2065fd49a8fcb578290207150a5bafa620ca5b21018004eccd6acd4274747301_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2065fd49a8fcb578290207150a5bafa620ca5b21018004eccd6acd4274747301_NeikiAnalytics.exe
Size

444KB
MD5

61a3ec4ede6773dba758a4e57c4c0f80
SHA1

777c181feca6efd023f114e4f486a63351169434
SHA256

2065fd49a8fcb578290207150a5bafa620ca5b21018004eccd6acd4274747301
SHA512

b4038646495c926ce5c5da071900176d1ac0747e1386b05802019f5c086fd1ed7b37b0a89a0781c7671d6def310e2284e1c6d361bfefee36f6bfb502b959ac25
SSDEEP

6144:GgDl2hCQQ2bFMjG3JTNb8/FpDxM+rmwt0mNLRpLwjHpBV+UdvrEFp7hKf:GgaQ25M6/b8/FpDxMnB+3wjJBjvrEH7Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2065fd49a8fcb578290207150a5bafa620ca5b21018004eccd6acd4274747301_NeikiAnalytics.exe

Files

2065fd49a8fcb578290207150a5bafa620ca5b21018004eccd6acd4274747301_NeikiAnalytics.exe
.dll windows:10 windows x86 arch:x86

4959170a21d4b3f07b69db1657e1432d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

appmgr.pdb

Imports

mfc42u

ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord2293
ord5679
ord6211
ord4155
ord860
ord4124
ord941
ord4272
ord1899
ord489
ord768
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord6051
ord1768
ord4395
ord5286
ord3397
ord4418
ord3634
ord818
ord567
ord692
ord2294
ord4253
ord6024
ord4352
ord4829
ord5283
ord4848
ord4371
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord4219
ord3871
ord2810
ord6195
ord927
ord2809
ord6466
ord2971
ord6451
ord2637
ord5949
ord2281
ord5798
ord3312
ord536
ord2755
ord6278
ord6219
ord6218
ord4197
ord2756
ord2606
ord4199
ord2574
ord4396
ord3365
ord3635
ord693
ord3991
ord925
ord3993
ord6898
ord6003
ord3281
ord3566
ord2385
ord2406
ord1560
ord268
ord3658
ord3621
ord1143
ord1634
ord547
ord2813
ord6279
ord1262
ord1258
ord561
ord815
ord3948
ord2717
ord1128
ord3733
ord4616
ord3396
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord3694
ord826
ord269
ord600
ord1240
ord1571
ord1250
ord1568
ord1570
ord342
ord1179
ord1248
ord1115
ord1194
ord1563
ord1165
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord535
ord823
ord6370
ord6330
ord940
ord942
ord538
ord3798
ord4847
ord5977
ord2859
ord2634
ord4195
ord2854
ord3087
ord4704
ord858
ord4229
ord2362
ord2350
ord861
ord800
ord540
ord641
ord324
ord537
ord825

msvcrt

_onexit
_errno
__dllonexit
realloc
memcpy
_ftol2_sse
_unlock
_lock
_except_handler4_common
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
free
malloc
wcsncpy_s
wcsrchr
_wfopen
_purecall
fclose
fgetws
rewind
_fileno
_setmode
tmpfile
fwprintf
swscanf
wcsncmp
_vsnwprintf
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memcpy_s
??0exception@@QAE@ABV0@@Z
_wcsnicmp
_wcsicmp
__CxxFrameHandler3
memset

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
VariantInit

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CoTaskMemRealloc
CoSetProxyBlanket

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree
GlobalAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
SizeofResource
FindResourceExW
GetModuleFileNameW
GetProcAddress
LoadResource
GetModuleHandleA
LoadStringW
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExA
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak

api-ms-win-core-file-l1-1-0

DeleteFileW
FindFirstFileW
SetFilePointer
CreateFileW
FindClose
CreateDirectoryW
GetTempFileNameW
WriteFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
IsValidSecurityDescriptor
MapGenericMask

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

mpr

WNetGetUniversalNameW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

aclui

ord1

advapi32

OpenEventLogW
ReportEventW
CloseEventLog
RegOpenKeyW

appmgmts

CsGetClassStorePath
CsGetClassStore
CsRegisterAppCategory
CsUnregisterAppCategory
CsGetAppCategories
ReleasePackageDetail
ReleasePackageInfo
CsCreateClassStore
CsServerGetClassStore
CsSetOptions

framedynos

?GetFILETIME@WBEMTime@@QBEHPAU_FILETIME@@@Z
??4WBEMTime@@QAEABV0@QAG@Z

gdi32

GetTextExtentPoint32W

gpedit

BrowseForGPO

kernel32

GetPrivateProfileStringW
MoveFileW
lstrcmpiW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
LoadLibraryExA
ExpandEnvironmentStringsA

msi

ord78
ord228
ord158
ord141
ord8
ord118
ord116
ord165
ord159
ord92
ord160
ord150
ord19
ord32

ole32

CoInitialize
CoUninitialize

shell32

ShellExecuteExW
DragQueryFileW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

user32

RegisterClipboardFormatW
LoadCursorW
SetCursor
LoadImageW
LoadBitmapW
MessageBoxW
GetActiveWindow
GetClientRect
SetWindowsHookExW
EnableWindow
GetFocus
ReleaseDC
UnhookWindowsHookEx
GetDC
SendMessageW
GetParent
CallNextHookEx
UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GenerateScript

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4959170a21d4b3f07b69db1657e1432d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l1-1-0

logoncli

netutils

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

mpr

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-string-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

aclui

advapi32

appmgmts

framedynos

gdi32

gpedit

kernel32

msi

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 252KB

.data Size: 4KB - Virtual size: 13KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 252KB - Virtual size: 252KB

.data
Size: 4KB - Virtual size: 13KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 22KB - Virtual size: 22KB