0adf61e49e5f76b8b12b660d78545cef584b2ea269ed0bf038eed5e6b4f205b7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0adf61e49e5f76b8b12b660d78545cef584b2ea269ed0bf038eed5e6b4f205b7_NeikiAnalytics.exe
Size

1.0MB
MD5

f2e969058a902628d092097d37e625f0
SHA1

4a948b6d7c27dff70e9c9cc464d42fa3c40aec42
SHA256

0adf61e49e5f76b8b12b660d78545cef584b2ea269ed0bf038eed5e6b4f205b7
SHA512

9c6497ba8eeae016441a4041a273b15c6c7e695064daa6014e5182934c36d0b659de75e6ae434bd8bb891965bcef64a1a0e9718e5951c647f5538012b0051286
SSDEEP

12288:Culxf3URt5CLkwXJP3j/C4zFz7k+qdcUzprL31Wgj:CcfvzCIFzwPcUzpv31Wi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0adf61e49e5f76b8b12b660d78545cef584b2ea269ed0bf038eed5e6b4f205b7_NeikiAnalytics.exe

Files

0adf61e49e5f76b8b12b660d78545cef584b2ea269ed0bf038eed5e6b4f205b7_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

78eeaba73cb28c53f7da209fb04718fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\works\trunk\svn2git\CBB\CUtil-Win\build_Visual_Studio_15_2017\Bin\Test\Debug\Test_CutilProcess.pdb

Imports

ws2_32

WSAGetLastError
WSACleanup
WSARecv
accept
bind
WSAStartup
inet_pton
freeaddrinfo
getaddrinfo
WSASend
inet_addr
WSAIoctl
socket
setsockopt
send
select
recv
listen
htons
htonl
ioctlsocket
connect
closesocket

kernel32

SizeofResource
GetFileSizeEx
SetEndOfFile
FindClose
GetFileTime
SetFileTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CompareFileTime
GetTickCount
FlushViewOfFile
lstrcmpA
CreateFileMappingA
GetModuleFileNameW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindResourceA
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetFullPathNameA
GetFullPathNameW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesW
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CopyFileA
CopyFileW
MoveFileA
MoveFileW
MoveFileExA
MoveFileExW
GlobalMemoryStatus
GlobalMemoryStatusEx
InitializeCriticalSection
GetProcessHeap
LeaveCriticalSection
Sleep
DeviceIoControl
GetSystemInfo
lstrcpyA
GetLogicalDriveStringsA
LoadLibraryExA
GetDriveTypeA
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExA
GetComputerNameA
GetVersionExA
GetSystemDefaultUILanguage
CreateTimerQueueTimer
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
QueryPerformanceCounter
GetSystemTimeAsFileTime
CancelIoEx
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
PostQueuedCompletionStatus
InitializeSListHead
GetLongPathNameW
FreeLibrary
CreateJobObjectA
AssignProcessToJobObject
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
WideCharToMultiByte
CancelIo
GetFileAttributesExA
CreateFileW
CreateFileA
OutputDebugStringA
GetModuleFileNameA
OpenFileMappingA
OpenEventA
CreateEventA
UnmapViewOfFile
MapViewOfFile
GetLocalTime
SetFilePointer
FlushFileBuffers
WriteFile
GetFileSize
UnlockFileEx
LockFileEx
SetEvent
GetOverlappedResult
GetCurrentThreadId
Module32Next
Module32First
Process32Next
Process32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
ProcessIdToSessionId
GetFileAttributesA
QueryDosDeviceA
GetSystemTime
GetCurrentDirectoryA
GetSystemWindowsDirectoryA
GetSystemDirectoryA
CreateProcessA
GetModuleHandleA
LoadLibraryA
CreateSemaphoreA
CreateMutexA
CreatePipe
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
DuplicateHandle
CloseHandle
ReadFile
GetStdHandle
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
SetLastError
GetLastError
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcessTimes
LocalFree
RegisterWaitForSingleObject
WaitForMultipleObjects
UnregisterWaitEx
LoadResource
GetLongPathNameA
LocalAlloc
LockResource
VirtualQuery
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
CreateIoCompletionPort
FreeResource
GlobalFree
GlobalAlloc
GetVersion
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EnterCriticalSection
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
ResumeThread
SuspendThread
SetErrorMode
SetHandleInformation
GetQueuedCompletionStatusEx
GetHandleInformation
TerminateJobObject
InitOnceExecuteOnce
QueryPerformanceFrequency
SetStdHandle
CreateNamedPipeA
VirtualAlloc
MapViewOfFileEx
GetCommandLineA
GetEnvironmentVariableA
SearchPathA
VirtualProtect

