a5756d561c642d071ed103de89fc4758bdcda9d9fa492e1c0bf286dd7c98b864_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a5756d561c642d071ed103de89fc4758bdcda9d9fa492e1c0bf286dd7c98b864_NeikiAnalytics.exe
Size

888KB
MD5

f7cee37098e1849c8dab04b612a41440
SHA1

d9d3819bf4c0cb49f9c63463c7df141c1662da4c
SHA256

a5756d561c642d071ed103de89fc4758bdcda9d9fa492e1c0bf286dd7c98b864
SHA512

b565161e15132c3e4c7ab3fe90d7ab3f4645d95388ea25aa05e70b0d2de53487b1be543904338f802218e2119deadb0ad21edc39f51f82a1509018f398b069db
SSDEEP

12288:Hujgbcc0kSP2JTsYPfMwuLbZhuLMYocyoPlyhSewxrPn+2:HIgQcl82hhPrsk8cZPrPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5756d561c642d071ed103de89fc4758bdcda9d9fa492e1c0bf286dd7c98b864_NeikiAnalytics.exe

Files

a5756d561c642d071ed103de89fc4758bdcda9d9fa492e1c0bf286dd7c98b864_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

b75e180e01685c7f5a7ff897c98e57bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlA

mfc42

ord2726
ord4226
ord2393
ord3229
ord6307
ord4167
ord521
ord6385
ord5356
ord5808
ord665
ord1979
ord5204
ord5186
ord354
ord941
ord2638
ord940
ord6383
ord5440
ord541
ord801
ord3790
ord6143
ord5442
ord3177
ord353
ord3499
ord2515
ord355
ord5651
ord3127
ord3616
ord6883
ord6153
ord548
ord6672
ord350
ord1980
ord668
ord5608
ord3562
ord4058
ord5860
ord6877
ord6648
ord3181
ord4202
ord5710
ord3178
ord2781
ord2770
ord356
ord2614
ord3092
ord2645
ord654
ord2764
ord341
ord4673
ord4684
ord4675
ord4680
ord1168
ord4274
ord4220
ord2584
ord3654
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord815
ord561
ord2438
ord2621
ord2915
ord1134
ord939
ord6117
ord1205
ord2725
ord926
ord3521
ord5214
ord1175
ord5683
ord2455
ord2863
ord1644
ord3054
ord3425
ord3880
ord3810
ord6402
ord4204
ord6876
ord6874
ord4278
ord3721
ord3698
ord5161
ord5160
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord6747
ord765
ord795
ord6334
ord6215
ord2864
ord2652
ord1669
ord2256
ord4224
ord4905
ord1783
ord3097
ord2938
ord1997
ord6407
ord5465
ord3318
ord798
ord5194
ord533
ord2301
ord6656
ord6241
ord6320
ord6453
ord3708
ord3619
ord781
ord3626
ord2414
ord2370
ord6134
ord1641
ord6734
ord2813
ord6283
ord6282
ord4132
ord5861
ord6662
ord6602
ord6592
ord2528
ord5288
ord565
ord4431
ord6529
ord1146
ord6568
ord6489
ord4259
ord1768
ord4715
ord2379
ord5849
ord2881
ord4439
ord3573
ord6485
ord768
ord4258
ord4976
ord4208
ord6788
ord4835
ord5162
ord3584
ord803
ord543
ord2820
ord3811
ord2814
ord932
ord928
ord5934
ord5933
ord6403
ord3522
ord6438
ord1247
ord1567
ord5583
ord268
ord6778
ord663
ord348
ord6663
ord4277
ord538
ord859
ord536
ord2784
ord3447
ord3196
ord6329
ord2860
ord6197
ord6442
ord6880
ord3089
ord3138
ord3797
ord613
ord5791
ord289
ord4123
ord3475
ord3476
ord6378
ord6380
ord4299
ord6242
ord5789
ord3293
ord2862
ord6696
ord3571
ord2452
ord2096
ord3758
ord3408
ord3227
ord1576
ord562
ord5787
ord284
ord6270
ord2546
ord291
ord640
ord2450
ord1640
ord323
ord5450
ord6394
ord1849
ord4244
ord3692
ord4589
ord4588
ord4899
ord4370
ord4892
ord4532
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord4432
ord303
ord813
ord5253
ord4284
ord3706
ord3302
ord283
ord5781
ord5785
ord2859
ord4865
ord755
ord2971
ord470
ord6779
ord551
ord3789
ord1832
ord3126
ord6657
ord6881
ord1074
ord603
ord1969
ord273
ord2065
ord5216
ord5856
ord3176
ord5858
ord5862
ord6144
ord6140
ord3876
ord686
ord384
ord3996
ord6907
ord3910
ord4774
ord934
ord3319
ord834
ord3337
ord550
ord501
ord773
ord1083
ord5607
ord2762
ord349
ord500
ord6142
ord817
ord772
ord4622
ord5715
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord1948
ord823
ord537
ord1228
ord1154
ord6467
ord4160
ord2817
ord3998
ord922
ord924
ord6059
ord1200
ord389
ord690
ord3638
ord1988
ord5220
ord617
ord296
ord3663
ord535
ord2919
ord5572
ord860
ord2763
ord4129
ord858
ord4710
ord2818
ord6199
ord2642
ord4234
ord2302
ord540
ord3874
ord1199
ord2737
ord800
ord609
ord825
ord324
ord567
ord641
ord656
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3574
ord4424
ord3402
ord5290
ord4396
ord1776
ord6055
ord2575
ord3610
ord2054
ord816

