aca988331ea5954f3d48ce62805da55d834697e3ddb343e563ff3b5462d67741_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

aca988331ea5954f3d48ce62805da55d834697e3ddb343e563ff3b5462d67741_NeikiAnalytics.exe
Size

484KB
MD5

6a215bccaf878386063682633b903ce0
SHA1

7c7d830e53a2a99aa868f78d47f95b507f432961
SHA256

aca988331ea5954f3d48ce62805da55d834697e3ddb343e563ff3b5462d67741
SHA512

08baccae7c0ba4204178bd1c43f1857212e033e668505ac63b32b0c08aab815bbe4892f174a2e3f2146ba8df6efe85eb2372222d5332f6359a0f8405e729218c
SSDEEP

6144:l3DpKerv/48u+3PmWCNNnPT9UYt8VWkX+60XekOFPb5Ql5MY27uSMcB6TI31ZHNN:x1KQv/48u2mW8Nn5UYjBXmFPbn7uS1Zv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aca988331ea5954f3d48ce62805da55d834697e3ddb343e563ff3b5462d67741_NeikiAnalytics.exe

Files

aca988331ea5954f3d48ce62805da55d834697e3ddb343e563ff3b5462d67741_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

e5201762cf8de91e3347f9792f9f04b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

ICGetInfo
ICOpen
ICClose

msacm32

acmDriverOpen
acmFormatTagDetailsA
acmDriverClose
acmDriverEnum
acmDriverDetailsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

OpenDriver
GetDriverModuleHandle
CloseDriver

mfc42

ord535
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord3286
ord3910
ord4224
ord2645
ord858
ord924
ord2575
ord4396
ord3574
ord609
ord6195
ord3870
ord6215
ord786
ord2461
ord3318
ord519
ord940
ord939
ord3301
ord3089
ord2370
ord6334
ord926
ord2614
ord1829
ord4275
ord3873
ord3874
ord2642
ord5710
ord3571
ord816
ord640
ord5785
ord2860
ord1640
ord323
ord562
ord755
ord470
ord5572
ord2915
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord617
ord4129
ord5683
ord5214
ord296
ord6117
ord2621
ord4202
ord4476
ord3716
ord790
ord765
ord2639
ord6111
ord4083
ord2546
ord291
ord4694
ord4400
ord3630
ord682
ord3706
ord2450
ord5678
ord4133
ord4297
ord5788
ord472
ord283
ord5786
ord5736
ord3619
ord1929
ord5875
ord2864
ord5981
ord3797
ord2859
ord6880
ord1200
ord4123
ord2243
ord6877
ord2116
ord6389
ord5787
ord3522
ord3521
ord6403
ord6402
ord2919
ord923
ord3092
ord5148
ord3742
ord818
ord1270
ord1232
ord2152
ord613
ord2753
ord5873
ord6172
ord6197
ord6379
ord5789
ord289
ord6605
ord3370
ord2582
ord4402
ord3640
ord693
ord556
ord809
ord4243
ord6242
ord2122
ord1088
ord3754
ord3812
ord3293
ord1847
ord1771
ord6366
ord2413
ord4401
ord692
ord3803
ord4277
ord5856
ord2784
ord6178
ord4124
ord3753
ord5782
ord3138
ord4284
ord6453
ord5440
ord6383
ord5450
ord6394
ord3711
ord783
ord1576
ord2452
ord2112
ord1641
ord4299
ord2414
ord656
ord3663
ord3626
ord3573
ord3610
ord860
ord941
ord922
ord2818
ord2379
ord823
ord540
ord4160
ord2086
ord800
ord4710
ord1175
ord6199
ord1168
ord537
ord4234
ord2302
ord825
ord324
ord567
ord641
ord795
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3721
ord4424
ord3402
ord5290
ord5241
ord1776
ord6055
ord3698
ord6377

