueuedCompletionStatus
SetFilePointerEx
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter

bcrypt

BCryptGenRandom

ws2_32

freeaddrinfo
getaddrinfo
getsockname
setsockopt
bind
recv
send
WSASocketW
WSASend
shutdown
WSAStartup
WSAIoctl
WSAGetLastError
getpeername
ioctlsocket
WSACleanup
connect
socket
closesocket
getsockopt

crypt32

CertDuplicateCertificateChain
CertDuplicateStore
CertFreeCertificateChain
CertFreeCertificateContext
CertOpenStore
CertDuplicateCertificateContext
CertCloseStore
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertGetCertificateChain
CertEnumCertificatesInStore

ntdll

NtReadFile
NtWriteFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile

secur32

AcceptSecurityContext
InitializeSecurityContextW
EncryptMessage
FreeContextBuffer
ApplyControlToken
AcquireCredentialsHandleA
QueryContextAttributesW
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle

vcruntime140

__CxxFrameHandler3
memset
memmove
memcmp
__std_type_info_destroy_list
__C_specific_handler
strrchr
memcpy

api-ms-win-crt-string-l1-1-0

strcspn
strlen
strncmp
strcmp
strspn

api-ms-win-crt-math-l1-1-0

fabs
log
_dclass
pow

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_endthreadex
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_execute_onexit_table

Exports

Exports

drop_dart_object
free_WireSyncReturn
free_zero_copy_buffer_f32
free_zero_copy_buffer_f64
free_zero_copy_buffer_i16
free_zero_copy_buffer_i32
free_zero_copy_buffer_i64
free_zero_copy_buffer_i8
free_zero_copy_buffer_u16
free_zero_copy_buffer_u32
free_zero_copy_buffer_u64
free_zero_copy_buffer_u8
get_dart_object
init_frb_dart_api_dl
new_StringList_0
new_box_autoadd_area_0
new_box_autoadd_attachment_0
new_box_autoadd_audio_message_0
new_box_autoadd_bool_0
new_box_autoadd_file_message_0
new_box_autoadd_i16_0
new_box_autoadd_i64_0
new_box_autoadd_image_message_0
new_box_autoadd_invite_message_0
new_box_autoadd_message_0
new_box_autoadd_sticker_message_0
new_box_autoadd_text_message_0
new_box_autoadd_u64_0
new_box_autoadd_user_0
new_box_autoadd_video_message_0
new_dart_opaque
new_list_mention_0
new_list_reaction_0
new_list_user_0
new_uint_8_list_0
store_dart_post_cobject
wire_add_session
wire_cancel_download
wire_cancel_upload
wire_check_attachment_exists
wire_check_latest_message
wire_close_session_voice
wire_create_area_message_coming
wire_create_attachment_status_changed
wire_create_base_stream
wire_create_data_base_status_change_stream
wire_create_error_stream
wire_create_log_stream
wire_create_message_coming
wire_create_message_list_changed
wire_create_message_status_changed
wire_create_message_track_stream
wire_create_message_unread_changed_stream
wire_create_play_session_sound
wire_create_session_list_changed
wire_create_session_ready
wire_create_state_change_stream
wire_create_sticker_change_stream
wire_create_toast_stream
wire_create_top_message_state_changed_stream
wire_delete_message
wire_download_message_attachment
wire_enter_session
wire_fetch_bulk_referenced_messages
wire_fetch_sticker
wire_get_after_message_list
wire_get_all_user_by_relationship
wire_get_area_mention_unread_count_from_local
wire_get_area_mention_unread_count_from_remote
wire_get_area_unread_message_count
wire_get_before_message_list
wire_get_channel_mention_unread_count_by_area_from_local
wire_get_channel_mention_unread_count_by_area_from_remote
wire_get_channel_mention_unread_count_by_channel_from_local
wire_get_connected_network_time
wire_get_connecting_network_time
wire_get_invite_detail
wire_get_last_read_message
wire_get_latest_message_list
wire_get_message_by_id
wire_get_messages_between_ids
wire_get_reaction_reply_persons
wire_get_session_list
wire_get_single_area_mention_unread_count_from_remote
wire_get_sticker
wire_get_top_message_list
wire_get_unread_message_count
wire_get_user_by_uid
wire_get_user_by_uid_list
wire_get_users
wire_handle_socket_reconnect
wire_init
wire_init_channel_list
wire_init_channel_read_message
wire_is_session_ready
wire_is_top_message_bar_enabled
wire_process_websocket_event
wire_process_websocket_reconnection
wire_recall_message
wire_remove_session
wire_send_ack
wire_send_message
wire_set_last_read_message_id
wire_set_login_info
wire_set_reaction
wire_set_sandbox_path
wire_set_server_address
wire_set_user
wire_set_user_list
wire_socket_logout
wire_start_connect
wire_toggle_top_message
wire_toggle_top_message_bar

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74420008afd0fdd414618e67947a57b1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

advapi32

kernel32

bcrypt

ws2_32

crypt32

ntdll

secur32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 35KB - Virtual size: 39KB

.pdata Size: 100KB - Virtual size: 99KB

.reloc Size: 46KB - Virtual size: 46KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 35KB - Virtual size: 39KB

.pdata
Size: 100KB - Virtual size: 99KB

.reloc
Size: 46KB - Virtual size: 46KB