8e3b083392874ac4778a0d147364c896b55365871e946133a130b3cbaa391101_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8e3b083392874ac4778a0d147364c896b55365871e946133a130b3cbaa391101_NeikiAnalytics.exe
Size

745KB
MD5

f28dcea8128e30ca19bf5fae3c7530a0
SHA1

d263f6e7605c564e64bc990b856057963a91c518
SHA256

8e3b083392874ac4778a0d147364c896b55365871e946133a130b3cbaa391101
SHA512

52cc7eb50af8b987fa4b363bbd6d611b6ebfc536d678db24c71dd2481ff9a968883ca4d6829d33f67648dcdeeb98e8ab74a3c026fe8849b6e1897a8a09d5c5ab
SSDEEP

12288:czM0HozfjGzyq3ArrML4bZHxWJA47rMvt6fDVCLvSn:czJHobKzyqArrekiaSru0ik

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e3b083392874ac4778a0d147364c896b55365871e946133a130b3cbaa391101_NeikiAnalytics.exe

Files

8e3b083392874ac4778a0d147364c896b55365871e946133a130b3cbaa391101_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

2f71670ea4e911bae3c8f03da5dd22e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\qb\workspace\21461\source\output\dump64\gfxui\EventManager\igfxEMN\Release\igfxEMN.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
MulDiv
lstrcmpW
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetExitCodeThread
GetTickCount
ExpandEnvironmentStringsW
SetFileAttributesW
GetSystemDirectoryW
CreateDirectoryW
OpenEventW
GetCurrentProcessId
ProcessIdToSessionId
GetFileAttributesW
CreateProcessW
LoadLibraryW
WTSGetActiveConsoleSessionId
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLangID
WriteConsoleW
SetEndOfFile
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetConsoleOutputCP
SetFilePointerEx
HeapSize
GetConsoleMode
GetTimeZoneInformation
GetFileType
FreeLibrary
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
ExitProcess
WriteFile
GetStdHandle
ReadFile
VirtualQuery
VirtualProtect
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
LCMapStringEx
GetStringTypeW
LocalFree
GetStartupInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FindResourceExW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
RaiseException
CloseHandle
GetCommandLineW
DeleteCriticalSection
InitializeCriticalSectionEx
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesW
GetProcessHeap
DecodePointer
GetLastError
ReadConsoleW
RtlUnwind

user32

GetWindowRect
SetWindowContextHelpId
MessageBoxW
GetCursorPos
SetForegroundWindow
LoadImageW
MapDialogRect
SetMenuDefaultItem
TrackPopupMenuEx
UnregisterClassW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowPos
MoveWindow
CreateDialogIndirectParamW
GetDlgItem
CharUpperW
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostThreadMessageW
LoadIconW
SendMessageW
CharNextW
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
InsertMenuW
GetSubMenu
GetSystemMetrics
KillTimer
SetTimer
MapVirtualKeyExW
GetKeyNameTextW
SendDlgItemMessageW
EndDialog
CreateDialogParamW
IsWindowVisible
ShowWindow
PostQuitMessage
UnregisterDeviceNotification
RegisterDeviceNotificationW
UnregisterHotKey
RegisterHotKey
GetKeyboardLayout
GetKeyboardLayoutList
ActivateKeyboardLayout
LoadKeyboardLayoutW
PeekMessageW
FindWindowW
DestroyMenu
CreatePopupMenu
PostMessageW
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen

gdi32

SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW

ole32

CLSIDFromString
OleLockRunning
OleRun
OleUninitialize
OleInitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
VarUI4FromStr
VariantClear
GetErrorInfo
LoadTypeLi
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

setupapi

SetupDiOpenDevRegKey
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDevicePropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

shell32

SHCreateItemFromParsingName
Shell_NotifyIconW

shlwapi

StrStrW

bcrypt

BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCreateHash

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f71670ea4e911bae3c8f03da5dd22e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

setupapi

wtsapi32

shell32

shlwapi

bcrypt

version

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 16KB - Virtual size: 45KB

.pdata Size: 24KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 148KB - Virtual size: 148KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 16KB - Virtual size: 45KB

.pdata
Size: 24KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 148KB - Virtual size: 148KB

.reloc
Size: 4KB - Virtual size: 4KB