061320a5f8d8248bc91971d0c2980fb47fe1788406334606df196b13d69e6c08_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

061320a5f8d8248bc91971d0c2980fb47fe1788406334606df196b13d69e6c08_NeikiAnalytics.exe
Size

1.4MB
MD5

7f19faaf5ec1f90a13cd1dec07cba9d0
SHA1

df2e58d7d91265b0994358a6de7b87009b6fb974
SHA256

061320a5f8d8248bc91971d0c2980fb47fe1788406334606df196b13d69e6c08
SHA512

5ef7db02ce477a5b3200943405e324e18dbe575d7e3bdd3c9a1188b2d373c62780ed5b521752c2b3bd5c528049e8b75c4d1ee52be6d0aeea11abcf51049a9110
SSDEEP

24576:qXE7YANpmpcGqB6GLhR2/95Q/Y+df66fPAwh26lSx9bizEJPo7UT:OE8NRq/LttdPAwYMSxJio9o7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
061320a5f8d8248bc91971d0c2980fb47fe1788406334606df196b13d69e6c08_NeikiAnalytics.exe

Files

061320a5f8d8248bc91971d0c2980fb47fe1788406334606df196b13d69e6c08_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

22986c64a6ad0b8c89ebd1fd0eaa337a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-313780\vos3\thinstall\modules\os_exe.pdb

Imports

ntdll

RtlUpcaseUnicodeChar
RtlUnicodeStringToAnsiString
RtlTryEnterCriticalSection
RtlSetCurrentDirectory_U
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlImageNtHeader
RtlFreeUnicodeString
RtlFreeAnsiString
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlDosPathNameToNtPathName_U
RtlDestroyProcessParameters
RtlCreateProcessParameters
RtlAppendUnicodeToString
NtWriteVirtualMemory
NtWriteFile
NtUnmapViewOfSection
NtTerminateThread
NtTerminateProcess
NtSetValueKey
NtSetSecurityObject
NtSetIoCompletion
NtSetInformationThread
NtSetInformationProcess
NtSetInformationFile
NtSetEvent
NtSetDefaultLocale
NtResumeThread
NtReadVirtualMemory
NtReadFile
NtRaiseHardError
NtQueryVolumeInformationFile
NtQueryVirtualMemory
NtQueryValueKey
NtQuerySymbolicLinkObject
NtQuerySecurityObject
NtQuerySection
NtQueryKey
NtQueryInformationThread
NtQueryInformationProcess
NtQueryInformationFile
NtQueryFullAttributesFile
NtQueryDirectoryFile
NtQueryDefaultLocale
NtQueryAttributesFile
NtProtectVirtualMemory
NtOpenThread
NtOpenSymbolicLinkObject
NtOpenSection
NtOpenProcess
NtOpenKey
NtOpenFile
NtMapViewOfSection
NtFsControlFile
NtFreeVirtualMemory
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDuplicateObject
NtDeleteValueKey
NtDeleteKey
NtCreateThread
NtCreateSection
NtCreateProcess
NtCreateKey
NtCreateFile
NtClose
NtAllocateVirtualMemory
CsrFreeCaptureBuffer
CsrClientCallServer
CsrAllocateMessagePointer

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

gdi32

AddFontResourceW
CombineRgn
CreateCompatibleDC
CreateDCA
CreateDIBitmap
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExtCreateRegion
GetObjectW
GetStockObject
GetTextCharset
LineTo
MoveToEx
RemoveFontResourceW
SelectObject
SetBkMode
SetDIBits
SetTextColor
BitBlt

kernel32

DeleteFiber
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FatalAppExitA
FileTimeToSystemTime
FindClose
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrencyFormatA
GetCurrencyFormatW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatA
GetNumberFormatW
CompareStringW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProcAddress
GetProcessHeap
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadLocale
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
DeleteCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
lstrcmpiW
lstrcpynA
lstrlenA
lstrlenW
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenEventW
OpenFile
OpenFileMappingW
OpenMutexW
OpenProcess
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
CompareStringA
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResumeThread
RtlUnwind
SearchPathA
SearchPathW
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetLocaleInfoA
SetLocaleInfoW
SetPriorityClass
SetProcessAffinityMask
SetProcessPriorityBoost
SetProcessWorkingSetSize
SetStdHandle
SetThreadAffinityMask
SetThreadContext
SetThreadIdealProcessor
SetThreadLocale
SetThreadPriority
SetThreadPriorityBoost
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForDebugEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProcessMemory
WriteProfileStringA
WriteProfileStringW
CopyFileExW
EnumResourceNamesW
EnumSystemLocalesA
LoadLibraryExW
CompareFileTime
CloseHandle
AddAtomW
_lopen
_lcreat
WriteFile
DebugBreak
DebugActiveProcess
CreateThread
CreateSemaphoreW
CreateRemoteThread
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryA
CreateConsoleScreenBuffer
CopyFileW
CopyFileA
InitializeCriticalSectionAndSpinCount
ContinueDebugEvent
GetOEMCP

