04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.exe
Size

228KB
MD5

237cea44927c52ca7720a32a6a98a1e0
SHA1

9575b2d835ace98d2eeacdd007697fcefee7f140
SHA256

04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f
SHA512

e71cc77510883349ad3d2c0c58527b4c1e5cd5b6670eb334d9e2244938dec1c8983390aaac3f13c5ba969459a30807b92296307c612b2082c766ec4f9f2584de
SSDEEP

6144:P4xy79GdFJix1j4fedCWP37PYMvEAjnO4:PnouLPYMvBZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.exe

Files

04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

958bd9abee8023fc72c44c3e3beb322b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\symbols\Release\FilterProcessors.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
CloseHandle
ExpandEnvironmentStringsW
lstrcmpiW
LocalFree
SetLastError
GetCurrentThread
lstrcpynW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
QueryDosDeviceW
DeleteCriticalSection
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
GetLogicalDrives
LocalAlloc
FormatMessageW
GetFileAttributesW
lstrcatW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleW
GetProcAddress
GetCurrentProcess
lstrcpyW
MultiByteToWideChar
GetLastError
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetLogicalDriveStringsW
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

LoadStringW
CharUpperBuffW
CharNextW
wsprintfW

advapi32

GetLengthSid
CopySid
EqualSid
OpenProcessToken
IsValidSid
RegEnumValueW
OpenThreadToken
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetTokenInformation

shell32

SHGetDesktopFolder
SHGetMalloc

ole32

CoRevertToSelf
CoGetCallContext
CoTaskMemRealloc
CoTaskMemFree
ProgIDFromCLSID
CoCreateInstance
CoTaskMemAlloc
CoImpersonateClient
StringFromGUID2

oleaut32

SafeArrayDestroy
RegisterTypeLi
UnRegisterTypeLi
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
VariantClear
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayLock
SafeArrayGetVartype
SafeArrayCopy
SafeArrayCreate
SafeArrayRedim
VariantCopyInd

msvcp71

?_Nomemory@std@@YAXXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??Bios_base@std@@QBEPAXXZ
??_D?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

shlwapi

StrRetToStrW
PathFindExtensionW

msvcr71

malloc
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
memset
_callnewh
wcschr
wcstok
wcsncpy
memmove
wcsrchr
_resetstkoflw
_wsplitpath
wcscat
_wmakepath
wcslen
wcsstr
wcspbrk
realloc
wcsncmp
??_V@YAXPAX@Z
_except_handler3
_purecall
vswprintf
_vscwprintf
swprintf
_wcsnicmp
free
_CxxThrowException
wcstoul
_errno
__CxxFrameHandler
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z

userenv

UnloadUserProfile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

958bd9abee8023fc72c44c3e3beb322b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

shlwapi

msvcr71

userenv

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 20KB - Virtual size: 16KB