b2c6e6fcad7c7a8080d09bb614aa4f189ac2def17c97321f9f0ee02ddc186d2c_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b2c6e6fcad7c7a8080d09bb614aa4f189ac2def17c97321f9f0ee02ddc186d2c_NeikiAnalytics.exe
Size

707KB
MD5

927c2141f1028acfa0fbbcda308622e0
SHA1

a9e62516fd0215349cc888fa5b56a654a68c0218
SHA256

b2c6e6fcad7c7a8080d09bb614aa4f189ac2def17c97321f9f0ee02ddc186d2c
SHA512

fe21ed803a3dd259905bbecf6a46634e4670001b773b2f6c7e891d7c82f5388dfd21f4c182be9fa87788624d51095d2db1b119a13c1ccf5a21bf9ebb44d8b9dc
SSDEEP

12288:QYhNikHDq1XLwHYZgcD8pellpco/zENOeQiV1ux:QYhNikHGxLwHKApeCoAYeXV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2c6e6fcad7c7a8080d09bb614aa4f189ac2def17c97321f9f0ee02ddc186d2c_NeikiAnalytics.exe

Files

b2c6e6fcad7c7a8080d09bb614aa4f189ac2def17c97321f9f0ee02ddc186d2c_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

ffade90db9adeb5900b8408b6a1b9815

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

psr.pdb

Imports

advapi32

TraceMessage
EventRegister
EventUnregister
ControlTraceW
EventWriteString
EnableTrace
StartTraceW
CloseTrace
ProcessTrace
OpenTraceW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegGetValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountNameW
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyW
RegQueryValueExW

kernel32

FindNextFileW
FindFirstFileW
MultiByteToWideChar
LoadLibraryW
ExpandEnvironmentStringsW
FreeLibrary
GetModuleFileNameW
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
SetEvent
OpenEventW
RegisterWaitForSingleObject
lstrlenW
RaiseException
DeleteCriticalSection
lstrcmpiW
UnregisterWait
CreateThread
GetCurrentThreadId
InterlockedDecrement
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
CreateProcessW
GetSystemDirectoryW
Wow64DisableWow64FsRedirection
IsWow64Process
GetCurrentProcess
HeapSetInformation
WideCharToMultiByte
GetSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetVersionExW
GetProductInfo
MoveFileExW
WaitForMultipleObjects
InterlockedIncrement
GlobalUnlock
GlobalFree
TlsAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteFileA
LockResource
UnmapViewOfFile
WriteFile
GetDateFormatW
GetFileSize
CreateFileMappingW
MapViewOfFile
DuplicateHandle
SetLastError
WakeConditionVariable
GetCurrentThread
GetThreadPriority
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
ResetEvent
SetThreadPriority
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
QueryFullProcessImageNameW
LocalFree
GetCurrentProcessId
ReadProcessMemory
OpenProcess
GetFileAttributesW
CreateFileW
GetProcAddress
TlsSetValue
GlobalAlloc
TlsFree
TlsGetValue
ReadFile
CreateFileA
IsDBCSLeadByte
lstrcmpA
SetFilePointer
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesExW
ReplaceFileW
FileTimeToDosDateTime
GetFileAttributesExA
CreateEventW
CloseHandle
Sleep
GetModuleHandleW
GetLastError
InterlockedCompareExchange
HeapAlloc
WaitForSingleObject
GlobalLock
GlobalReAlloc
GetDriveTypeA
FindNextFileA
FindFirstFileA
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
lstrlenA
lstrcmpiA
GlobalHandle
InterlockedExchange
GetVersionExA
GetTickCount
InitializeCriticalSection
GetProcessHeap
HeapFree
LeaveCriticalSection
EnterCriticalSection
FindClose

gdi32

BitBlt
CreateCompatibleBitmap
CreateDCW
StretchBlt
CreateSolidBrush
ExcludeClipRect
CreateCompatibleDC
CreateDIBSection
GetCurrentObject
CreatePen
SelectObject
GetStockObject
Rectangle
DeleteObject
DeleteDC
GetObjectW

