dd00eb5d232ada949f19593cbab87600_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dd00eb5d232ada949f19593cbab87600_NeikiAnalytics
Size

16KB
MD5

dd00eb5d232ada949f19593cbab87600
SHA1

54a53f5a75071e0ec1e51fa228dd2f1337ee384a
SHA256

1a05235f461d7a9f0680a368f5f55c8ecabf6ea62f0460c500ab9c80387331e2
SHA512

9ee6cb223dbbb82c404ff8d0793bdee4879714cb7221b3b88519352457d8c66e6e6b4de6ca6a0f375a3ceb189883050244d928669576da300adaf3f86c718a35
SSDEEP

384:bWAQoAeABkNfolKymRcOP5yJFQpbVHQo:aqugRtP5yJmZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd00eb5d232ada949f19593cbab87600_NeikiAnalytics

Files

dd00eb5d232ada949f19593cbab87600_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

5c25f6e7952e721fcbcc53a048a6e3c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\dpetracca\Escritorio\rli-7.8.1-sdk-ia32-w32-msvc80\rlp\euclid\source\samples\obj_g\ia32-w32-msvc80\ngsample.pdb

Imports

bteuclidd78

?scriptISOName@BT_Euclid@@SAPBDH@Z
?create@BT_Euclid_ResultIterator@@SAPAV1@I@Z
?encodingMimeName@BT_Euclid@@SAPBDW4BT_Euclid_Encoding@@@Z
?languageName@BT_Euclid@@SAPBDH@Z
?destroy@BT_Euclid_ResultIterator@@QAEXXZ
??0BT_StackEuclid@@QAE@XZ
??1BT_StackEuclid@@QAE@XZ
??RBT_StackEuclid@@QAEAAVBT_Euclid@@XZ
?statusMessage@BT_Euclid@@SAPBDH@Z
?VersionIsCompatible@BT_Euclid_Library@@SAEK@Z
?VersionString@BT_Euclid_Library@@SAPBDXZ

msvcr100d

_wassert
fprintf
__iob_func
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
strlen
__getmainargs
_exit
_XcptFilter
_cexit
exit
__initenv
_CrtSetCheckCount
_CrtDbgReportW
_initterm
_initterm_e
_crt_debugger_hook
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__CxxFrameHandler3
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
_amsg_exit

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
EncodePointer
HeapSetInformation

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 762B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c25f6e7952e721fcbcc53a048a6e3c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bteuclidd78

msvcr100d

kernel32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 762B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 762B