ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.exe
Size

244KB
MD5

096c57c1c99345e4d680956282e2f5e0
SHA1

ea75c82c608335a1e4ad4394aa7cf1888592c9f3
SHA256

ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069
SHA512

3d11468c931da53ce303d2beb92b191b8e9a1096e712fcb79840a07069c7f73f8e5291799e38a52f325cda419023ec014b481b005c17bc9413c4a87a7079858d
SSDEEP

3072:uwKVw2d7nOHc18WFyBMquAA1fhPKSfAUN3CFPl3ubvD22L2rf1dVEla2xkd0:xKimLOHcTkO6oPKSSuO24WlaK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.exe

resource
ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.exe

Files

ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

c67a3224aa0ba908c51e50d061198374

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\nckncyl\mydll\Release\mydll.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentProcess
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
RaiseException
GlobalFlags
InterlockedIncrement
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WaitForSingleObject
OpenWaitableTimerA
GetCurrentDirectoryA
GetComputerNameA
CreateWaitableTimerA
WideCharToMultiByte
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
SetWaitableTimer

user32

CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PostQuitMessage
PostMessageA
GetSubMenu
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
wsprintfA
SetTimer
KillTimer
WaitMessage
SetMenuItemBitmaps
DestroyMenu
GetFocus
ModifyMenuA
RegisterWindowMessageA
WinHelpA
GetCapture
GetMenuItemCount
GetMenuItemID
GetMenuState
SetCursor
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
CopyRect

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
ExtTextOutA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

ws2_32

inet_ntoa
getsockname
recv
send
WSAAsyncSelect
recvfrom
sendto
connect
WSASetLastError
WSAGetLastError
bind
inet_addr
WSAStartup
WSACleanup
closesocket
accept
socket
select
gethostbyname
htonl
htons

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

Process
Process_str

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c67a3224aa0ba908c51e50d061198374

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

ws2_32

oleaut32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 20KB - Virtual size: 16KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 20KB - Virtual size: 16KB

.rmnet
Size: 60KB - Virtual size: 60KB