user32

GetSysColorBrush
SetForegroundWindow
DialogBoxParamW
SetCapture
ClientToScreen
ReleaseCapture
EndPaint
FillRect
IsRectEmpty
BeginPaint
SetWindowLongW
InvalidateRect
GetCursorPos
LoadIconW
GetDlgItem
RedrawWindow
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetFocus
DefWindowProcW
EndDialog
KillTimer
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
CreateDialogParamW
SetTimer
UpdateWindow
MapWindowPoints
LoadMenuW
GetSubMenu
DestroyMenu
EnableMenuItem
TrackPopupMenu
RegisterClassExW
SetCursorPos
FindWindowW
SendInput
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
IsHungAppWindow
CharLowerA
GetDesktopWindow
UnregisterClassA
OemToCharBuffA
CharPrevA
EnableWindow
CharUpperBuffA
SetProcessDefaultLayout
SetLayeredWindowAttributes
CopyImage
MsgWaitForMultipleObjectsEx
PeekMessageW
EnumChildWindows
DispatchMessageA
PeekMessageA
CharNextA
CharToOemBuffA
PostMessageW
SetMenuInfo
SetMenuItemInfoW
GetProcessDefaultLayout
DestroyIcon
UnregisterClassW
IsWindowVisible
SetParent
GetClientRect
MoveWindow
AdjustWindowRect
SendMessageW
DestroyWindow
SystemParametersInfoW
CreateWindowExW
MessageBoxW
LoadStringW
SetWindowTextW
DrawIcon
ShowWindow
SetWindowPos
SetWindowsHookExW
CallNextHookEx
PostQuitMessage
GetGUIThreadInfo
WindowFromPoint
GetWindowThreadProcessId
UnhookWindowsHookEx
GetDoubleClickTime
GetWindowInfo
GetWindowLongW
GetParent
GetSystemMetrics
GetAsyncKeyState
PtInRect
LoadImageW
GetCursorInfo
InternalGetWindowText
GetClassNameW
GetWindowRect
GetKeyState
MapVirtualKeyW
GetKeyNameTextW
GetDC
ReleaseDC
GetIconInfo

msvcrt

_vsnwprintf
memset
_vsnprintf
_wcsicmp
__CxxFrameHandler3
_itow_s
wcsstr
_wcsupr
wcstoul
strncmp
_controlfp
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
calloc
_callnewh
_wtoi
_purecall
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
memcpy_s
free
malloc
_wcstoui64
wcstol
wcschr
memcpy
_vscwprintf
_ftol2
_mktemp
strstr
qsort
localtime
gmtime
time
memmove
_getdrive

ntdll

NtQueryInformationProcess
EtwEventRegister
EtwEventWrite
EtwEventUnregister

oleaut32

RegisterTypeLi
VarUI4FromStr
SysStringLen
VariantInit
VariantClear
SysFreeString
UnRegisterTypeLi
SysAllocString
VariantChangeType
LoadRegTypeLi
LoadTypeLi

ole32

StringFromGUID2
CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree

oleacc

GetRoleTextW
AccessibleObjectFromPoint
AccessibleObjectFromWindow
WindowFromAccessibleObject

comctl32

ImageList_Create
HIMAGELIST_QueryInterface
InitCommonControlsEx
ord381
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Destroy

shlwapi

PathUnquoteSpacesW
PathGetArgsW
PathIsDirectoryW
ord218
ord216
PathIsSameRootW
PathAppendW
PathMatchSpecExA
SHAutoComplete
PathFindFileNameA
ord197
PathAddExtensionW
SHCreateStreamOnFileEx
PathRemoveBlanksW
PathRemoveExtensionW
PathRemoveBackslashW
PathCombineW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveArgsW

shell32

ord171
CommandLineToArgvW
ord727
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
SHCreateItemInKnownFolder
ShellAboutW
ord245

msdrm

DRMIsWindowProtected

xmllite

CreateXmlWriter

gdiplus

GdiplusStartup
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

AlphaBlend

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffade90db9adeb5900b8408b6a1b9815

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

oleaut32

ole32

oleacc

comctl32

shlwapi

shell32

msdrm

xmllite

gdiplus

version

msimg32

wtsapi32

Sections

.text Size: 187KB - Virtual size: 187KB

.data Size: 5KB - Virtual size: 28KB

.rsrc Size: 473KB - Virtual size: 473KB

.reloc Size: 9KB - Virtual size: 12KB

.text
Size: 187KB - Virtual size: 187KB

.data
Size: 5KB - Virtual size: 28KB

.rsrc
Size: 473KB - Virtual size: 473KB

.reloc
Size: 9KB - Virtual size: 12KB