16cb48f34f0a7a05ffbca6edcba151a1e98bfad7e39fdc54b3bab36ce3078a23_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

16cb48f34f0a7a05ffbca6edcba151a1e98bfad7e39fdc54b3bab36ce3078a23_NeikiAnalytics.exe
Size

165KB
MD5

7283760359e42a55776db9d8176fb2a0
SHA1

7763dc5c509ff125f6d4f53f5ca51e871b00ab75
SHA256

16cb48f34f0a7a05ffbca6edcba151a1e98bfad7e39fdc54b3bab36ce3078a23
SHA512

8c4a906e3324fb1f5b0afb8ce106c5bec5471601ba4062a9d9d8374d8a0301a5672619346e3a6a91c2ce67cc420830f345c5ed2d1d14bd34cd4ef8e171efdedc
SSDEEP

3072:dF5SHJxw3cjW//e7AMhBeQgOwF5svuw9WI9+QUpDOLyOuxF+Dh:dF5SHJxw3KWO7ASBZsGF986yOux4D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16cb48f34f0a7a05ffbca6edcba151a1e98bfad7e39fdc54b3bab36ce3078a23_NeikiAnalytics.exe

Files

16cb48f34f0a7a05ffbca6edcba151a1e98bfad7e39fdc54b3bab36ce3078a23_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

46345e280db8c29e86837b845e26b62b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\svn\project\Bin\x64\SbieRelease\SbieSvc.pdb

Imports

sbiedll

SbieApi_GetVersion
SbieDll_PortName
SbieApi_QueryProcessPath
SbieDll_FreeMem
SbieDll_QueuePutRpl
SbieDll_FormatMessage2
SbieApi_CallZero
SbieApi_GetHomePath
SbieApi_CallOne
SbieApi_EnumProcessEx
SbieApi_GetUnmountHive
SbieApi_IsBoxEnabled
SbieDll_RunSandboxed
SbieDll_GetServiceRegistryValue
SbieApi_GetWork
SbieApi_SetUserName
SbieApi_QueryProcess
SbieDll_RunFromHome
SbieDll_IsOpenClsid
SbieApi_Log
SbieDll_ComCreateStub
SbieDll_QueueGetReq
SbieApi_QueryProcessInfo
SbieDll_KillOne
SbieApi_QueryProcessEx2
SbieApi_QueryPathList
SbieDll_QueueCreate
SbieApi_CheckInternetAccess
SbieApi_QueryConfBool
SbieApi_CallTwo
SbieApi_QueryConf
SbieApi_SessionLeader
SbieApi_ReloadConf
SbieDll_FormatMessage0
SbieApi_OpenProcess
SbieDll_GetLanguage
SbieApi_LogEx

ntdll

sprintf
wcsstr
iswctype
_wcsnicmp
NtClose
NtRequestPort
NtOpenKey
NtUnloadKey
RtlInitUnicodeString
strncmp
NtOpenFile
NtAllocateVirtualMemory
RtlNtStatusToDosError
_wtoi
NtReplyWaitReceivePort
NtLoadDriver
NtCreatePort
NtLoadKey
NtQuerySystemInformation
NtWriteFile
memcpy
NtQueryInformationFile
NtCreateFile
NtQueryDirectoryFile
NtQueryKey
NtSetInformationFile
__C_specific_handler
wcschr
memset
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
__chkstk
NtQueryInformationProcess
_strcmpi
_wcslwr
wcstol
_wcsupr
memcmp
NtSetInformationThread
NtDuplicateToken
NtFilterToken
NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
wcsrchr
NtReadFile
NtConnectPort
NtRequestWaitReplyPort
towupper
NtCompleteConnectPort
NtAcceptConnectPort
NtImpersonateClientOfPort
NtSetInformationProcess
NtOpenDirectoryObject
NtOpenProcess
NtDuplicateObject
towlower
wcstoul
_wcsicmp

