90743c5a9bf064c2f99712ba417151ef64ad139911fb21e7b19b5e2b5dab9895_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

90743c5a9bf064c2f99712ba417151ef64ad139911fb21e7b19b5e2b5dab9895_NeikiAnalytics.exe
Size

3.8MB
MD5

dc3a8566947033752de07d2fb57885f0
SHA1

fe7c03c9bf157b3bd2adfbcce37f679aa87221b5
SHA256

90743c5a9bf064c2f99712ba417151ef64ad139911fb21e7b19b5e2b5dab9895
SHA512

270fa73a417b83cc0981f3afb8f4500c38d11e364ba4d78b57e3d10b8f10efe460fac1c3386b033edf397b360e06176f3b33a2b9c5d7ef39a0d805224af69e41
SSDEEP

49152:FAkg8cnfRCE5d9vNGE78xsYrXWI109ynvryNktJaQn2EhMmVVZq9I3O0H7:FKZ0l12yve2rVrq9I3O8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90743c5a9bf064c2f99712ba417151ef64ad139911fb21e7b19b5e2b5dab9895_NeikiAnalytics.exe

Files

90743c5a9bf064c2f99712ba417151ef64ad139911fb21e7b19b5e2b5dab9895_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

5a77dc300ebd7c04eb87a5324a426eaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
CreateFileW
GetFileSize
GetFullPathNameW
GetFullPathNameA
ReadFile
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
GetCurrentProcess
GetVersionExA
IsValidCodePage
IsDBCSLeadByteEx
LoadLibraryA
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
MulDiv
GetCurrentDirectoryW
GetCurrentDirectoryA
GetStdHandle
ExpandEnvironmentStringsA
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetSystemDefaultLCID
SizeofResource
ReadConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
VirtualQuery
VirtualProtect
GetSystemInfo
SetCurrentDirectoryA
SetEnvironmentVariableA
GetDriveTypeW
GetTimeZoneInformation
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
RtlPcToFileHeader
GetCurrentProcessId
GetStartupInfoW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
InitializeCriticalSection
GetLocalTime
CompareStringA
WideCharToMultiByte
Sleep
CompareStringW
MultiByteToWideChar
FindFirstFileExA
DeleteFileW
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
HeapAlloc
GetProcAddress
FreeLibrary
DecodePointer
GetCPInfo
CompareStringEx
GetLocaleInfoEx
GetSystemTimeAsFileTime
FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindClose
LoadLibraryW
GetModuleFileNameA
GetFileAttributesA
GetFileAttributesW
FindNextFileA
CreateThread
TerminateThread
WaitForSingleObject
SetFilePointerEx
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
EncodePointer
LCMapStringEx
QueryPerformanceCounter
RtlUnwind

user32

GetCursorPos
SetCursor
MessageBeep
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
SetRectEmpty
ReleaseDC
GetDC
UpdateWindow
DrawTextW
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
GetFocus
GetActiveWindow
SetFocus
CharNextW
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
EndDialog
ScreenToClient
CloseClipboard
SetClipboardData
EmptyClipboard
IsCharAlphaNumericW
SetTimer
KillTimer
GetSystemMetrics
MessageBoxW
GetDesktopWindow
LoadBitmapW
LoadImageW
DialogBoxParamW
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
OffsetRect
MapWindowPoints
GetSysColor
PtInRect
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
GetClassNameW
GetWindow
LoadCursorW
MonitorFromWindow
GetMonitorInfoW
wsprintfW
DrawFocusRect
OpenClipboard
FillRect
BeginPaint

gdi32

SetBkMode
SelectObject
GetStockObject
SetTextColor
DeleteObject
DeleteDC
CreateFontIndirectW
GetObjectW
GetDeviceCaps
GetTextExtentPoint32W

advapi32

RegDeleteValueW
RegCreateKeyExA
GetFileSecurityW
GetFileSecurityA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExA
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
MapGenericMask
DuplicateToken
AccessCheck
OpenProcessToken

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VariantTimeToSystemTime
VarDecFromUI8
VarDecFromI8
VarUI8FromDec
VarUI8FromR8
VarUI8FromR4
VarUI4FromDec
VarUI2FromDec
VarI1FromDec
VarBstrFromDec
VarCyFromStr
VarR8FromDec
VarR8FromCy
VarR4FromDec
VariantCopy
VarDateFromStr
VarUI4FromStr
SysFreeString
VarR4FromCy
VarI8FromDec
VarI8FromCy
VarI8FromR8
VarI8FromR4
VarI4FromDec
VarI4FromCy
VariantClear
VariantInit
VarI2FromDec
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SystemTimeToVariantTime
SysAllocStringLen
SysAllocString
SafeArrayGetDim
SysStringLen
VarDecFromStr
VariantChangeType

comctl32

CreatePropertySheetPageW
PropertySheetW
_TrackMouseEvent
InitCommonControlsEx
DestroyPropertySheetPage

libmysql

mysql_stmt_error
mysql_stmt_send_long_data
mysql_stmt_close
mysql_stmt_bind_param
mysql_stmt_execute
mysql_stmt_prepare
mysql_stmt_init
mysql_init
mysql_real_connect
mysql_select_db
mysql_query
mysql_use_result
mysql_get_server_info
mysql_options
mysql_close
mysql_errno
mysql_error
mysql_num_fields
mysql_fetch_fields
mysql_free_result
mysql_fetch_row
mysql_fetch_lengths
mysql_list_tables

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a77dc300ebd7c04eb87a5324a426eaf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

libmysql

comdlg32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 193KB - Virtual size: 201KB

.pdata Size: 99KB - Virtual size: 98KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 272KB - Virtual size: 272KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 193KB - Virtual size: 201KB

.pdata
Size: 99KB - Virtual size: 98KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 272KB - Virtual size: 272KB

.reloc
Size: 20KB - Virtual size: 19KB