a3357f48db2de94a726c39678cc16e177ff09b8621de3a025ed793828b34354d_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a3357f48db2de94a726c39678cc16e177ff09b8621de3a025ed793828b34354d_NeikiAnalytics.exe
Size

506KB
MD5

7b5a2c763d86be2262de5920d02cecf0
SHA1

ba0de946c466698aee41cd6b59e94f11660337f5
SHA256

a3357f48db2de94a726c39678cc16e177ff09b8621de3a025ed793828b34354d
SHA512

2c9cad1375bebc7fad041129df16e1ed5280e145aec7a07d050968bf382fe23115bb6cb43f97c6d463e36da102f3f1c9d44635cde6cee53959a89265700ee0af
SSDEEP

12288:VMrQnk3zH2A6D33n69yRyYkIfFzqkQH7l7H:VMknkr2A6D8W9kWzqk6l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3357f48db2de94a726c39678cc16e177ff09b8621de3a025ed793828b34354d_NeikiAnalytics.exe

Files

a3357f48db2de94a726c39678cc16e177ff09b8621de3a025ed793828b34354d_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

827502733bc8b7c718596fb7bcf4ba1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\B\T\BuildResults\bin\Release\plug_ins\Multimedia\MPP\WindowsMedia.pdb

Imports

shlwapi

PathCreateFromUrlA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

Sleep
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpA
SetErrorMode
GetUserDefaultLangID
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpiA
FindResourceA
IsDBCSLeadByte
VerSetConditionMask
VerifyVersionInfoW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
MultiByteToWideChar
GetLocalTime
GetTickCount
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
GetVersionExA
GetSystemInfo
LocalAlloc
LocalFree
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
ResetEvent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
OutputDebugStringW
IsDebuggerPresent
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
GetCurrentThreadId
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
WideCharToMultiByte
GetLastError
RaiseException
DecodePointer
OutputDebugStringA
CreateEventW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter

user32

ScreenToClient
ClientToScreen
SetCursor
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetSysColor
SetFocus
CharNextA
GetDlgItem
SetWindowPos
MoveWindow
KillTimer
UnregisterClassA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
SetTimer
BringWindowToTop
ShowWindow
wsprintfA
LoadStringA
LoadCursorA
GetWindow
GetClassNameA
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetFocus
DestroyWindow
FillRect

gdi32

GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection
CreateSolidBrush
DeleteObject

advapi32

RegOpenKeyExA
GetUserNameA
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExW

ole32

OleInitialize
CoTaskMemFree
OleUninitialize
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysFreeString
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__std_exception_copy
memset
_CxxThrowException
_purecall
memcmp
memcpy
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__CxxFrameHandler3
__std_terminate
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

_recalloc
_callnewh
malloc
calloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_register_onexit_function
terminate
_crt_atexit
_cexit
_resetstkoflw
_errno
_initterm
_initterm_e
_invalid_parameter_noinfo
_execute_onexit_table
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

wcsncmp
strlen
wcslen
wcscmp
strcmp
wcscpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy_s
_mbsstr

Exports

Exports

GetAcrobatMPPInterface
WMCreateStreamForURL

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 253KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

827502733bc8b7c718596fb7bcf4ba1e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 55KB - Virtual size: 57KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 253KB - Virtual size: 256KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 55KB - Virtual size: 57KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 253KB - Virtual size: 256KB