a87d18d93a24a2acfbd7759b3aaad9a0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

a87d18d93a24a2acfbd7759b3aaad9a0_NeikiAnalytics
Size

247KB
MD5

a87d18d93a24a2acfbd7759b3aaad9a0
SHA1

1f0b92c868c091c96040c4430ddff5de85a6d265
SHA256

f12d1eed6da3c765dd9220b693033422091b1f8fe8a64b3e15c1fda7c10d275e
SHA512

e77f7266946e9038f6c3ad79786ce95c2cf63e681c0798344a1f7556891e7dd8c687e74b80d13656d263f250cdcb672ac34854adba02e09ddb84d0814fe39da4
SSDEEP

3072:slToif02KGpVq/XZXzvxDVFeazKW6T/jn1mf+vqxZ/LAoxbaxSdN5k/5H:slTou0FGp+15Fz+W6TDMf7z/ASdoxH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a87d18d93a24a2acfbd7759b3aaad9a0_NeikiAnalytics

Files

a87d18d93a24a2acfbd7759b3aaad9a0_NeikiAnalytics
.exe windows:1 windows x86 arch:x86

4c2c40d9ce2035e89986a9d7bc18aa58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

acomm1

ACOMM:INIT@F10ERRORCLASS8INICLASS
ACOMM:KILL@F

afin1

AFIN:INIT@F10ERRORCLASS8INICLASS
AFIN:KILL@F
BROWSEINCOMEEXPENDITURE@F
FINCLIENTS@F
FININCOMEEXPENDITURE@FOSBOSB
FINREPORTS@F
FINSETUP@F
FINSUPPLIERS@F
SecwinRegisterProductFin

asalesm1

ASALES:INIT@F10ERRORCLASS8INICLASS
ASALES:KILL@F
BROWSESALES@F

clados

DOS

clanet

NetCloseCallBackWindow
NetDebugTrace

clarun

Cla$ACCEPTED
Cla$ADDqueueptr
Cla$ALERT
Cla$CLEAR
Cla$clearstr
Cla$CLOCK
Cla$code
Cla$COMMAND
Cla$comparestr
Cla$DecDistinct
Cla$DELETEqueue
Cla$DPushLong
Cla$EVENT
Cla$FIELD
CLA$FILE_DESTROY
Cla$FREEqueue
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GetPropS
Cla$GETqueueptr
Cla$HALT
Cla$init
Cla$KEYCODE
Cla$loadbttime
Cla$MessageBox
Cla$paopen
Cla$PopString
Cla$PopTemp
Cla$POST
Cla$PushLong
Cla$PushString
Cla$RUN
Cla$RUNCODE
Cla$SETKEYCODE
Cla$SetPropS
Cla$SHORTPATH
Cla$Stack2DStack
Cla$Stack2Ufo
Cla$StackCLIP
Cla$StackCompareN
Cla$StackConcat
Cla$StackErrstr
Cla$STACKpop
Cla$StackRotate
Cla$START
Cla$StashBP
Cla$storebttime
Cla$storestr
Cla$THREAD
Cla$THREAD_FILE
Cla$TODAY
THR$GetInstance
_exit
_free
_malloc
__sysinit
__sysstart

