5510dab39bef24b550338d0a4438a080_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

5510dab39bef24b550338d0a4438a080_NeikiAnalytics
Size

54KB
MD5

5510dab39bef24b550338d0a4438a080
SHA1

d4e57800783263b8cb79be8f3de7c57a2965b549
SHA256

1bce731699aab62757fbabdaf2b7ebc732ff1684ebe1823784add94affa49823
SHA512

568992db836e60e1dedd8640e740fd0895d66164db263a0d49130951f4129e441e473acb673e020fac882530dc617e9c8f79c49d62d15f06cc7f5891c08c5faf
SSDEEP

768:EnqmwhmkpfPaV4C6bfpH2RN9kJwQT31L:EnlgCiWz98NL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5510dab39bef24b550338d0a4438a080_NeikiAnalytics

Files

5510dab39bef24b550338d0a4438a080_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

d57d311c0d99012d4a7ba693b1160c42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?momSOff
SET
?symRefItemConst
CHR
PROW
DEVPOS
?getRFPC
DEVOUT
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
__vft19ConNumericIntObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_82_0
___xpprt1Version
APPTYPE
APPDESKTOP
?conSendItem
ACREATE
XBPCRT
?conAssignRefWMember
?domAssign
APPNAME
?conNewString
SETAPPWINDOW
?domXEql
?orShortCut
?domOr
?retStackValue
ROOTCRT
__vft21ConNumericFloatObject10AtomObject
BREAK
?pushDynamicCodeBlock
ERRORBLOCK
WORKSPACELIST
LEN
?setSWArea
DBCOMMIT
?restWArea
DBCLOSEAREA
?ehUnsetContext
?ehGetBreakContainer
?conRelease
DBRROLLBACK
?passParameter
?retStackItem
?domGetElem
DBELOAD
?domNot
?domAdd
ALERT
DBEBUILD
?conMemberToItem
?domSubStr
?andShortCut
?domAnd
DBSESSION
?domEql
ISFUNCTION
?executeMacro
AADD
EMPTY
STR
LTRIM
DOSERRORMESSAGE
ROW
COL
SETPOS
?domValXEql
_BREAK
ERRORLEVEL
_QUIT
?domInc
PROCNAME
TRIM
PROCLINE
?floadTos
STRTRAN
CONFIRMBOX
?domValGCmp
VALTYPE
?domAddEqu
PADL
TONE
QOUT
OUTERR
MSGBOX
REPLICATE
DATE
TIME
VERSION
OS
SPACE
VAR2CHAR
QQOUT
AEVAL
MLCOUNT
MEMOLINE
RTRIM
LEFT

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d57d311c0d99012d4a7ba693b1160c42

Headers

File Characteristics

Imports

xpprt1

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 4KB

.xpp Size: 1024B - Virtual size: 590B

.idata Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 4KB

.xpp
Size: 1024B - Virtual size: 590B

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB