dd8fdbcbfbf12f69cc9815eea97b1550_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dd8fdbcbfbf12f69cc9815eea97b1550_NeikiAnalytics
Size

802KB
MD5

dd8fdbcbfbf12f69cc9815eea97b1550
SHA1

9eef9fda7f2ceb54da49c0c2850e03308812e14c
SHA256

0bd296b927e20a7867f820a08d72eadfe5502782c8b1647a4f3e3a42ce5711a1
SHA512

2b87f6f61a921a0fb5060ec8aba32edcf7204a8580c0d4c0f4ffff5515c82e8d421446700cf6e9b80b74a24213c5e3afc1e00aec2f32d584d3b4b7555fbf25fb
SSDEEP

3072:YahZJ0tbzPpOvrsYelk7vI9F7azs133+U20PZtwdETeLTS7BYq5lMMwX4HYhpp:vzsjKzI9FeY3AEKWlG4c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd8fdbcbfbf12f69cc9815eea97b1550_NeikiAnalytics

Files

dd8fdbcbfbf12f69cc9815eea97b1550_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

166432308e33ccb5cf8fb2cd8034f8ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

commonmas

DISKSERIALNO
OPENIT
READMODAL
CLOSEIT
BOXMSG
SETUSPARAM
GETUSPARAM
ONLYALPHA
ONLYALPHANUM
GETHTTPREQ
IS_UP_ARROW
UNIQUECHECK
TBROWS
DATAINIT
DATAPUT
RECLOCK
TBDEL
USINITFILENAME
MYSETAPPEVENT
SEEKINGLOBAL
ADDINGLOBAL
DELFROMGLOBAL
SWILSVR
MYDBCREATE
MAC
RUNMENUINNEWTHREAD
MYINKEY
POSTKEY
NETNAME
ERRORSYS
MAINWINDOW
CREAT_CONTX
CREAT_GLOBAL
RESTUSCONST
FILESYSCREATE
CREAT_USER
CHECKUSERTBL
GETUSERID
SOFTQUIT
BARNEW
MENUNEW
PROMPTADD
GUIDIALOG
SRVLOG

swilcommon

REGKEYPWD62
ASSIGNADDRESS

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
?conNewNil
?conOpNewInt
?conNewString
__vft19ConNumericIntObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?conNNewNil
?momSOff
SELECT
ACREATE
SPACE
CTOD
SET
?domAssign
CURDRIVE
?symGetItemConst
?symRefItemConst
EMPTY
?domNot
?retStackValue
ALLTRIM
REPLICATE
STR
?domXEql
?orShortCut
?domNEql
?domOr
SAVESCREEN
SETCURSOR
SCROLL
SETPOS
DISPBOX
DEVPOS
PADC
DEVOUT
GET
ROW
COL
?pushCodeBlock
?conSendItem
AADD
LASTKEY
?domEql
RESTSCREEN
DBSELECTAR
?retStackItem
LEFT
UPPER
CHR
?domAdd
PADR
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?domValEql
?domValNEql
?domSub
?andShortCut
?domGCmp
?domAnd
?domGECmp
?domLECmp
?domValXEql
SUBSTR
AT
RIGHT
LEN
PADL
DTOS
ASC
SQRT
ROUND
INT
?domLCmp
VAL
?Xb2MacroSubstStringConst
STRTRAN
?conMemberToItem
FCREATE
FWRITE
FCLOSE
?retNil
?symPrivateConst
VALTYPE
INDEXORD
DBSETORDER
?conAssignRefWMember
?getRFCC
?setCWArea
DBSEEK
?restWArea
?getWFCC
DBUNLOCK
_QUIT
DBUSEAREA
DBGOBOTTOM
BOF
DBSKIP
DBSELECTAREA
DBCLOSEAREA
?domSubStr
MEMOREAD
RECNO
DBCOMMIT
DBGOTOP
EOF
DBCLOSEALL
DBGOTO
DBDELETE
?domGetElem
__vft21ConNumericFloatObject10AtomObject
__vft14ConStringShort10AtomObject
ORDCONDSET
_EARLYBOUNDCODEBLOCK
ORDCREATE
FILE
?getRCFC
?symPublicConst
DATE
ISALPHA
ISDIGIT
CDOW
APPTYPE
SETAPPWINDOW
DBELOAD
ALERT
DBEBUILD
DBESETDEFAULT
DBEINFO
?conNewLogic
CURDIR
APPDESKTOP
SETAPPFOCUS
APPEVENT
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_2_00_0
___xpprt1Version

xpprt2

HTTPENDPOINT

xppsys

ANCHORCB
XBPAPPLICATION
APPEXIT

topdown

TDSETCOORDS
TDCSTATBAR

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 1024B - Virtual size: 747B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

166432308e33ccb5cf8fb2cd8034f8ab

Headers

File Characteristics

Imports

commonmas

swilcommon

xpprt1

xpprt2

xppsys

topdown

Sections

.text Size: 183KB - Virtual size: 182KB

.data Size: 48KB - Virtual size: 47KB

.xpp Size: 1024B - Virtual size: 747B

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 553KB - Virtual size: 553KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 183KB - Virtual size: 182KB

.data
Size: 48KB - Virtual size: 47KB

.xpp
Size: 1024B - Virtual size: 747B

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 553KB - Virtual size: 553KB

.reloc
Size: 11KB - Virtual size: 10KB