clawe

ds_SetEndSessionHandler
ds_SetOkToEndSessionHandler
ds_VisibleOnDesktop
WinAlert

espdata1

$AppNameDesc
$AppNumQueue
$GLO:AUTOLOGOUTTIMEOUT
$GLO:ENABLEAUTOLOGOUT
$GLO:FINANCELASTACTIONTIME
$GLO:INCEXP
$GLO:OPENREGISTERWINDOW
$GLO:PARENTCONTROL
$GLO:PARENTTHREAD
$GLOBALREQUEST
$GLOBALRESPONSE
$RELATE:OPSITE
$ThisRep
$ThisRepGlobal
$VCRREQUEST
$WE::CantCloseNow
$WE::MustClose
ADDITEM@F10POPUPCLASSsbsb
ADDITEM@F13WINDOWMANAGER12TOOLBARCLASS
ADDITEM@F13WINDOWMANAGERlUc
ADDITEMEVENT@F10POPUPCLASSsbll
ASK@F10POPUPCLASSll
ASK@F13WINDOWMANAGER
CHANGEACTION@F13WINDOWMANAGER
CONSTRUCT@F10ERRORCLASS
CONSTRUCT@F10FUZZYCLASS
CONSTRUCT@F16ERRORSTATUSCLASS
CONSTRUCT@F8INICLASS
DEBUGTRACE@FSB
DELETEACTION@F13WINDOWMANAGER
DESTRUCT@F16ERRORSTATUSCLASS
ESPDATA1:INIT@F10ERRORCLASS8INICLASS
ESPDATA1:KILL@F
ESPLICENSE@F
ESPSPLASH@F
GETPRGSETTING@FSBSB
INIT@F10ERRORCLASS16ERRORSTATUSCLASS
INIT@F10FUZZYCLASS
INIT@F10POPUPCLASS
INIT@F13WINDOWMANAGER
INIT@F8INICLASSsbll
INSERTACTION@F13WINDOWMANAGER
KILL@F10FUZZYCLASS
KILL@F10POPUPCLASS
KILL@F13WINDOWMANAGER
KILL@F8INICLASS
LOADSETTINGS@F
MANAGETHREAD@FSBLLLSBUCOLOL
OPEN@F13WINDOWMANAGER
OPEN@F13WINDOWMANAGERBwBw
PRIMEFIELDS@F13WINDOWMANAGER
PRIMEUPDATE@F13WINDOWMANAGER
RESET@F13WINDOWMANAGERUc
RESETAUTOLOGOUTTIME@FSB
RESTOREFIELD@F13WINDOWMANAGERl
RUN@F13WINDOWMANAGER
RUN@F13WINDOWMANAGERUsUc
SAVEONCHANGEACTION@F13WINDOWMANAGER
SAVEONINSERTACTION@F13WINDOWMANAGER
SecwinChangeLogin
SETALERTS@F13WINDOWMANAGER
SETOPENRELATED@F15RELATIONMANAGER
SETOPTION@F10FUZZYCLASSUcUc
SETPROCEDURENAME@F10ERRORCLASSOsb
SETRESPONSE@F13WINDOWMANAGERUc
TAKEACCEPTED@F13WINDOWMANAGER
TAKECLOSEEVENT@F13WINDOWMANAGER
TAKECOMPLETED@F13WINDOWMANAGER
TAKEDISABLEBUTTON@F13WINDOWMANAGERlUc
TAKEEVENT@F13WINDOWMANAGER
TAKEFIELDEVENT@F13WINDOWMANAGER
TAKENEWSELECTION@F13WINDOWMANAGER
TAKENOTIFY@F13WINDOWMANAGERlll
TAKEREJECTED@F13WINDOWMANAGER
TAKESELECTED@F13WINDOWMANAGER
TAKEWINDOWEVENT@F13WINDOWMANAGER
TCB$AppNumQueue
TYPE$TOOLBARCLASS
UPDATE@F13WINDOWMANAGER
VMT$ERRORCLASS
VMT$ERRORSTATUSCLASS
VMT$FUZZYCLASS
VMT$INICLASS
VMT$TOOLBARCLASS

mclient1

MCLIENT:INIT@F10ERRORCLASS8INICLASS
MCLIENT:KILL@F

msales1

MSALES:INIT@F10ERRORCLASS8INICLASS
MSALES:KILL@F

mtasks1

BROWSECLIENTPAYADJ@F
BROWSESTOCKRECEIVE@F
MTASKS:INIT@F10ERRORCLASS8INICLASS
MTASKS:KILL@F

slatps

ds_changepassword
ds_CloseTables
ds_CurrentExpiryDate
ds_CurrentName
ds_GetOldAllowed
ds_InitFileCallback
ds_LicenceOk
ds_LoginText
ds_Logout
ds_SecwinMessage
ds_SetAccess
ds_SetAppName
ds_SetDefaultFont
ds_SetPath
ds_UseLicence6
ds_UserAllowed

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c2c40d9ce2035e89986a9d7bc18aa58

Headers

File Characteristics

Imports

acomm1

afin1

asalesm1

clados

clanet

clarun

clawe

espdata1

mclient1

msales1

mtasks1

slatps

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 8KB

.cwtls Size: 512B - Virtual size: 9KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 228KB - Virtual size: 227KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 8KB

.cwtls
Size: 512B - Virtual size: 9KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 228KB - Virtual size: 227KB

.reloc
Size: 1KB - Virtual size: 1KB