a9507bb9d191e103fa35dc0e26d77d586c045594cc259515cbf16dde656e5eaa_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a9507bb9d191e103fa35dc0e26d77d586c045594cc259515cbf16dde656e5eaa_NeikiAnalytics.exe
Size

2.5MB
MD5

4067956df37a6204eed8f2aabd8934a0
SHA1

c6f5ba1060c8925fa21f560b8e8121aa285e6c51
SHA256

a9507bb9d191e103fa35dc0e26d77d586c045594cc259515cbf16dde656e5eaa
SHA512

cfcea87592d4adf701a2b4229128a01d7480e8b77ebcc3cdd35c545c08fee3ecaa9d40423903767e9d4a600669c80edab9972582da58460a6d0b43caa975fde1
SSDEEP

49152:uFV9RqQPZHyDc69SJAqPQjTD1g7JGAzZh6aqWPpjL:oXRqHTD1g7kAzZ8WPR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9507bb9d191e103fa35dc0e26d77d586c045594cc259515cbf16dde656e5eaa_NeikiAnalytics.exe

Files

a9507bb9d191e103fa35dc0e26d77d586c045594cc259515cbf16dde656e5eaa_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

d56fac346960eced139e2164477992d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\qb\workspace\26444\source\Build\mfts\x32\__bin\Release\mfx_mft_vp9ve_32_full.pdb

Imports

mfplat

MFTRegister
MFTUnregister
MFCreateDXSurfaceBuffer
MFCreateTrackedSample
MFCreateMediaEvent
MFCreateAttributes
MFCreateMemoryBuffer
MFCreateEventQueue
MFCreateMediaType
MFPutWorkItem
MFAllocateSerialWorkQueue
MFUnlockWorkQueue
MFCreateDXGIDeviceManager

propsys

PropVariantCompareEx
VariantCompare
PSCreateMemoryPropertyStore

d3d11

D3D11CreateDevice

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

kernel32

DecodePointer
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
ReadFile
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
GetConsoleMode
GetCommandLineW
GetLocalTime
GetModuleFileNameW
GetConsoleCP
WriteFile
FlushFileBuffers
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
QueryPerformanceCounter
QueryPerformanceFrequency
SetStdHandle
SetConsoleCtrlHandler
FindFirstFileExW
GetCurrentProcess
GetCurrentThreadId
K32GetProcessMemoryInfo
EnumSystemLocalesW
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetUserDefaultLCID
IsValidLocale
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
CreateSemaphoreExW
WaitForMultipleObjects
GetProcessTimes
GetSystemInfo
LocalFree
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetStdHandle
HeapSize
WriteConsoleW
Sleep
GetModuleHandleExW
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetThreadErrorMode
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SwitchToThread
OutputDebugStringW
HeapDestroy
ReadConsoleW
HeapFree
HeapAlloc
GetCurrentThread
ExitProcess
WaitForSingleObjectEx
SystemTimeToFileTime
RaiseException
CreateFileA
DeviceIoControl
GetSystemDirectoryA
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
FormatMessageA
TzSpecificLocalTimeToSystemTime
SetFileTime
FileTimeToSystemTime
FormatMessageW
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
PropVariantClear
StringFromCLSID
CoSetProxyBlanket
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear
VariantInit
SysAllocString

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegEnumKeyExW
ConvertStringSidToSidW
BuildTrusteeWithSidW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyExW
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventWrite
EventUnregister
EventRegister

setupapi

CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Open_DevNode_Key

dxgi

CreateDXGIFactory

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d56fac346960eced139e2164477992d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfplat

propsys

d3d11

api-ms-win-core-path-l1-1-0

kernel32

ole32

oleaut32

version

advapi32

setupapi

dxgi

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 312KB - Virtual size: 312KB

.data Size: 24KB - Virtual size: 99KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 74KB - Virtual size: 73KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 312KB - Virtual size: 312KB

.data
Size: 24KB - Virtual size: 99KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 74KB - Virtual size: 73KB