ba93c22b680b0bd402270e192e229560_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

ba93c22b680b0bd402270e192e229560_NeikiAnalytics
Size

105KB
MD5

ba93c22b680b0bd402270e192e229560
SHA1

4857fd351d570ddd03172e6b7a178e38401335d5
SHA256

b5719f3828c1c7f723dc6c674111f6fea41e84678bb2453ff99b22685960daa0
SHA512

ebcf648fb9fdcea2423b3db514dcbf66400ee588de799479b8d3d424dbbd9b14d9ffcd9f3f2ef802ed4268e1d34cf35a1bedfbd2d37586c564046c636348ff72
SSDEEP

1536:BT2t5cQT4f443/AYesswndp+XmPqHCoENo/+4gy:BNf4xhXmPqHCoEK/+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba93c22b680b0bd402270e192e229560_NeikiAnalytics

Files

ba93c22b680b0bd402270e192e229560_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

b928e92d53baced7b2ab438ac6fd7676

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cppu3

typelib_typedescription_newInterfaceMethod
typelib_typedescription_newMIInterface
typelib_typedescription_new
typelib_typedescriptionreference_new
typelib_typedescription_register
typelib_typedescription_release
uno_any_destruct
cppu_unsatisfied_iquery_msg
typelib_typedescriptionreference_release
typelib_static_type_getByTypeClass
typelib_static_sequence_type_init
uno_type_sequence_construct
uno_type_sequence_reference2One
uno_type_sequence_realloc
uno_type_sequence_destroy
uno_type_any_assign

cppuhelper3msc

?defaultBootstrap_InitialComponentContext@cppu@@YA?AV?$Reference@VXComponentContext@uno@star@sun@com@@@uno@star@sun@com@@XZ
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
??1OWeakObject@cppu@@MAE@XZ
??3OWeakObject@cppu@@SAXPAX@Z
??0OWeakObject@cppu@@QAE@XZ
?acquire@OWeakObject@cppu@@UAAXXZ
?release@OWeakObject@cppu@@UAAXXZ
?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ

sal3

sal_detail_initialize
sal_detail_deinitialize
sal_detail_log
osl_createMutex
osl_destroyMutex
osl_acquireMutex
osl_releaseMutex
osl_getGlobalMutex
osl_createCondition
osl_destroyCondition
osl_setCondition
osl_waitCondition
rtl_string_release
rtl_uString2String
rtl_ustr_shortenedCompare_WithLength
rtl_ustr_reverseCompare_WithLength
rtl_ustr_asciil_reverseEquals_WithLength
rtl_ustr_compareIgnoreAsciiCase_WithLength
rtl_ustr_ascii_compareIgnoreAsciiCase_WithLength
rtl_ustr_ascii_compareIgnoreAsciiCase_WithLengths
rtl_ustr_lastIndexOfChar_WithLength
rtl_ustr_indexOfStr_WithLength
rtl_uString_acquire
rtl_uString_release
rtl_uString_new
rtl_uString_alloc
rtl_uString_newFromSubString
rtl_uString_newFromAscii
rtl_uString_newFromLiteral
rtl_uString_assign
rtl_uString_getToken
rtl_getAppCommandArg
rtl_getAppCommandArgCount
rtl_allocateMemory
rtl_freeMemory

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

kernel32

ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetSystemTimeAsFileTime
CloseHandle

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_controlfp_s
terminate
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
abort
_initialize_narrow_environment
__p___argc
__p___argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_get_initial_narrow_environment
_exit
exit
_initterm_e
_initterm
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__p__commode
_set_fmode

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode
calloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

main

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b928e92d53baced7b2ab438ac6fd7676

Headers

DLL Characteristics

File Characteristics

Imports

cppu3

cppuhelper3msc

sal3

msvcp140

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 780B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 780B

.reloc
Size: 7KB - Virtual size: 6KB