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
sscanf
_purecall
memmove
_strupr
strrchr
printf
toupper
_wsplitpath
_adjust_fdiv
_mbsstr
exit
__p___argc
__p___argv
wcslen
wcscpy
_ftol
time
_CxxThrowException
srand
rand
_mbscmp
_setmbcp
_strnicmp
_stricmp
_splitpath
_makepath
strchr
__p__commode
__p__fmode
__set_app_type
wcscat
_controlfp
__CxxFrameHandler
strstr
sprintf
strncpy
strncat
free
calloc
wcstombs
_except_handler3
_beginthread
_strlwr
mbstowcs
atoi
wcsncpy
malloc
vsprintf
strncmp

kernel32

GlobalAlloc
lstrcpyA
GlobalLock
GlobalUnlock
CreateProcessA
FreeLibrary
GetWindowsDirectoryA
WinExec
lstrcatA
SetLastError
lstrlenA
OpenProcess
IsBadWritePtr
MultiByteToWideChar
DeleteFileA
LocalFree
FormatMessageA
GetLastError
SearchPathA
FindClose
FindFirstFileA
GetACP
GetModuleHandleA
GetStartupInfoA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
CreateEventA
CloseHandle
GetCurrentProcessId
GetVersionExA
GetFileAttributesA
GetFileSize
CreateFileA
ReadFile
GetTickCount
SetFilePointer
CreateFileW
WideCharToMultiByte
WriteFile
GetUserDefaultLangID
IsBadCodePtr
GetCommandLineW
Sleep

user32

PtInRect
SetCursor
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
CopyIcon
LoadCursorA
MessageBeep
SetWindowLongA
SetLastErrorEx
IsCharAlphaNumericA
IsCharAlphaA
DefWindowProcA
GetClassInfoA
GetSystemMenu
IsRectEmpty
WindowFromPoint
ClientToScreen
GetCapture
UnregisterClassA
DrawFocusRect
GetClassNameA
DeferWindowPos
EqualRect
EndDeferWindowPos
BeginDeferWindowPos
GetWindowRgn
AdjustWindowRectEx
IsMenu
GetMenu
IsZoomed
SetPropA
SetWindowRgn
CallWindowProcA
RemovePropA
GetPropA
ReleaseCapture
wvsprintfA
AppendMenuA
LoadIconA
IsWindowVisible
LoadImageA
GetSysColor
KillTimer
CheckMenuItem
InvalidateRect
GetWindowLongA
MessageBoxA
CopyRect
IsWindow
wsprintfA
LoadAcceleratorsA
GetDlgItem
SetTimer
PostMessageA
EnableMenuItem
ScreenToClient
SendMessageA
LoadBitmapA
GetCursorPos
EnableWindow
SetCapture
FillRect
DrawTextA
GetDlgCtrlID
LoadStringA
GetKeyState
GetMenuItemCount
GetMenuItemID
TranslateAcceleratorA
LoadMenuA
GetSubMenu
EmptyClipboard
SetClipboardData
OpenClipboard
CloseClipboard
HideCaret
GetClientRect
IsIconic
GetSystemMetrics
DrawIcon
MapDialogRect
GetFocus

gdi32

OffsetRgn
CombineRgn
DPtoLP
CreateRectRgn
GetCharWidthA
GetWindowOrgEx
GetTextExtentExPointA
SelectObject
CreatePatternBrush
PatBlt
GetTextMetricsA
GetStockObject
GetObjectA
CreateFontIndirectA
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateDIBSection
GetDIBits
CreateCompatibleDC
BitBlt
DeleteObject
CreateSolidBrush
SetRectRgn

comdlg32

GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA

advapi32

RegQueryValueA
RegCreateKeyA
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExA

shell32

DragQueryFileA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHChangeNotify
DragFinish
ShellExecuteW
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitialize
CreateItemMoniker
GetRunningObjectTable
CLSIDFromString
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
StringFromCLSID
StringFromGUID2

oleaut32

SafeArrayUnaccessData
VariantClear
SysFreeString
SafeArrayAccessData

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 4KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5201762cf8de91e3347f9792f9f04b7

Headers

File Characteristics

Imports

msvfw32

msacm32

version

winmm

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 228KB - Virtual size: 225KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 40KB - Virtual size: 46KB

.rsrc Size: 168KB - Virtual size: 165KB

.trdata Size: 4KB - Virtual size: 76KB

.text
Size: 228KB - Virtual size: 225KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 40KB - Virtual size: 46KB

.rsrc
Size: 168KB - Virtual size: 165KB

.trdata
Size: 4KB - Virtual size: 76KB