90b4066497040ba6115d12d95bcba25583eb2a29f919799386445ba41d9f5ec3_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

90b4066497040ba6115d12d95bcba25583eb2a29f919799386445ba41d9f5ec3_NeikiAnalytics.exe
Size

92KB
MD5

330934e7d3f09476ddf9919f5e0dbf90
SHA1

f10d91bc5aff72066ea5e50ddcca96829af5c5a0
SHA256

90b4066497040ba6115d12d95bcba25583eb2a29f919799386445ba41d9f5ec3
SHA512

cfcfb78d47a14de8821c96098dfab4c948ff50e74e1abfcb39e2682a745e74ed3c5d39c7c59913d94a9f2605925c2976e45db3f8398dee4682301133a31ea417
SSDEEP

1536:zmrT26gjCgwVihvzbP/Egh7PRLhmBb1qyAi5tuy6nG6sx4dhOq34V:Cv26gjCgvzYI7JLhmBpqyAi5Eyhzq38

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90b4066497040ba6115d12d95bcba25583eb2a29f919799386445ba41d9f5ec3_NeikiAnalytics.exe

Files

90b4066497040ba6115d12d95bcba25583eb2a29f919799386445ba41d9f5ec3_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

da14e8b9cf8fc4ed05b87694a32b9832

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDefaultLangID
OutputDebugStringA
lstrcpynA
lstrcmpA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
WideCharToMultiByte
lstrcatA
lstrlenW
GlobalAlloc
GetTickCount
GlobalLock
GlobalUnlock
MultiByteToWideChar
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
HeapCreate
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcpyA

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
SetParent
GetActiveWindow
InvalidateRgn
CreateAcceleratorTableA
GetDesktopWindow
GetClassNameA
EndDialog
GetFocus
IsChild
SetFocus
CharNextA
GetWindowTextLengthA
GetWindowTextA
SendDlgItemMessageA
GetWindow
RegisterWindowMessageA
FrameRect
RedrawWindow
CreateDialogParamA
InflateRect
DefWindowProcA
GetClientRect
EndPaint
FillRect
BeginPaint
KillTimer
CallWindowProcA
ReleaseDC
GetDC
SetTimer
SetCapture
MapWindowPoints
SystemParametersInfoA
DialogBoxParamA
LoadStringA
SetClassLongA
SetCursor
DrawTextA
UpdateWindow
GetSysColorBrush
SetWindowTextA
GetSystemMetrics
OffsetRect
GetWindowRect
PostMessageA
DestroyWindow
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
WindowFromPoint
CopyRect
GetSysColor
SetWindowPos
IsWindowVisible
ShowWindow
MoveWindow
SetRectEmpty
IsRectEmpty
GetDlgItem
EnableWindow
CreateWindowExA
FindWindowExA
IsWindow
InvalidateRect
LoadBitmapA
SetWindowLongA
GetWindowLongA
GetParent
SendMessageA
ReleaseCapture
GetCursorPos
ScreenToClient
PtInRect

gdi32

CreateFontIndirectA
SetTextAlign
CreateDIBSection
GetDeviceCaps
SetBkMode
TextOutA
CreateSolidBrush
CreateBrushIndirect
GetTextExtentPoint32A
GetStockObject
GetObjectA
DPtoLP
CreateCompatibleBitmap
GetMapMode
SetMapMode
GetViewportExtEx
SetViewportExtEx
GetWindowExtEx
SetWindowExtEx
GetTextColor
GetBkColor
CreateCompatibleDC
PatBlt
SetTextColor
SetBkColor
CreateBitmap
CreatePatternBrush
Arc
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
BitBlt
DeleteDC

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

ole32

CoFreeUnusedLibraries
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
VariantClear
LoadTypeLi
RegisterTypeLi
SysAllocString
SysFreeString

msvcrt

_purecall
strlen
strcpy
strcmp
sprintf
strcat
strrchr
memcmp
strstr
tolower
_except_handler3
?terminate@@YAXXZ
free
_initterm
malloc
_adjust_fdiv
memset
_itoa
??2@YAPAXI@Z
memcpy
_EH_prolog
__CxxFrameHandler
abs
vsprintf
??3@YAXPAX@Z
_strcmpi

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UCFCreateInstance
UCFGetInterfaceVersion

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da14e8b9cf8fc4ed05b87694a32b9832

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

msvcp60

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB