cf772bdbb37d9e64c8d44daa5cc59530_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

cf772bdbb37d9e64c8d44daa5cc59530_NeikiAnalytics
Size

2.7MB
MD5

cf772bdbb37d9e64c8d44daa5cc59530
SHA1

206b3f2a98e2e4ba371aa8bad7b40487d8e394ca
SHA256

bf26a92d0391c6528b8305001ec34f47aef2e026822548688bc4bd44e7ea71b6
SHA512

e1812e3536862eaeb52d99aa9498c8395d0bfed7258ad87827be4c39acee5cee9c98cc773f2285a3b9dbcec9280038f5aad1490e82e7f9a65eae396e9e44a5f0
SSDEEP

24576:Z0ePOydnM8BHZrLgk0kTW0BJdQK6Zd5VAd3KKR9PgndGAsaTSEIE4QywU84twD/L:2ePOyxM8B5roYW3EaTSEIE4QywU84OT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf772bdbb37d9e64c8d44daa5cc59530_NeikiAnalytics

Files

cf772bdbb37d9e64c8d44daa5cc59530_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

60f9c4551e4c2961bfb9add9de3e09fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?momSOff
?domNot
?retStackValue
?retNil
SETAPPWINDOW
SETAPPFOCUS
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?conNNewNil
?symPrivateConst
?domAssign
ARRAY
?getRFPC
AFILL
?symRefItemConst
GETENV
RIGHT
?domAdd
DATE
?symPublicConst
?retStackItem
CHR
TYPE
UPPER
ALLTRIM
FILE
DBSELECTAREA
DBCLOSEAREA
DBGOTOP
EOF
DBSKIP
DTOS
SUBSTR
SPACE
DTOC
LEFT
?getWFPC
VAL
?domEql
?orShortCut
?domOr
?andShortCut
?domAnd
?domNEql
CTOD
STR
?domValLCmp
DBCLOSEALL
APPDESKTOP
LEN
ACREATE
?domGetElem
?symGetItemConst
?executeMacro
?domRefElem
?conNewNil
?conNewLogic
?passParameter
?conNewCon
NATIONMSG
?conSendItem
?conAssignRefWMember
__vft19ConNumericIntObject10AtomObject
?pushCodeBlock
?conMemberToItem
__vft20ConStringConstObject10AtomObject
__vft14ConLogicObject10AtomObject
POSTAPPEVENT
?conRelease
?domValEql
EVAL
__vft14ConStringShort10AtomObject
?symParameterConst
SET
FERASE
DBSEEK
FOUND
?domValGCmp
?domSub
?domLCmp
TRANSFORM
ACOPY
SETAPPEVENT
?domValNEql
__vft21ConNumericFloatObject10AtomObject
REPLICATE
?domValGECmp
?domInc
MAX
DBCLEARRELATION
_EARLYBOUNDCODEBLOCK
DBSETRELATION
DBCREATEINDEX
ORDLISTCLEAR
ORDLISTADD
ORDSETFOCUS
?getRFCC
EMPTY
?domGECmp
?domLECmp
?domGCmp
DBGOBOTTOM
TRIM
PCOL
?Xb2MacroSubstStringConst
?executeLMacro
?getRFCS
SELECT
LASTREC
?conNewString
DBCLEARFILTER
DBSETFILTER
DBZAP
PAD
?domNegate
PCOUNT
ROUND
BOF
DBAPPEND
?getWCFC
RTRIM
?domXEql
?domSubStr
RLOCK
?domMul
DBUNLOCK
AT
?domValSubStr
?domDiv
ASCAN
?setCWArea
?restWArea
_SYMLOAD
RECCOUNT
_SYMSAVE
STRTRAN
DBGOTO
ALIAS
FIELDNAME
RECNO
DBDELETE
FCREATE
FCLOSE
RAT
DBEVAL
MIN
?domAddEqu
INT
MSGBOX
?domValLECmp
SCROLL
SETPOS
DEVPOS
DEVOUT
SAVESCREEN
DISPBOX
RESTSCREEN
MAXROW
MAXCOL
SETCOLOR
_ATPROMPT
_MENUTO
?getWCFS
DBSORT
CURDRIVE
CURDIR
INDEXKEY
LTRIM
?domValXEql
SETCURSOR
DBUSEAREA
INDEXORD
?getWFCC
?conOpNewInt
APPEVENT
MONTH
ISMEMBERVAR
ADEL
FWRITE
YEAR
SETPRC
?callStack
BREAK
ERRORBLOCK
?ehUnsetContext
?ehGetBreakContainer
ACHOICE
LASTKEY
FOPEN
DBLOCATE
_KEYBOARD
PROW
VALTYPE
FERROR
FSEEK
GRASTRINGAT
FREAD
GRAPOS
_EJECT
ISPRINTER
INKEY
ASORT
TIME
RANDOMINT
FCOUNT
MEMOREAD
MEMOWRIT
?nomClassLock
?nomTryFindRegisteredClass
?retObject
?nomClassUnlock
XBPFONT
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?nomRegisterClass
?nomCallInitClass
?conGetSelfClass
FSIZE
FREADSTR
DBELOAD
ALERT
DBEBUILD
DBESETDEFAULT
SETCOLLATION
LOCALECONFIGURE
STUFF
ORDCOUNT
ORDBAGNAME
AEVAL
DBCONTINUE
ISMETHOD
ASIZE
ASC
NETERR
FLOCK
DAY
ABS
GET
ROW
COL
AADD
?symPublicFalse
DBCOPYSTRUCT
CREATEDIR
SETENV
?domMod
TONE
CONFIRMBOX
SETKEY
MLCOUNT
MEMOEDIT
?nomDefineVarMethod
XBPCLIPBOARD
?domDec
LASTAPPEVENT
ATAIL
NEXTAPPEVENT
ACLONE
DBCOMMITALL
_QUIT
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version

xppsys

MOD
XBPDIALOG
XBPSTATIC
XBPPUSHBUTTON
GETAPPLICATION
DBCREATEEXTSTRUCT
DBCREATEFROM
_DBEXPORT
_DBIMPORT
DBTOTAL
XBPSLE
XBPMLE
ADIR
XBPPRESSPACE
GRASETFONT
XBPRADIOBUTTON
AFIELDS
READINSERT
XBPLISTBOX
GETPARENTFORM
READKILL
ANCHORCB
READMODAL
XBPMENU
XBPCRT
APPEXIT
ERRORSYS

xppdbgc

__XPPdbgClient

xppui2

XBPQUICKBROWSE
XBPPRINTDIALOG

adac20b

DACPAGEDDATASTORE

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60f9c4551e4c2961bfb9add9de3e09fd

Headers

File Characteristics

Imports

xpprt1

xppsys

xppdbgc

xppui2

adac20b

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 255KB - Virtual size: 255KB

.xpp Size: 16KB - Virtual size: 16KB

.idata Size: 7KB - Virtual size: 6KB

.reloc Size: 104KB - Virtual size: 104KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 255KB - Virtual size: 255KB

.xpp
Size: 16KB - Virtual size: 16KB

.idata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 104KB - Virtual size: 104KB