General

Malware Config

Signatures

Files

• ad28a26219abb6f31d4ab2d6dd5c68fdc3d7a2568caa33e438242a1f0d97e669_NeikiAnalytics.exe

  .exe windows:6 windows x64 arch:x64

  baa38aed29a67deb924d726dce539c8a

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  d3d11

  D3D11CreateDeviceAndSwapChain

  d3dcompiler_43

  D3DCompile

  ole32

  CoInitialize

  kernel32

  GetFileInformationByHandleEx

  FlsSetValue

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  SetCursorPos

  GetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  CreateRoundRectRgn

  advapi32

  CryptReleaseContext

  msvcp140

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  imm32

  ImmSetCandidateWindow

  dwmapi

  DwmExtendFrameIntoClientArea

  ntdll

  ZwReadVirtualMemory

  shlwapi

  PathFileExistsA

  normaliz

  IdnToAscii

  wldap32

  ord143

  crypt32

  PFXImportCertStore

  ws2_32

  accept

  psapi

  GetModuleInformation

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __C_specific_handler

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vsprintf

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-string-l1-1-0

  _stricmp

  api-ms-win-crt-heap-l1-1-0

  _callnewh

  api-ms-win-crt-runtime-l1-1-0

  terminate

  api-ms-win-crt-convert-l1-1-0

  strtoull

  api-ms-win-crt-filesystem-l1-1-0

  _unlink

  api-ms-win-crt-multibyte-l1-1-0

  _mbsicmp

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-math-l1-1-0

  _dclass

  api-ms-win-crt-time-l1-1-0

  _gmtime64

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  �Wǥ���a��ޢ���Φz9�{�^�M�L�۹��( ��*��
  ؒ���^N���H���� u��7n���bf^0�&;Cf(����%R�I�F����ôQ2�6F�$.wu��� ��B, ���D&]�e6NY1���a�5��\S��%��{ �[`9.c��I(��2A]O<�ᤑ�f<�o򩛮�`͌�J�>͸w�������R(�����`N�>`%/�ׇ��r}�9G�{�r־�`!�� ��G��1�S�䪧B{�-�ZC(���T��`Ha������<ll2���v�4�ȓ�z�&vNJp��� N�������B��TʘW�_�����?�<X����!���/��.F�p���Y���)>�h��SB��L��q�?�lLӸv$�H�t*R\`8��T�ݟE�[�ޝ����D�to@�^�y{��wŐ�&���������'0\O�^�Z� ���k�Y���\~`{lk��md�YJ�32��=��
  ��)�� �Z�͋��<NF��/��$�70���O|��M�ו�^G�n�2�MGY}7�CcB���ٻx5��Y[P�]�fl+�i?ߦn4������-��]bf���� ��i ��nݟ��3<�&�wPF��e�R•�L��7��sc?ʬP�V�/����-�m|��;��'�H?�P1A!.��"i9CC{���r�߃��
  q����|D���-)��r�c���.�����AG�@L�7`���)?�f6��k��J��� Xz�E��,+��^��?��P� Kq�tN�O@�+IYPr�"�b|��j�����}�r��g> B���c���lW�0o e��Ce(췌t�Y�X�6V�#���C1�l�@w�8p��Wxy�z����u; �A�q޸K^|��R��%���Djl����b��.L�'JGE<ar�#�ʼ^i3,�Uh�݈�y������Z�2;K����J5V#<uN�Y9Ho��_hGo@�0p#g���c�ر�u���"�:�L#ucl�R�*,�5
  &���=Cy+�p�(
  ���2SG��- ����
  �O\r����i9��3󋧮;��f���D���Cr^?-��ѵ�U�<2WG��p��z���l��^�k��x�R��DV��k�d����9 ���[�3����� ���Kfh;[#Ak淭/`K��*:B��яtw�w�=����?�RJ�}��$�Eb��_���Pp]�u�I�&#���X�[�&��k)W�fT @ںSU>/y��XX��b��1�Y϶�Ӕ�$�v?3E�MD���,����3��\���^a�D��.�>���f�E�6K�6�9 �;A5�eO��� ԛo� �{�ا����Y:�w+(_�q#�h6�M ~���&l�F� �GV�p���scL3�&5ԡO��v�abW�ڤg`�+�����!�W:�I����U��S!Ac`8|��T$VF�#XqK�#�-<u�k�In�?݀"Q5o���w���%�m��>�s<��������,�ݏI�T��^Yi�J!#��_�� C��]�����Ѷ�0�y d�hX뒧�x��%9k� {De4��ӵ������fy`G�۹�)ſ�z#֛������O^�e޷�Q��/�Er7h��k�b�k�;\�+�Cy���Y����T=.
  hb��zB/-���٬�Y�E򳗧s;�������gBc7kߋ��/ M�>(=ρM��o/��'�-$�*6f�IE�sL��w�2,��J����Z �q��u��L�p���vajU��G^v�]�E��gB�+q�0F!�h���(�,oj���b9��- �`��Lx�fzw��ɩ��m�H9���@;������ŹױZ� #������;�C�x:������x��I�\eSc�%7 ���p�t��s�$���F"������:��hR�������ưH� �Od%�'�uW��n2��͠s؅HZ,�H��S�4v���Ig1��c'�@��|)S�d��ào��m�(I���q:�"���P��n]�!����#�fv��1%=KN߳g�Ȯ���A3}�tKi(�q=j&EOW(D!�河�Cg%I�:��;$&�Ӯx�#!
  Įv�~�͘YHh �f��̰�QP���S L��6��F 7����~G�J�rc�E�fUi|�Qn?�O�Ie�A��EAb��ÿ�G�d:Yۼ{}`_�jhAn�H�AX ��T�����"!7r^H<�k��������a�ID���t�E�l?��+�[J�XS��R����7�o'dO{zl�J貤Ӟ��W�H"Ȃ&���ټC����ٞoh�y5�ρ�?�j�[7^L��k� 3�E��*qkS��e�X��ۋ���x�煕��L�>�W���n� �:��M���d�d��+�/�F.���R,��0�I5�gKA��Pg\34�zV|6��ֶ��>�[T)K"H����)���Mv���w��. N�Xn[O�����Z�Z�z�tS�&=p"����*��һX����aw�o�%ŷ����.�z�**��T� ���>�A�B�B 4��#L `�p$� �.́E�v7Oq��������om�I�� ����Q\��$��6��9�$G��}����^�zv�dɩ��d�2�N��ݷg��������$�hR�$�y�<
  H~�<R�h�?؊�o�TԣO���Z����\M�"ڈ�)��c��Wї�:�0Ίw�F$͒��Ad{��'yY�8l��(��*� �鄔���‰31�'������������#�t�N������U�eD��{n��9��U�J�:�Ȇ����;�L,�y�f���}�߱a�S�C[�(=�s�� ϵ���ͥ�j��Z���A���I�sw�ȬYq�ḕ�
  ��^'���`�TuǬ/
  ��E����hè6�]62�m~���n}Y�h<{�[��"'5@���%&g.~��7�/D��*���]X/��(*�����p�a��
  #N`g���0}ZK�?[s�y# ��;>�<� �ͤa��p�M@�'�q�5��C<��� �L|�����iق���'��]"Gl�����9����Z��h7����������!�m�?12g���/�

  Sections

  .text

  Size: - Virtual size: 693KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 176KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 316KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 3.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: 6.0MB - Virtual size: 6.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 212B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 469B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