003c500b4e8ed60dd9a5d0638a569f50_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

003c500b4e8ed60dd9a5d0638a569f50_NeikiAnalytics
Size

644KB
MD5

003c500b4e8ed60dd9a5d0638a569f50
SHA1

0c13337e0c89f0c2f5c9ccc1c5dd9ef4bbc83dee
SHA256

45d25669d0c78caaec085b88deae9d52ebc5e248fec22661539b138e4677b18e
SHA512

37831c5eb3adcde9fadcd8735087714cbeb6485f9e7fc7b1c2b84a3cc407f1f5dfdc04dc30dd6fb8d16b7f37be83c01f24e9516d8e6e95e03f98f5c604ab7ae8
SSDEEP

12288:HX9GMGp70zQll4agH80/ugud7o51/TQdCDEhDG1dYbHk7tSm1jKqID2IEnIFqPT8:HUsHvudTqPTtVLvCpMkLFv9TPSi6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
003c500b4e8ed60dd9a5d0638a569f50_NeikiAnalytics

Files

003c500b4e8ed60dd9a5d0638a569f50_NeikiAnalytics
.dll windows:4 windows x86 arch:x86

9b6b16d5cc1ab09bc3ce1f28e6176d56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\demo\Tab\jumploo\temp\Release\pdb\NetSDK.pdb

Imports

smartlog

??0CSupErrorLog@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABI0ABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@PAV?$basic_fstream@DU?$char_traits@D@std@@@2@@Z
??0CSupLog@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABI0PAV?$basic_fstream@DU?$char_traits@D@std@@@2@@Z
??1CSupLog@@QAE@XZ

smartframe

FW_QueryInstance

skinmagicu

ord1

wininet

InternetReadFileExW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetOpenW
InternetSetStatusCallbackW
HttpSendRequestW
InternetCloseHandle
InternetConnectW

mfc71u

ord5914
ord5227
ord4649
ord5662
ord5362
ord1486
ord4242
ord4283
ord4160
ord4739
ord4860
ord5646
ord5359
ord1441
ord923
ord3307
ord549
ord737
ord4807
ord3249
ord631
ord386
ord577
ord774
ord2311
ord870
ord293
ord6284
ord283
ord776
ord559
ord280
ord3390
ord1300
ord1535
ord1481
ord2121
ord3927
ord894
ord2444
ord4101
ord2895
ord5485
ord5660
ord896
ord777
ord2261
ord992
ord5101
ord2799
ord5083
ord1146
ord5524
ord421
ord900
ord899
ord5091
ord1235
ord5657
ord2798
ord2260
ord1479
ord282
ord2926
ord6111
ord1472
ord290
ord2271
ord3990
ord1058
ord556
ord744
ord6291
ord1443
ord1434
ord655
ord384
ord629
ord2897
ord5658
ord5319
ord2165
ord5282
ord1430
ord1908
ord548
ord4038
ord6201
ord1178
ord747
ord3168
ord265
ord762
ord1093
ord371
ord266
ord764
ord1079
ord909
ord287

msvcr71

__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_CRT_RTC_INIT
__security_error_handler
_wsplitpath
_errno
_wcserror
wcsncpy
wcsstr
wcstol
wcsncmp
wcslen
wcschr
fwrite
_wfopen
swprintf
tolower
strchr
strncmp
isspace
isalnum
isalpha
atof
atoi
sscanf
fputc
fseek
ftell
fread
fclose
fprintf
strcmp
_snprintf
fopen
strlen
strcpy
_localtime64
_ftime
_wtol
time
srand
rand
_wtoi64
sprintf
memcpy
_wtoi
_except_handler3
memset
_purecall
malloc
memmove
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
free
__CxxFrameHandler
_strdup
realloc
strncat

kernel32

FreeLibrary
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
InterlockedExchange
GetTickCount
QueryPerformanceCounter
DebugBreak
LoadLibraryA
GetProcAddress
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
TerminateThread
GlobalAlloc
ResumeThread
CreateThread
Sleep
GetLastError
DeleteFileW
CreateEventW
ResetEvent
SetEvent
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
RaiseException
ExitProcess
GetVersionExW

user32

KillTimer
PostMessageW
SendMessageW
IsWindowVisible
UnregisterClassA
SetTimer
MessageBoxW
SetForegroundWindow
UnregisterClassW
LoadImageW
ShowWindow

oleaut32

SysFreeString

ws2_32

htons
htonl
ntohl
WSAStartup
gethostname
gethostbyname
WSAGetLastError

msvcp71

?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?width@ios_base@std@@QBEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?eof@?$char_traits@G@std@@SAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?capacity@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?to_int_type@?$char_traits@G@std@@SAGABG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

iphlpapi

GetAdaptersInfo

sensapi

IsNetworkAlive

Exports

Exports

??0CSupErrorLog@@AAE@ABV0@@Z
??0CSupErrorLog@@AAE@XZ
??0CSupLog@@AAE@ABV0@@Z
??0CSupLog@@AAE@XZ
??0md5@@QAE@XZ
??4CSupErrorLog@@AAEAAV0@ABV0@@Z
??4CSupLog@@AAEAAV0@ABV0@@Z
??4md5@@QAEAAV0@ABV0@@Z
?Decode@md5@@AAEXPAIPAEI@Z
?Digest@md5@@QAEPAEXZ
?Encode@md5@@AAEXPAEPAII@Z
?F@md5@@AAEIIII@Z
?FF@md5@@AAEXAAIIIIIII@Z
?Finalize@md5@@QAEXXZ
?G@md5@@AAEIIII@Z
?GG@md5@@AAEXAAIIIIIII@Z
?GetFormatTime@CSupErrorLog@@AAEXAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?GetFormatTime@CSupLog@@AAEXAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?H@md5@@AAEIIII@Z
?HH@md5@@AAEXAAIIIIIII@Z
?I@md5@@AAEIIII@Z
?II@md5@@AAEXAAIIIIIII@Z
?Init@md5@@QAEXXZ
?MD5File@@YAPADPAD@Z
?MD5String@@YAPADPAD@Z
?PrintMD5@@YAPADQAE@Z
?Transform@md5@@AAEXPAE@Z
?Update@md5@@QAEXPAEI@Z
?rotate_left@md5@@AAEIII@Z
QueryInstance
UnLoadPlug

Sections

.text
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b6b16d5cc1ab09bc3ce1f28e6176d56

Headers

File Characteristics

PDB Paths

Imports

smartlog

smartframe

skinmagicu

wininet

mfc71u

msvcr71

kernel32

user32

oleaut32

ws2_32

msvcp71

iphlpapi

sensapi

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 512KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 800B

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 516KB - Virtual size: 512KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 800B

.reloc
Size: 36KB - Virtual size: 33KB