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
__set_app_type
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_CxxThrowException
_mbscoll
malloc
_mbsrchr
_exit
_controlfp
__CxxFrameHandler
atoi
memmove
_mbscmp
strstr
fclose
fgetc
rewind
fopen
strncmp
_splitpath
_strdup
free
sprintf
_strupr
_mbsicmp
vsprintf
sscanf
_stricmp
_setmbcp
_mbctype
_ismbcdigit
isdigit
_mbsstr
_mbsinc
_mbsupr
strncpy
isalpha
strtok
_getmbcp
_ftol
_access
strrchr
clock
localtime
time
_mbsicoll
calloc

kernel32

MultiByteToWideChar
WinExec
OpenProcess
GetCurrentProcess
GetVersionExA
CreateMutexA
GetLastError
GetTickCount
CloseHandle
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FindFirstFileA
MoveFileA
lstrlenA
lstrcmpiA
ResumeThread
lstrcatA
GetLongPathNameA
GetPrivateProfileStringA
GetExitCodeProcess
GlobalFree
GlobalMemoryStatus
GetDefaultCommConfigA
CreateFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
SearchPathA
GetProfileIntA
GetLocaleInfoA
TerminateProcess
GetStartupInfoA
SetThreadPriority
WaitForSingleObject
TerminateThread
lstrcpyA
CopyFileA
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetTempPathA
DeleteFileA
OpenMutexA
GetModuleHandleA
CreateProcessA
LocalFree
FormatMessageA
GetACP
Sleep
SetLastError
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
WaitForMultipleObjects
IsDBCSLeadByte
CompareStringA
GetWindowsDirectoryA
CreateDirectoryA
GetTempFileNameA
WritePrivateProfileStringA
FindClose
FreeLibrary
GetThreadLocale
FindResourceA

user32

PtInRect
InvalidateRect
GetSysColor
GetWindowDC
ReleaseDC
LoadMenuA
GetMenuItemInfoA
GetMenuItemID
RemoveMenu
EnableMenuItem
LoadImageA
GetClientRect
CopyRect
GetLastActivePopup
IsIconic
SetForegroundWindow
SetActiveWindow
RedrawWindow
GetWindow
GetWindowRect
GetWindowThreadProcessId
GetSystemMetrics
OffsetRect
CharUpperA
WaitForInputIdle
wsprintfA
GetDesktopWindow
LoadIconA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
UpdateWindow
GetParent
GetMenu
CheckMenuItem
GetSubMenu
CreatePopupMenu
AppendMenuA
GetMenuItemCount
InsertMenuA
ShowWindow
BringWindowToTop
EnumWindows
IsWindowVisible
GetMessagePos
ScreenToClient
GetFocus
DrawEdge
LockWindowUpdate
GetClassNameA
DrawFocusRect
RegisterWindowMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
SendMessageA
EnableWindow
FillRect

gdi32

GetDIBColorTable
CreatePalette
CreateCompatibleDC
CreateRectRgnIndirect
BitBlt
GetTextFaceA
PatBlt
CreateBitmap
SetBrushOrgEx
GetDeviceCaps
GetPixel
SetPixel
GetTextMetricsA
GetObjectA
DeleteObject
RealizePalette
GetTextExtentPoint32A
CreateSolidBrush
CreateFontA
CreateFontIndirectA
CreateHalftonePalette

winspool.drv

EnumPortsA

advapi32

GetTokenInformation
LookupPrivilegeNameA
LookupPrivilegeDisplayNameA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegEnumKeyExA
RegOpenKeyA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenProcessToken

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
ImageList_Add
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_ReplaceIcon

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString
DosDateTimeToVariantTime
GetErrorInfo

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b75e180e01685c7f5a7ff897c98e57bf

Headers

File Characteristics

Imports

version

wininet

mfc42

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

iphlpapi

Sections

.text Size: 272KB - Virtual size: 269KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 104KB - Virtual size: 106KB

.rsrc Size: 448KB - Virtual size: 444KB

.text
Size: 272KB - Virtual size: 269KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 104KB - Virtual size: 106KB

.rsrc
Size: 448KB - Virtual size: 444KB