kernel32

EncodePointer
SetUnhandledExceptionFilter
DecodePointer
QueryPerformanceCounter
SuspendThread
GetStartupInfoW
GetSystemTimeAsFileTime
GetModuleFileNameW
MulDiv
CreateProcessW
HeapReAlloc
GetFileAttributesW
SetFileAttributesW
CopyFileW
SetEndOfFile
DeleteFileW
GetWindowsDirectoryW
GetExitCodeProcess
QueueUserWorkItem
ResumeThread
TlsAlloc
OpenThread
TlsGetValue
TlsSetValue
DefineDosDeviceW
CancelIo
GetSystemInfo
GetCommandLineW
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
VirtualFree
RaiseException
HeapAlloc
HeapFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetTickCount
WaitForMultipleObjects
SetEvent
GetProcessHeap
DeleteCriticalSection
UnmapViewOfFile
CloseHandle
TerminateProcess
OutputDebugStringA
Sleep
TryEnterCriticalSection
GetCurrentThread
MapViewOfFile
CreateFileMappingW
CreateEventW
CreateMutexW
InitializeCriticalSection
WaitForSingleObject
OpenProcess
CreateThread
GetProcAddress
ExitProcess
HeapCreate
OpenFileMappingW
OpenEventW
OpenMutexW
SetCurrentDirectoryW
GetPrivateProfileStringW
GetFullPathNameW
GetEnvironmentVariableW
TerminateThread
GetProcessTimes
LockResource
LoadResource
SizeofResource
FindResourceW
DuplicateHandle
ReadProcessMemory
WriteProcessMemory
SetLastError
VirtualProtectEx
VirtualAllocEx
GetModuleHandleA
WriteFile
SetFilePointer
CreateFileW
GetLocalTime
LocalAlloc
SetThreadPriority
GetCurrentProcess
GetVersionExW
GetSystemWindowsDirectoryW
ResetEvent
GetCurrentProcessId
GetModuleHandleW
SetInformationJobObject
CreateJobObjectW
QueryInformationJobObject
GetCurrentThreadId
AssignProcessToJobObject
GlobalSize
ProcessIdToSessionId
UnregisterWait
GetConsoleWindow
LoadLibraryW
IsProcessInJob
RegisterWaitForSingleObject
GetConsoleProcessList
AllocConsole
VirtualAlloc

user32

GetClientRect
GetWindowRect
GetWindowInfo
GetIconInfo
FindWindowExA
FindWindowExW
FindWindowA
FindWindowW
MapWindowPoints
ScreenToClient
ClientToScreen
GetClipboardData
EnumClipboardFormats
GetClipboardSequenceNumber
ReleaseDC
GetDC
ClipCursor
SetForegroundWindow
MonitorFromWindow
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
SetCursorPos
GetWindowThreadProcessId
SendMessageW
EnumThreadWindows
DestroyWindow
KillTimer
PostMessageW
SetPropW
CreateWindowExW
RegisterClassW
DefWindowProcW
SetWindowPos
SendMessageTimeoutW
SendNotifyMessageA
SendNotifyMessageW
SendMessageA
PostMessageA
PackDDElParam
EnumChildWindows
EnumWindows
EndPaint
GetClassNameW
ShowWindow
GetMonitorInfoW
RegisterClassExW
wsprintfW
DispatchMessageW
GetMessageW
SetTimer
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
UserHandleGrantAccess
GetDesktopWindow
SetThreadDesktop
CreateDesktopW
SetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
GetProcessWindowStation
IsZoomed
IsIconic
IsWindowUnicode
IsWindowEnabled
IsWindowVisible
IsWindow
GetWindowLongA
GetWindowLongW
GetWindowLongPtrA
GetWindowLongPtrW
GetClassLongA
BeginPaint
GetClassLongW
GetClassLongPtrA
GetClassLongPtrW
GetPropA
GetPropW
GetClassNameA
GetShellWindow
GetParent
GetWindow

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
OpenThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
ConvertStringSidToSidW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenUserClassesRoot
RegOpenCurrentUser
SetTokenInformation
SetSecurityInfo
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenEventLogW
ReportEventW
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CreateProcessAsUserW
CheckTokenMembership
FreeSid
DuplicateToken
SetThreadToken
GetLengthSid
AddAccessAllowedAce
RevertToSelf
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
OpenSCManagerW
OpenServiceW
ControlService

ole32

CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoInitializeSecurity
CoMarshalInterface
CoCopyProxy
CoSetProxyBlanket
CoQueryProxyBlanket
CoTaskMemFree
CreateStreamOnHGlobal
CoUnmarshalInterface
StringFromGUID2
CoGetObject
CoGetClassObject

crypt32

CryptProtectData
CryptUnprotectData

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdi32

DeleteDC
GetDIBits
CreateCompatibleDC
GetEnhMetaFileBits
GetMetaFileBitsEx
TextOutW
SetTextColor
SetBkColor
SelectObject
CreateFontW
GetDeviceCaps
CreateSolidBrush

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

msvcr100

_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__set_app_type
_fmode
_onexit
_commode
__setusermatherr

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46345e280db8c29e86837b845e26b62b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sbiedll

ntdll

kernel32

user32

advapi32

ole32

crypt32

userenv

gdi32

netapi32

wtsapi32

msvcr100

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 408B

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 408B