296b48d91d8721880de09b310b9b95cd34265ff08b5916579dc97ca468425d7e_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

296b48d91d8721880de09b310b9b95cd34265ff08b5916579dc97ca468425d7e_NeikiAnalytics.exe
Size

651KB
MD5

6cc47b3148f68a5a2eeb90a2df164790
SHA1

324f58d1419d3877bee14b425540c6761148c23c
SHA256

296b48d91d8721880de09b310b9b95cd34265ff08b5916579dc97ca468425d7e
SHA512

f412470a3d1650ac672660d4969076f94895a5ab845b42ab1e5508c07b7a4ac327dabcb0f15915ac7c8fd2ab708eb662f1af89b75a8ca1bf693b330d7f5b1eb4
SSDEEP

6144:r8jdSDERP4mq4PzO/Aq4Om3zFMQAMSyM6IJ3/UuGD7qx:rCOUP4YzO/34b3zKQo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296b48d91d8721880de09b310b9b95cd34265ff08b5916579dc97ca468425d7e_NeikiAnalytics.exe

Files

296b48d91d8721880de09b310b9b95cd34265ff08b5916579dc97ca468425d7e_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

197d9c79cca6c5927ec48428e8365e3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\adang\Desktop\MiscProgramming\PythonWindows\Python-3.7.11\PCbuild\obj\37win32_Release\msi_pythonba\PythonBA.pdb

Imports

shlwapi

SHAutoComplete
ord176
StrToIntExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

CreateFileA
GlobalAlloc
GlobalFree
GetFileInformationByHandle
GetFileSizeEx
ReadFile
SetFilePointerEx
FindClose
GetFileTime
SetFileTime
lstrlenW
ExpandEnvironmentStringsW
GetTempPathA
GetTempPathW
GetFullPathNameW
CreateFileW
SetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileExW
GetModuleHandleA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLangID
DeviceIoControl
GetLocalTime
GetModuleFileNameW
GetTempFileNameW
CreateDirectoryW
FormatMessageW
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
InterlockedIncrement
InterlockedDecrement
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
LockResource
LoadResource
SizeofResource
LeaveCriticalSection
FindResourceExA
EnumResourceLanguagesA
GetProcAddress
GlobalUnlock
GetSystemDirectoryW
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
GetStdHandle
GetCurrentThread
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
EnterCriticalSection
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSection
GetLastError
CloseHandle
VerSetConditionMask
GetModuleHandleW
FreeLibrary
CreateThread
Sleep
WaitForSingleObject
GetConsoleMode
OutputDebugStringA
GetModuleFileNameA
lstrlenA
SetFilePointer
WriteFile
DebugBreak
GetCurrentProcessId
DisableThreadLibraryCalls
SetThreadLocale
CompareStringW
VerifyVersionInfoW
LocalFree
GetConsoleOutputCP
LoadLibraryW
GlobalLock
DeleteCriticalSection
ReadConsoleW
DecodePointer
OutputDebugStringW
LoadLibraryExW
WriteConsoleW

user32

SetFocus
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
SendMessageTimeoutW
LoadStringW
LoadStringA
IsDialogMessageW
LoadImageW
LoadCursorA
PostMessageW
PostQuitMessage
RegisterClassW
UnregisterClassW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
InvalidateRect
MessageBoxW
GetCursorPos
GetSysColor
SetClassLongA
GetClassLongA
DrawFocusRect
SetCursor
GetWindowRect
GetClientRect
GetWindowTextW
GetUpdateRect
EndPaint
BeginPaint
GetSystemMetrics
EnableWindow
KillTimer
SetTimer
GetKeyState
SetWindowTextW
GetNextDlgTabItem
GetDlgItem
IsWindowVisible
MoveWindow
CloseWindow
GetClassInfoW
DefWindowProcW
CharLowerBuffW
CharUpperBuffW
MessageBoxA
GetMonitorInfoW
MonitorFromPoint
LoadIconW
LoadCursorW
SetWindowLongW
GetWindowLongW
GetSysColorBrush

gdi32

GetObjectW
StretchBlt
SetBkMode
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontIndirectW
CreateCompatibleDC
SetTextColor
SetBkColor
ExtTextOutW

comdlg32

GetOpenFileNameW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExA

shell32

CommandLineToArgvW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW
SHGetDesktopFolder
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CLSIDFromProgID

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ImageList_Add

gdiplus

GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromFile
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipFree

msimg32

AlphaBlend

Exports

Exports

BootstrapperApplicationCreate
BootstrapperApplicationDestroy
MbaPrereqBootstrapperApplicationCreate
MbaPrereqBootstrapperApplicationDestroy

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 827B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

197d9c79cca6c5927ec48428e8365e3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 519KB - Virtual size: 518KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 4KB - Virtual size: 10KB

.idata Size: 9KB - Virtual size: 9KB

.gfids Size: 1024B - Virtual size: 827B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 519KB - Virtual size: 518KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 4KB - Virtual size: 10KB

.idata
Size: 9KB - Virtual size: 9KB

.gfids
Size: 1024B - Virtual size: 827B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB