673694972dab6904e4f698aa414b3dfa556f9dda242b68b219b7a126d8a3e87d_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

673694972dab6904e4f698aa414b3dfa556f9dda242b68b219b7a126d8a3e87d_NeikiAnalytics.exe
Size

1.4MB
MD5

a63f81a2b30152c2465fd31413df02a0
SHA1

663e92759eb614407d933d11e48bf9a01294a45e
SHA256

673694972dab6904e4f698aa414b3dfa556f9dda242b68b219b7a126d8a3e87d
SHA512

2894b02e44989cfed10afc78695190e1cde1027665626d9070e99359b1872ba3f10c1758c00e85fc54b1b183c1a19faabb2c2a82c89d8870809c28a07cf3b15c
SSDEEP

24576:+8x06UEpdsA4Tmn8dgCCHt/nxfRmXDmQE1PzGThYz2lB/I:+U06UZVTmTHt/lOXmGT1/I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
673694972dab6904e4f698aa414b3dfa556f9dda242b68b219b7a126d8a3e87d_NeikiAnalytics.exe

Files

673694972dab6904e4f698aa414b3dfa556f9dda242b68b219b7a126d8a3e87d_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

59eb9fe43683ecaabfd59b012da9f4ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Code\wdl-lvc\Branch\HotPhuzz\build-win\vst2\X64\bin\HotPhuzz.pdb

Imports

wininet

InternetGetConnectedState

comctl32

InitCommonControlsEx

kernel32

lstrlenA
SetEnvironmentVariableA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
SetStdHandle
GetStringTypeW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RaiseException
RtlPcToFileHeader
LoadLibraryExW
CloseHandle
GetTimeZoneInformation
ExitProcess
ReadConsoleW
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersion
MultiByteToWideChar
GetCurrentProcessId
DeleteCriticalSection
VirtualProtect
GetModuleFileNameA
GlobalUnlock
CreateDirectoryA
InitializeCriticalSection
SetEndOfFile
GlobalLock
EnterCriticalSection
LeaveCriticalSection
CreateFileW
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetLastError
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
ReadFile
RtlUnwindEx
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry

user32

DrawTextW
DrawTextA
EndPaint
ClientToScreen
DestroyWindow
GetClassNameA
SetTimer
ScreenToClient
GetWindowRect
GetWindowLongPtrA
TrackPopupMenu
SetCapture
GetKeyState
GetParent
TrackMouseEvent
SetFocus
SendMessageA
BeginPaint
EnumWindows
GetUpdateRect
GetCapture
ShowCursor
SetWindowLongA
MessageBoxA
InvalidateRect
SetCursorPos
GetAncestor
UnregisterClassA
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
SetWindowPos
GetCursorPos
CreatePopupMenu
SetWindowLongPtrA
AppendMenuA
ReleaseCapture
SetWindowTextA
UpdateWindow
CallWindowProcA
DestroyMenu
LoadCursorA
ValidateRect
GetWindowThreadProcessId
RegisterClassA
CloseClipboard
GetClipboardData
OpenClipboard

gdi32

DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
BitBlt
SetTextColor
SetBkColor
SetBkMode
GetStockObject
CreateFontA
GetTextMetricsA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

advapi32

RegOpenKeyA
RegCloseKey

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA

Exports

Exports

VSTPluginMain
main

Sections

.text
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 737KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59eb9fe43683ecaabfd59b012da9f4ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Exports

Exports

Sections

.text Size: 505KB - Virtual size: 505KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 32KB - Virtual size: 63KB

.pdata Size: 24KB - Virtual size: 23KB

.rsrc Size: 737KB - Virtual size: 736KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 505KB - Virtual size: 505KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 32KB - Virtual size: 63KB

.pdata
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 737KB - Virtual size: 736KB

.reloc
Size: 4KB - Virtual size: 4KB