a147bd31ca9fdf88ed92a9aeeb8734ef50a047be2e13def8145403258fe33599_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a147bd31ca9fdf88ed92a9aeeb8734ef50a047be2e13def8145403258fe33599_NeikiAnalytics.exe
Size

684KB
MD5

bcfda3f2bb8ccbb64dd76cb144f6a460
SHA1

bdd27bad493621477472282b0dbc901c393bf65f
SHA256

a147bd31ca9fdf88ed92a9aeeb8734ef50a047be2e13def8145403258fe33599
SHA512

3e2b85aeed6aa587c6173570cf9547c4d833996d0f8d9a50e741ff7a5783c55d0ba61dd1cc012de7b045c9a091633c010eb6aaeef63a26216f2a126ab5f59941
SSDEEP

12288:B8+opq+Bo8oadLt7axGpy5dh0VXxOJzTZBlnD0lmamrsAo7M8bwlpMIaVzhLPBI6:B8+oZBo8oaBt7axiy5dh0VXxOJzTZBlK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a147bd31ca9fdf88ed92a9aeeb8734ef50a047be2e13def8145403258fe33599_NeikiAnalytics.exe

Files

a147bd31ca9fdf88ed92a9aeeb8734ef50a047be2e13def8145403258fe33599_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

8456c1d6271b91a3fd72cd40c804dee4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

\\cpvsbuild\drops\v7.0\raw\9466\vsbuilt\bbt\bin\i386\dpedt.pdb

Imports

advapi32

RegDeleteValueA
RegQueryValueExA
RegSetValueExW
RegQueryValueExW
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExW
RegCreateKeyExW

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy

comdlg32

CommDlgExtendedError

gdi32

CreateFontIndirectA
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateDCA
GetDeviceCaps
CreateFontIndirectW
CreatePen
MoveToEx
LineTo
CreateBitmap
CreatePatternBrush
GetStockObject
SelectObject
PatBlt
DeleteObject
CreateRectRgnIndirect
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CreateMetaFileA

kernel32

MultiByteToWideChar
lstrlenA
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
WideCharToMultiByte
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSection
HeapFree
GetProcessHeap
DeleteCriticalSection
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
FindClose
GetLastError
lstrcpyA
lstrcatA
DisableThreadLibraryCalls
GlobalFree
CloseHandle
SizeofResource
LockResource
LoadResource
LocalFree
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
FreeLibrary
InterlockedDecrement
LoadLibraryExA
GetUserDefaultLCID
GetEnvironmentVariableA
GetVersion
CopyFileW
CompareStringW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
GetFileAttributesW
GetModuleFileNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
LoadLibraryExW
SetLastError
GetFileSize
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FormatMessageA
FindNextFileA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
CopyFileA
CreateFileA
GetFileAttributesA
LocalAlloc
DeleteFileA
CompareStringA
FindFirstFileA
InterlockedIncrement
IsBadReadPtr
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FindResourceA

msvcp70

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

msvcr70

_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
_onexit
__dllonexit
_adjust_fdiv
memset
??3@YAXPAX@Z
_initterm
_itow
isxdigit
isupper
tolower
isdigit
sprintf
_wtoi
iswdigit
vswprintf
??_V@YAXPAX@Z
iswspace
wcscat
_wmakepath
wcscpy
free
malloc
wcsncmp
wcschr
wcsrchr
_wcsicoll
_wsplitpath
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_wcsicmp
wcslen
realloc
_CxxThrowException
??2@YAPAXI@Z
??_U@YAPAXI@Z
wcscmp
__CxxFrameHandler

ole32

OleSetClipboard
OleGetClipboard
DoDragDrop
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
RevokeDragDrop
CoTaskMemFree
OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
OleRegGetMiscStatus
RegisterDragDrop
OleRegGetUserType
OleRegEnumVerbs
CreateDataAdviseHolder
CoCreateGuid
StringFromGUID2
OleRun

oleaut32

VarUI4FromStr
UnRegisterTypeLi
SysAllocStringLen
SafeArrayGetElement
SafeArrayCopy
RegisterTypeLi
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VariantClear
VariantInit
SysStringLen
LoadTypeLi
LoadRegTypeLi
GetErrorInfo
SysAllocString
SetErrorInfo
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
SysFreeString

rpcrt4

NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleAllocate
NdrOleFree

shell32

DragQueryFileA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryFileW

shlwapi

PathFindExtensionA

user32

GetDC
SendMessageA
SetWindowLongA
SetWindowTextW
ReleaseDC
MessageBoxW
LoadImageW
GetWindowTextW
DialogBoxIndirectParamW
CreateWindowExW
SendMessageW
MessageBoxExW
CharNextA
UnionRect
PtInRect
GetSysColorBrush
DialogBoxIndirectParamA
MessageBoxA
GetWindowTextA
FillRect
GetSystemMetrics
UnregisterClassA
LoadImageA
SetWindowTextA
RegisterClipboardFormatW
CharUpperW
GetActiveWindow
LoadIconA
EnableWindow
GetWindow
SystemParametersInfoA
MapWindowPoints
EndDialog
KillTimer
SetTimer
RegisterClipboardFormatA
UpdateWindow
GetClassInfoExA
wsprintfA
RegisterClassExA
CreateWindowExA
GetDlgItem
GetMessagePos
ReleaseCapture
SetCapture
ClientToScreen
LoadCursorA
SetCursor
GetCapture
GetCursorPos
BeginPaint
GetClientRect
EndPaint
GetParent
GetFocus
SetFocus
ShowWindow
WindowFromPoint
ScreenToClient
InvalidateRect
IsWindow
DestroyWindow
GetWindowRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetKeyState
CallWindowProcA
GetWindowLongA
DefWindowProcA
IsChild

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8456c1d6271b91a3fd72cd40c804dee4

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcp70

msvcr70

ole32

oleaut32

rpcrt4

shell32

shlwapi

user32

version

Exports

Exports

Sections

.text Size: 556KB - Virtual size: 555KB

.orpc Size: 4KB - Virtual size: 268B

.data Size: 16KB - Virtual size: 12KB

.rsrc Size: 56KB - Virtual size: 53KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 556KB - Virtual size: 555KB

.orpc
Size: 4KB - Virtual size: 268B

.data
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 56KB - Virtual size: 53KB

.reloc
Size: 48KB - Virtual size: 44KB