b3ea27d2b50112126bef94d2b3e29d85724405e82d0635ccaf365b6701281d97_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b3ea27d2b50112126bef94d2b3e29d85724405e82d0635ccaf365b6701281d97_NeikiAnalytics.exe
Size

1.0MB
MD5

91593cd225a75576fec677e8cac94c00
SHA1

690702bdeb3044bf33b3b44b39a02e7b40b11b33
SHA256

b3ea27d2b50112126bef94d2b3e29d85724405e82d0635ccaf365b6701281d97
SHA512

ce939bcb4ccb4d066ae1bb9cc4896a6579b29b533f20033a40c5ae2f507baf37a9e48cdd7f7d0ecaa09120329aa3b7b77165e568726aba9328520ce7c65df50d
SSDEEP

24576:/lnmlOJbOrtAS6B2LoeaWHtO+GqWzJaGDsrEH74:/5mlOJEAS6B2XtpGD8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3ea27d2b50112126bef94d2b3e29d85724405e82d0635ccaf365b6701281d97_NeikiAnalytics.exe

Files

b3ea27d2b50112126bef94d2b3e29d85724405e82d0635ccaf365b6701281d97_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

d9e388684546f7addb8659ea0853fe5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msado15.pdb

Imports

msvcrt

memset
__CxxFrameHandler3
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
_vsnprintf
_wrename
rename
_waccess
_access
fseek
fwrite
fread
fclose
_purecall
_vsnwprintf
_wcsicmp
free
wcschr
_wcsnicmp
_CxxThrowException
malloc
memcpy
iswalnum
iswalpha
memmove
_ftol2_sse
iswspace
wcsncmp
wcsstr
realloc
_wtol
_ultow
_fileno
_get_osfhandle
_wfopen
fopen
_resetstkoflw

ntdll

ord1

msdart

FXMemAttach
MpGetHeapHandle
FXMemDetach
MpHeapReAlloc
UMSEnterCSWraper
MPDeleteCriticalSection
MPInitializeCriticalSection
?ReadUnlock@CReaderWriterLock3AR@@QAEXXZ
?ReadLock@CReaderWriterLock3AR@@QAEXXZ
?WriteLock@CReaderWriterLock3AR@@QAEXXZ
?WriteUnlock@CReaderWriterLock3AR@@QAEXXZ
??1CReaderWriterLock3AR@@QAE@XZ
?ReadOrWriteLock@CReaderWriterLock3AR@@QAE_NXZ
?ReadOrWriteUnlock@CReaderWriterLock3AR@@QAEX_N@Z
??0CReaderWriterLock3AR@@QAE@XZ
MpHeapAlloc
MpHeapFree

kernel32

QueryPerformanceCounter
DeleteCriticalSection
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSection
DeleteFileW
DeleteFileA
GetCurrentProcessId
GetWindowsDirectoryW
LoadLibraryExW
LCMapStringW
TlsFree
TlsAlloc
DisableThreadLibraryCalls
lstrcmpiW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryA
GetVersion
HeapDestroy
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
GetCurrentThreadId
GetUserDefaultLCID
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
CloseHandle
CreateThread
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
GetTempFileNameW
GetFullPathNameW
WriteFile
GetFileType
CreateFileA
GetLastError
CreateFileW
GetFileTime
ReadFile
lstrlenW
GetCurrentProcess
WaitForSingleObject
CompareStringW

user32

UnregisterClassW
DefWindowProcW
GetDesktopWindow
GetWindow
GetWindowLongW
IsWindowVisible
GetWindowThreadProcessId
MessageBoxW
LoadStringW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
CreateWindowExW
DestroyWindow
PostMessageW
GetActiveWindow

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
GetFileSecurityW
SetFileSecurityW

ole32

CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
StringFromCLSID
CoTaskMemAlloc
CoInitialize
CoUninitialize
CreateBindCtx
CreateFileMoniker
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree

oleaut32

SetErrorInfo
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString
SysStringLen
SysAllocString
SafeArrayUnlock
SafeArrayLock
VariantCopy
SysAllocStringLen
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate
SysStringByteLen
SafeArrayGetElement
SafeArrayPutElement
CreateErrorInfo
LoadTypeLi
OaBuildVersion
SysReAllocStringLen
SafeArrayCopy
GetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RNIGetCompatibleVersion
com_ms_wfc_data_Field_getBoolean
com_ms_wfc_data_Field_getByte
com_ms_wfc_data_Field_getBytes
com_ms_wfc_data_Field_getDataTimestamp
com_ms_wfc_data_Field_getDouble
com_ms_wfc_data_Field_getFloat
com_ms_wfc_data_Field_getInt
com_ms_wfc_data_Field_getLong
com_ms_wfc_data_Field_getShort
com_ms_wfc_data_Field_getString
com_ms_wfc_data_Field_isNull
com_ms_wfc_data_Field_loadMsjava
com_ms_wfc_data_Field_setDataDate

Sections

.text
Size: 836KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9e388684546f7addb8659ea0853fe5e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

msdart

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 836KB - Virtual size: 833KB

.data Size: 8KB - Virtual size: 4KB

.sdbid Size: 4KB - Virtual size: 1KB

.rsrc Size: 92KB - Virtual size: 90KB

.reloc Size: 52KB - Virtual size: 50KB

.text
Size: 836KB - Virtual size: 833KB

.data
Size: 8KB - Virtual size: 4KB

.sdbid
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 92KB - Virtual size: 90KB

.reloc
Size: 52KB - Virtual size: 50KB