user32

GetSystemMetrics
wsprintfW

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

advapi32

RegConnectRegistryA
OpenProcessToken
GetTokenInformation
SetTokenInformation
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
FreeSid
BuildExplicitAccessWithNameW
BuildExplicitAccessWithNameA
SetNamedSecurityInfoW
SetNamedSecurityInfoA
GetNamedSecurityInfoW
GetNamedSecurityInfoA
SetEntriesInAclW
SetEntriesInAclA
RegSetValueExW
RegSaveKeyW
RegSaveKeyA
RegRestoreKeyW
RegRestoreKeyA
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegConnectRegistryW
LookupPrivilegeValueW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
GetSidSubAuthorityCount
GetSidIdentifierAuthority
ConvertSidToStringSidA
OpenSCManagerW
OpenSCManagerA
EnumServicesStatusExW
EnumServicesStatusExA
CloseServiceHandle
CheckTokenMembership
IsTokenRestricted
DuplicateTokenEx
CreateProcessWithLogonW
CreateProcessAsUserA
ImpersonateLoggedOnUser
GetUserNameA
LookupPrivilegeValueA
LookupAccountNameA
LookupAccountSidW
LookupAccountSidA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
GetSidSubAuthority
RevertToSelf

msvcp140d

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetModuleInformation
GetModuleFileNameExA

wtsapi32

WTSEnumerateSessionsA
WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW
WTSQuerySessionInformationA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CertGetNameStringA
CryptQueryObject
CryptDecodeObject

mpr

WNetCancelConnection2W
WNetCancelConnection2A
WNetAddConnection2W
WNetAddConnection2A
WNetGetProviderNameA
WNetGetResourceParentA

pdh

PdhAddCounterA
PdhCollectQueryData
PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryA

iphlpapi

CreateIpNetEntry
DeleteIpNetEntry
GetAdaptersInfo
CreateIpForwardEntry

rasapi32

RasHangUpA
RasSetEntryPropertiesA
RasGetConnectStatusA
RasEnumConnectionsA
RasDialA

vcruntime140d

__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_except_handler4_common
memchr
memcmp
wcsrchr
_local_unwind4
strrchr
wcschr
strstr
strchr
__CxxFrameHandler3
memset
memcpy
memmove
__vcrt_LoadLibraryExW

ucrtbased

_initterm
_initterm_e
exit
_exit
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_except1
_free_dbg
terminate
_controlfp_s
_wmakepath_s
_wsplitpath_s
_strdup
_strnicmp
_unlink
_wcsdup
putchar
_callnewh
feof
wcsncpy_s
fputs
fgets
__acrt_iob_func
_time64
_localtime64
strtol
rand
srand
strncmp
__stdio_common_vsnprintf_s
setlocale
mbstowcs
wcscmp
wcscpy_s
fwrite
__setusermatherr
__stdio_common_vswprintf_s
_wfopen
atoi
tolower
toupper
isspace
isdigit
strncat
strcmp
strcat
wcsncpy
wcsncat
wcscpy
wcscat
__stdio_common_vsscanf
__stdio_common_vfprintf
rename
fopen
fclose
__stdio_common_vswprintf
realloc
malloc
free
calloc
_mbsrchr
_mbsnicmp
_mbsnbcpy
_mbsicmp
strncpy
strlen
_stricmp
strcpy
strncpy_s
strcat_s
strcpy_s
_wcsicmp
wcslen
_errno
__stdio_common_vsprintf_s
__stdio_common_vsprintf
_CrtDbgReport
_invalid_parameter
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_cexit
_crt_atexit
_execute_onexit_table
_crt_at_quick_exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
fread
_seh_filter_dll
getenv
strerror
atof
strtok_s
abort
fflush
_wassert
_fdopen
setvbuf
_close
_dup
_dup2
_open_osfhandle
rand_s
_mbsstr
_dclass
_fileno
_get_osfhandle
_beginthreadex

