0531294c04b68f64f31514e6c796c03200db7228b202bf57ea3d81f008f4e398_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0531294c04b68f64f31514e6c796c03200db7228b202bf57ea3d81f008f4e398_NeikiAnalytics.exe
Size

1.7MB
MD5

855f84c16bc99ab052e2093c5856a940
SHA1

07537f2385f85e1bd618dd295a512fbff181a606
SHA256

0531294c04b68f64f31514e6c796c03200db7228b202bf57ea3d81f008f4e398
SHA512

7a5477ee00cb73b9272dab6933a5c5476195d886d2bcd9e41773ae95a4a24b3ec5bae30d48b0a08b0c292dc8144212f11966ddb43288d9e686b1ab0282c61668
SSDEEP

24576:sbXefB3o7Q+h6FiLHZ/RgZwbEQWnCcB3kzSQ:sbK3QQ3oZJgGRWnjuz/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0531294c04b68f64f31514e6c796c03200db7228b202bf57ea3d81f008f4e398_NeikiAnalytics.exe

Files

0531294c04b68f64f31514e6c796c03200db7228b202bf57ea3d81f008f4e398_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

f33358e0c1df9279fee334ca2ac662d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Company\网易duilib安装包\NIM_Duilib_Framework-master\bin\风云视频转换器\InstallExe.pdb

Imports

kernel32

InterlockedExchange
TerminateThread
GetCurrentThreadId
SetThreadPriority
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
FreeLibrary
GetModuleHandleW
CreateProcessW
GetProcAddress
ResetEvent
SetEvent
CreateEventW
WaitForMultipleObjects
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
GetStdHandle
InterlockedCompareExchange
LoadLibraryW
GetSystemInfo
OpenProcess
GetVersionExW
WaitForSingleObject
SystemTimeToFileTime
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
OutputDebugStringW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
FindClose
FindFirstFileW
GetSystemTimeAsFileTime
QueryPerformanceCounter
MulDiv
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
VerifyVersionInfoW
LocalFileTimeToFileTime
MultiByteToWideChar
VerSetConditionMask
GlobalFree
GetEnvironmentVariableW
GetModuleHandleA
GetFileSize
IsDebuggerPresent
SetLastError
FormatMessageA
InitializeCriticalSection
SleepEx
GetFileType
PeekNamedPipe
ExpandEnvironmentStringsA
LoadLibraryA
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetFileAttributesW
CreateFileW
SetFilePointer
SetFileTime
WriteFile
ReadFile
CloseHandle
ReleaseMutex
CreateMutexW
MoveFileW
GetTickCount
MoveFileExW
SetCurrentDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
GetDiskFreeSpaceExW
Sleep
WritePrivateProfileStringW
SizeofResource
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
RaiseException
HeapReAlloc
DeleteFileW
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
CreateDirectoryW
GetStartupInfoW
InitializeSListHead
QueryPerformanceFrequency

user32

IsZoomed
MonitorFromPoint
SetWindowRgn
MessageBoxW
IsWindowVisible
UnionRect
FindWindowW
MoveWindow
SetForegroundWindow
PostQuitMessage
UpdateLayeredWindow
wsprintfW
GetShellWindow
GetWindowThreadProcessId
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetFocus
GetCursorPos
IsRectEmpty
GetClientRect
DestroyWindow
GetUpdateRect
InvalidateRect
UnregisterClassW
SetWindowTextW
GetParent
MapWindowPoints
KillTimer
TranslateMessage
GetQueueStatus
CallMsgFilterW
GetDC
GetPropW
SetPropW
CallWindowProcW
GetSystemMetrics
MsgWaitForMultipleObjectsEx
LoadImageW
SetWindowPos
IsIconic
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
PeekMessageW
ShowWindow
SetFocus
EnableWindow
SetTimer
GetWindow
DispatchMessageW
RegisterClassExW
WaitMessage
CreateWindowExW
IsWindow
PostMessageW
SetWindowLongW
GetClassInfoExW
RegisterClassW
ReleaseDC
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
DefWindowProcW
OpenClipboard
CharNextW
IntersectRect
GetKeyState
OffsetRect
SetCursor
ScreenToClient
LoadCursorW
ClientToScreen
GetAsyncKeyState
GetSysColor
GetWindowLongW
SendMessageW
PtInRect
GetDesktopWindow