advapi32

SetServiceBits
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetFileSecurityW
SetFileSecurityA
SetEntriesInAclW
RevertToSelf
RegSetValueW
RegSetValueExW
RegSetValueExA
RegSetValueA
RegQueryValueW
RegQueryValueExW
RegQueryValueExA
RegQueryValueA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
QueryServiceStatusEx
QueryServiceStatus
QueryServiceObjectSecurity
QueryServiceLockStatusW
QueryServiceLockStatusA
QueryServiceConfigW
QueryServiceConfigA
OpenThreadToken
OpenServiceW
OpenServiceA
OpenSCManagerW
OpenSCManagerA
OpenProcessToken
MapGenericMask
MakeSelfRelativeSD
MakeAbsoluteSD
LookupAccountNameW
LogonUserW
LogonUserA
LockServiceDatabase
IsValidSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
ImpersonateSelf
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetServiceKeyNameW
GetServiceKeyNameA
GetServiceDisplayNameW
GetServiceDisplayNameA
GetSecurityInfo
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetNamedSecurityInfoW
GetLengthSid
UnlockServiceDatabase
StartServiceW
StartServiceCtrlDispatcherW
StartServiceCtrlDispatcherA
StartServiceA
SetTokenInformation
SetServiceStatus
SetServiceObjectSecurity
EqualSid
EnumServicesStatusW
EnumServicesStatusExW
EnumServicesStatusExA
EnumServicesStatusA
EnumDependentServicesW
EnumDependentServicesA
DuplicateTokenEx
DuplicateToken
DeleteService
CryptVerifySignatureW
CryptSignHashW
CryptReleaseContext
CryptImportKey
CryptHashData
CryptGetHashParam
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CreateServiceW
CreateServiceA
CreateProcessAsUserW
CreateProcessAsUserA
CopySid
ControlService
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfigA
AllocateAndInitializeSid
AccessCheck
GetFileSecurityW
FreeSid

ole32

CoRevokeClassObject
WriteClassStg
StringFromGUID2
StringFromCLSID
StgOpenStorage
OleUninitialize
OleRun
OleLoad
OleGetAutoConvert
OleDoAutoConvert
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoGetClassObject
CoGetMalloc
CoInitialize
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateBindCtx
OleCreate
OleCreateDefaultHandler

user32

BeginPaint
CharLowerW
CharNextExA
CharUpperW
CloseClipboard
CloseDesktop
CloseWindowStation
CreateDialogParamW
CreateIconFromResource
CreateIconFromResourceEx
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawTextW
EnableWindow
EndPaint
FillRect
FindWindowA
FindWindowExW
FindWindowW
GetClassInfoA
GetClassInfoW
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetMessageA
GetMessageW
GetParent
GetProcessWindowStation
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetUserObjectInformationW
GetWindow
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
IsDialogMessageW
IsWindow
IsWindowVisible
KillTimer
LoadCursorFromFileA
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
LoadMenuA
LoadMenuW
LoadStringW
LookupIconIdFromDirectoryEx
MessageBoxW
OpenClipboard
OpenDesktopW
OpenInputDesktop
OpenWindowStationW
PeekMessageA
PeekMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
ReleaseCapture
ReleaseDC
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetProcessWindowStation
SetRect
SetTimer
SetUserObjectSecurity
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TranslateMessage
UnregisterClassW
WaitForInputIdle
WinHelpA
WinHelpW
wvsprintfW

Exports

Exports

ManageAPIFactory

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22986c64a6ad0b8c89ebd1fd0eaa337a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

oleaut32

gdi32

kernel32

advapi32

ole32

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 70KB - Virtual size: 70KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 70KB - Virtual size: 70KB