b0af8dcb6b25bfce8517268f99aba8b0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

b0af8dcb6b25bfce8517268f99aba8b0_NeikiAnalytics
Size

1.2MB
MD5

b0af8dcb6b25bfce8517268f99aba8b0
SHA1

2028098c80c0629ed153d0ee30b176a586e52dda
SHA256

b89100b881515cd3f59ee77939c15a8504800a364117220ad1d6c9aa4e63a09c
SHA512

160c57a40801afb941a2951355d49b3e7b76b913b57b99631917ec3345684511aa1758c863884f9d2c0c7a51eee7054d6e58a7f6efe664bec775d7f8dbccfc1a
SSDEEP

3072:e1+BHr4cPtg0EUSSKz3wC/hEM+FMVGaHTA/EV/L20MscPKo320A87jop9Vhx6L5T:jdEUgysSKoGFzMDQ4hb/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0af8dcb6b25bfce8517268f99aba8b0_NeikiAnalytics

Files

b0af8dcb6b25bfce8517268f99aba8b0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

14a54c8c840f682e7547e6470b2ee75a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

f3bicblr

ord89

f5ddfcb4

?sMarkPowerCobolMain@OFjCobCmpScr@@SGXXZ
?sLoadCobolCount@OFjCobCmpScr@@SGXXZ
?sUnloadCobolCount@OFjCobCmpScr@@SGXXZ
XPOW_SET_COBOL_PARAM
XPOW_CPY_COBOL_PARAM
XPOW_INVOKE_BY_ID_2
XPOW_RELEASE_DISPATCH
?sCanClearCobolRuntime@OFjCobCmpScr@@SGHXZ

f5ddcy41

?sExeEntry@OCfModule@@SGKPAUHINSTANCE__@@PADHPAPAUICfModule@@PAX@Z

f5ddgadp

XPOWCFWNDSETNUMERIC
XPOWCFWNDGETNUMERIC

f3biprct

ord39
ord18
ord30
ord27
ord25
ord28
ord1
ord3
ord31
ord67
ord26
ord54

f3biio

ord38
ord22

f3bilpio

ord9
ord8
ord1

f3biprio

ord1

kernel32

LCMapStringW
GetStringTypeA
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
GetStringTypeW
MultiByteToWideChar
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP

Exports

Exports

PANTALLAPRINCIPAL
V1ALUMNO
V1CACOEL

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14a54c8c840f682e7547e6470b2ee75a

Headers

File Characteristics

Imports

f3bicblr

f5ddfcb4

f5ddcy41

f5ddgadp

f3biprct

f3biio

f3bilpio

f3biprio

kernel32

Exports

Exports

Sections

.text Size: 372KB - Virtual size: 371KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 580KB - Virtual size: 579KB

.rodata Size: 16KB - Virtual size: 12KB

.rsrc Size: 228KB - Virtual size: 225KB

.text
Size: 372KB - Virtual size: 371KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 580KB - Virtual size: 579KB

.rodata
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 228KB - Virtual size: 225KB