advapi32

CryptAcquireContextA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
OpenProcessToken
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

shell32

SHGetFolderPathW
ord165
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoTaskMemFree
CoCreateGuid
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
CreateStreamOnHGlobal

shlwapi

PathFileExistsW
PathIsDirectoryW
PathIsRelativeW

winmm

timeKillEvent
timeSetEvent
timeGetTime

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipMeasureString
GdipFillPath
GdipFillEllipseI
GdipScaleMatrix
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipDrawEllipseI
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawBezierI
GdipDrawLineI
GdipFillRectangle
GdipDeletePath
GdipTransformPath
GdipIsOutlineVisiblePathPointI
GdipIsVisiblePathPointI
GdipGetPathWorldBoundsI
GdipAddPathPolygonI
GdipAddPathPieI
GdipAddPathArcI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathBezierI
GdipAddPathLine2I
GdipAddPathLineI
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathFillMode
GdipSetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath
GdipCreateTexture
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipLoadImageFromFile
GdiplusStartup
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteMatrix
GdipCreateMatrix
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdiplusShutdown
GdipCreateFontFromLogfontA

msimg32

AlphaBlend

msvcp140

_Xtime_get_ticks
?_Random_device@std@@YAIXZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

vcruntime140

memset
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
memmove
memchr
__std_terminate
strstr
_purecall
__RTDynamicCast
__CxxFrameHandler3
memcpy
strrchr
strchr
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
wcsstr
_except_handler4_common

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscpy_s
wcstok
wcsncmp
iswalnum
wcsncpy
strncpy
_strdup
strncmp
tolower
strpbrk
wmemcpy_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
_wfopen_s
fclose
_lseeki64
fwrite
fflush
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vsscanf
fputs
fopen
__stdio_common_vsprintf
fputc
_read
fseek
__stdio_common_vsprintf_s
fread
fgets
__stdio_common_vfwprintf_s
_write
_close
_open
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
__sys_nerr
_endthreadex
_beginthreadex
strerror
_getpid
terminate
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_wrename
_access
_stat64

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64
_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-convert-l1-1-0

_wtof
strtoul
wcstoul
wcstol
strtol
_wtoi
wcstombs
mbstowcs
strtoll
atoi

api-ms-win-crt-math-l1-1-0

log2
ceil
__setusermatherr
_libm_sse2_sqrt_precise
_except1

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk

gdi32

GetObjectA
SetStretchBltMode
SetWindowOrgEx
GetWindowOrgEx
CreateRectRgnIndirect
SaveDC
DeleteDC
CreateCompatibleDC
StretchBlt
ExtSelectClipRgn
GetDeviceCaps
RestoreDC
GetStockObject
CreateFontIndirectW
DeleteObject
SelectObject
CreateDIBSection
CreateRoundRectRgn
BitBlt
GetObjectW

ws2_32

getpeername
getsockname
getsockopt
htons
ntohs
connect
closesocket
setsockopt
socket
bind
send
recv
WSAIoctl
WSASetLastError
getaddrinfo
select
WSAGetLastError
WSACleanup
freeaddrinfo
WSAStartup
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
__WSAFDIsSet

wldap32

ord301
ord46
ord200
ord211
ord60
ord143
ord50
ord41
ord22
ord30
ord79
ord26
ord35
ord33
ord32
ord27

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 850KB - Virtual size: 849KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f33358e0c1df9279fee334ca2ac662d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

winmm

imm32

comctl32

gdiplus

msimg32

msvcp140

version

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

gdi32

ws2_32

wldap32

Sections

.text Size: 660KB - Virtual size: 659KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 12KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 84B

.rsrc Size: 850KB - Virtual size: 849KB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 660KB - Virtual size: 659KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 12KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 84B

.rsrc
Size: 850KB - Virtual size: 849KB

.reloc
Size: 38KB - Virtual size: 38KB