d1bc9af80f477cb6292a0f1723531e00_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d1bc9af80f477cb6292a0f1723531e00_NeikiAnalytics
Size

2.2MB
MD5

d1bc9af80f477cb6292a0f1723531e00
SHA1

9569f4372244856a2c01be66fec5e5d555867c85
SHA256

015330999c5e72986f599084eb42bd5445fff40d7347330ad1702e9f25a51b60
SHA512

9efb62b254e09db2d80a67cc5c60b43c192fa20aa2bb596adecc3b7714dec953636bfeacfa1f90efbd29f6eacc971b43ce726061b48f8ee39d758c9cd3ea54da
SSDEEP

24576:un+Zlf8i3A4Qan4CDbLxH+jRsruvrgYToOpsv1/DdooO:k+Lf+lYuDg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1bc9af80f477cb6292a0f1723531e00_NeikiAnalytics

Files

d1bc9af80f477cb6292a0f1723531e00_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

ba5aa0f15079527bd1067f4795fe31b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?conNNewNil
?momSOff
_SYMLOAD
?domAssign
?retStackValue
TYPE
?symRefItemConst
?getRFPC
LEFT
SUBSTR
VAL
SETCOLOR
SCROLL
SETPOS
ACREATE
DBCLOSEALL
DBSELECTAREA
?domNot
?retNil
DEVPOS
LUPDATE
DTOC
DEVOUT
GET
ROW
COL
?getWFPC
__vft20ConStringConstObject10AtomObject
?pushCodeBlock
?conSendItem
AADD
SPACE
STRTRAN
FILE
?domGCmp
?andShortCut
?domLCmp
?domAnd
?domLECmp
TRIM
?domEql
?domSubStr
?orShortCut
?domOr
?domNEql
RECNO
__vft19ConNumericIntObject10AtomObject
_EARLYBOUNDCODEBLOCK
DBEVAL
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
LEN
?domValEql
?domAdd
?domSub
ORDLISTCLEAR
ORDLISTADD
DBSETFILTER
ARRAY
?symPrivateConst
?domInc
?domRefElem
DBCOPYSTRUCT
DBGOTOP
LASTREC
EOF
?domGetElem
STRZERO
?symGetItemConst
?executeMacro
EMPTY
?getRFCC
DBSEEK
?setCWArea
?restWArea
CHR
MAX
ROUND
?domMul
?getWCFC
RAT
DBGOTO
DBSKIP
STR
REPLICATE
DBCREATEINDEX
DBAPPEND
DBDELETE
DBPACK
FCOUNT
FIELDNAME
UPPER
?executeLMacro
FCREATE
RIGHT
?domValNEql
ALLTRIM
?Xb2MacroSubstStringConst
?domXEql
LTRIM
FWRITE
?domNegate
?domValSubStr
AT
DBLOCATE
?domGECmp
SET
?domValLECmp
?domDiv
ORDSETFOCUS
CTOD
FCLOSE
DBZAP
?passParameter
?domValXEql
DTOS
DATE
_SYMSAVE
?getRFIC
?setIWArea
DBCLOSEAREA
?domValLCmp
ABS
DBCOPYEXTSTRUCT
MIN
YEAR
MONTH
LOWER
?symParameterConst
?retStackItem
?getWCFS
?domMod
?domValGCmp
__vft21ConNumericFloatObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft14ConStringShort10AtomObject
SETKEY
SETBLINK
SETCURSOR
SAVESCREEN
DBUSEAREA
NETERR
RESTSCREEN
_KEYBOARD
NEXTKEY
INKEY
LASTKEY
FLOCK
ALIAS
RLOCK
DISPBOX
ACHOICE
SELECT
DBCLEARFILTER
INT
ASC
?domValGECmp
BOF
DBGOBOTTOM
DAY
DBCREATE
?getWFCS
?symGetItem
?getRFCS
DBCOMMITALL
CURDIR
CURDRIVE
?conNewNil
?getRFSC
PROCNAME
?conMemberToItem
?domExp
ORDKEY
?setSWArea
MAXROW
?ehUnsetContext
?ehGetBreakContainer
?conRelease
FOPEN
FSEEK
DIRECTORY
FERASE
AEVAL
FRENAME
DISKSPACE
DOW
RUNSHELL
CREATEDIR
APPNAME
_COPYFILE
?conNewCon
SETAPPEVENT
APPDESKTOP
?conAssignRefWMember
XBPFONT
?symPublicConst
SETAPPWINDOW
_QUIT
FREAD
_ATPROMPT
TIME
_SYMNILPRIVATES
GETENV
_SYMRELEASE
ALERT
DBUNLOCK
ISPRINTER
_EJECT
SETPRC
MEMOREAD
?conNewString
?conOpNewInt
?conNewLogic
?exePcodeEval
MLCOUNT
MEMOLINE
VALTYPE
CHAR2VAR
CONVTOANSICP
QOUT
XBPPRINTER
MSGBOX
FERROR
FREADSTR
PADR
BREAK
ERRORBLOCK
?domAddEqu
FIELDGET
GRAPOS
ASCAN
GRASTRINGAT
PADL
LIKE
SETAPPFOCUS
APPEVENT
MAXCOL
QQOUT
SECONDS
?nomClassLock
?nomTryFindRegisteredClass
?retObject
?nomClassUnlock
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?nomRegisterClass
?nomCallInitClass
?conGetSelfClass
?conGetClass
?floadTos
EVAL
ASIZE
GRABOX
GRASEGDRAW
?domDec
CONVTOOEMCP
DLLLOAD
DLLCALL
DLLUNLOAD
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version

xppsys

READKILL
ANCHORCB
READMODAL
_DBIMPORT
_DBEXPORT
DBCREATEFROM
DBEDIT
ADIR
READVAR
GETACTIVE
GETENABLEEVENTS
XBPCRT
GETUNIQUEFILENAME
XBPPRESSPACE
GRASETFONT
XBPDIALOG
XBPPUSHBUTTON
MOD
XBPSTATIC
XBPSCROLLBAR
APPEXIT
DBESYS
ERRORSYS

xppdbgc

__XPPdbgClient

ascom10

CREATEOBJECT
COMLASTERROR
COMLASTMESSAGE

xppui2

XBPPRINTDIALOG

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba5aa0f15079527bd1067f4795fe31b8

Headers

File Characteristics

Imports

xpprt1

xppsys

xppdbgc

ascom10

xppui2

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 167KB - Virtual size: 166KB

.xpp Size: 7KB - Virtual size: 7KB

.idata Size: 6KB - Virtual size: 6KB

.reloc Size: 84KB - Virtual size: 84KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 167KB - Virtual size: 166KB

.xpp
Size: 7KB - Virtual size: 7KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 84KB - Virtual size: 84KB