mswsock

AcceptEx

Exports

Exports

cr_asprintf
cr_asprintf_free
cr_calloc
cr_free
cr_get_redirected_stderr
cr_get_redirected_stdin
cr_get_redirected_stdout
cr_log
cr_malloc
cr_realloc
cr_redirect_stderr
cr_redirect_stdin
cr_redirect_stdout
cr_translate_assert_msg
cr_vasprintf
cri_asserts_passed_incr
criterion_abort_test
criterion_add_output
criterion_continue_test
criterion_current_suite
criterion_current_test
criterion_finalize
criterion_handle_args
criterion_initialize
criterion_internal_test_main
criterion_internal_test_setup
criterion_internal_test_teardown
criterion_log
criterion_options
criterion_plog
criterion_register_output_provider
criterion_register_test
criterion_run_all_tests
criterion_send_assert
criterion_skip_test
criterion_test_die
criterion_vlog
insert_ordered_set
main
new_ordered_set
nn_allocmsg
nn_bind
nn_close
nn_cmsg_nxthdr_
nn_connect
nn_errno
nn_freemsg
nn_get_statistic
nn_getsockopt
nn_reallocmsg
nn_recv
nn_recvmsg
nn_send
nn_sendmsg
nn_setsockopt
nn_shutdown
nn_socket
nn_strerror
nn_term

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_tst
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_pra
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_prs
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_pri
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_prt
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_ast
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_thf
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_tsc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_pot
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_pof
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_pos
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cr_poa
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78eeaba73cb28c53f7da209fb04718fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

shell32

ole32

oleaut32

advapi32

msvcp140d

userenv

psapi

wtsapi32

version

crypt32

mpr

pdh

iphlpapi

rasapi32

vcruntime140d

ucrtbased

mswsock

Exports

Exports

Sections

.text Size: 716KB - Virtual size: 716KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 260KB - Virtual size: 293KB

.idata Size: 18KB - Virtual size: 17KB

cr_tst Size: 512B - Virtual size: 265B

.00cfg Size: 512B - Virtual size: 260B

cr_pra Size: 512B - Virtual size: 260B

cr_prs Size: 512B - Virtual size: 260B

cr_pri Size: 512B - Virtual size: 260B

cr_prt Size: 512B - Virtual size: 260B

cr_ast Size: 512B - Virtual size: 260B

cr_thf Size: 512B - Virtual size: 260B

cr_tsc Size: 512B - Virtual size: 260B

cr_pot Size: 512B - Virtual size: 260B

cr_pof Size: 512B - Virtual size: 260B

cr_pos Size: 512B - Virtual size: 260B

cr_poa Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 716KB - Virtual size: 716KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 260KB - Virtual size: 293KB

.idata
Size: 18KB - Virtual size: 17KB

cr_tst
Size: 512B - Virtual size: 265B

.00cfg
Size: 512B - Virtual size: 260B

cr_pra
Size: 512B - Virtual size: 260B

cr_prs
Size: 512B - Virtual size: 260B

cr_pri
Size: 512B - Virtual size: 260B

cr_prt
Size: 512B - Virtual size: 260B

cr_ast
Size: 512B - Virtual size: 260B

cr_thf
Size: 512B - Virtual size: 260B

cr_tsc
Size: 512B - Virtual size: 260B

cr_pot
Size: 512B - Virtual size: 260B

cr_pof
Size: 512B - Virtual size: 260B

cr_pos
Size: 512B - Virtual size: 260B

cr_poa
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB