28a9d1a43734fbd4b5557f3804a3cf72a6b4eacd9fc88ff3a94f8b7bf0ff87bb_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

28a9d1a43734fbd4b5557f3804a3cf72a6b4eacd9fc88ff3a94f8b7bf0ff87bb_NeikiAnalytics.exe
Size

481KB
MD5

8f0ba6c1704fcd40181afd3f5b1c4b20
SHA1

af8a507eb3976f7262bdebcfddabea0f47bed26d
SHA256

28a9d1a43734fbd4b5557f3804a3cf72a6b4eacd9fc88ff3a94f8b7bf0ff87bb
SHA512

40fa3f8880c66eae90670bec05c2dff25d3847a4ec59bcaa6851beebacb436bb0b182b2316ebc9aa07c5e199cf50836a37dd10d0d474a4ec5b5f87e2af8a35c0
SSDEEP

12288:8iV1yxti0jgumnKyr3AZWhIMjnONMuhE/ma0Nn:8KyxA0kAlMeK/mp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28a9d1a43734fbd4b5557f3804a3cf72a6b4eacd9fc88ff3a94f8b7bf0ff87bb_NeikiAnalytics.exe

Files

28a9d1a43734fbd4b5557f3804a3cf72a6b4eacd9fc88ff3a94f8b7bf0ff87bb_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

dbb09819ac823c1d80f0be1136d31c88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\build\win10v4\srccopy\filters\xpsdrvcomponents\sources\source\packages\rasterizer.dll\objfre_win7_x86\i386\fnrasterv4.pdb

Imports

kernel32

RaiseException
GetLastError
HeapFree
RtlUnwind
HeapAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
WriteFile
OutputDebugStringA
LoadLibraryExA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
Sleep
GetUserDefaultLCID
GetLocaleInfoA
GetVersionExA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetLocaleInfoW
VirtualProtect
GetSystemInfo
VirtualQuery
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCommandLineA
DisableThreadLibraryCalls
MultiByteToWideChar
GetProcessHeap
OutputDebugStringW
FindClose
FindFirstFileW
GetModuleFileNameW
LoadLibraryW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
GetLocalTime
FormatMessageW
MulDiv
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GlobalUnlock
GlobalAlloc
GlobalFree
GlobalLock
GetFileAttributesW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
EnumSystemLocalesA
InterlockedCompareExchange

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantCopy

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoFileTimeNow
CoTaskMemAlloc
CoInitializeEx
IIDFromString
CoUninitialize

winspool.drv

OpenPrinterW
GetPrinterDriverW
ClosePrinter
GetJobW

shlwapi

ord219

advapi32

SetThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityInfo

user32

UnregisterClassA

prntvpt

ord2
ord7
ord6
ord4

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbb09819ac823c1d80f0be1136d31c88

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

ole32

winspool.drv

shlwapi

advapi32

user32

prntvpt

Exports

Exports

Sections

.text Size: 442KB - Virtual size: 442KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 442KB - Virtual size: 442KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 25KB