e280beadf310d651f1465186ff0badc0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e280beadf310d651f1465186ff0badc0_NeikiAnalytics.exe
Size

176KB
MD5

e280beadf310d651f1465186ff0badc0
SHA1

a5c9a787fd215640a2926d8c453a916fe962f1f1
SHA256

03c70cf642ed9ebb52c2689902a9c36e9986f0c9e9431e5f0d7980c83d99afa7
SHA512

6e8eff027f348e1d6807db2a06d8082a7d97c8c965e82ed4c7db5f6d82afb07373d41803cf69ca092a402407996e68218ad04cc72adc482217d4a55b902ea7bf
SSDEEP

3072:4aQ+xuueMTWVX5XWXY9rvvr3hPIjpgwLdNl2KyAsgsLaCrTLUCMCN0V+QG:4a5DeMTWVX5XWervvThPIp9GgCrTgCMq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e280beadf310d651f1465186ff0badc0_NeikiAnalytics.exe

Files

e280beadf310d651f1465186ff0badc0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

1d632003e2a1dbe21bf75cc48f80b018

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\global\Release\bin\acad\StyShWiz.pdb

Imports

hcreg8

hcreg_SetErrorHandler
?GetDriverDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetPlotStylesDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetAppKey@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?GetCurrentPlotStylePolicy@@YAKXZ
?GetProductBaseName@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
IsACADApp
?GetProductName@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetPMPDirectory@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetProgramName@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?GetCompanyName@@YA?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ

plotcfg8

?what@HT_Exception@@UBEPBDXZ
??1HT_Exception@@UAE@XZ
?SPMP@@YAPAVHT_SPMem_Pool@@XZ

plcfmgr

?load_sty@HT_Plot_Config_Manager@@QAE?AV?$HT_Smart_Pointer@VHT_Style_Sheet_Configuration@@@@VHT_String@@@Z
?sty_to_pm3@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@V?$HT_Smart_Pointer@VHT_Style_Sheet_Configuration@@@@PBD_N@Z
??0HT_Style_Sheet_Configuration_Imp@@QAE@XZ
?update_sty_cfg@HT_Plot_Config_Manager@@QAEX_NPBD1HVHT_String@@V?$HT_Smart_Pointer@VHT_Style_Sheet_Configuration@@@@V?$HT_Smart_Pointer@VHT_Error_Handler@@@@1AA_N555@Z
??0HT_Plot_Config_Manager@@QAE@AAVHT_String@@00V?$HT_Smart_Pointer@VHT_Error_Handler@@@@K@Z
??0HT_Plot_Style_Imp@@QAE@PBD@Z
?load_cfg@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@PBD0HVHT_String@@1J@Z
?load_pc2@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@PBD000AAVHT_String@@JV?$HT_Smart_Pointer@VHT_Plot_Config@@@@@Z
?save_sty@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@PBD0J@Z
?load_pcp@HT_Plot_Config_Manager@@QAE?AW4Enum@HT_Config_Return@@PBD000AAVHT_String@@JV?$HT_Smart_Pointer@VHT_Plot_Config@@@@@Z

heidi8

??1HT_String@@UAE@XZ
??1HT_Object@@UAE@XZ
??3HT_Object@@SAXPAX@Z
??3HT_String@@SAXPAX@Z
??0HT_String@@QAE@ABV0@@Z
?copy@HT_String@@QAEXPBD@Z
??2HT_Object@@SAPAXI@Z
??0HT_String@@QAE@PBD@Z

apperr

HD_Create_App_Error_Handler

styedit

StyEditEx

userdata

?InstallUserData@@YGIXZ

adui16

?makeRegistryVersion@CERutil@@UAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
??1CERutil@@UAE@XZ
??0CERutil@@QAE@XZ
?setTheCERutil@CERutil@@SA_NPAV1@@Z
?getInstalledProductName@CERutil@@UBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?getInstalledProductKey@CERutil@@UBE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?getVersionNumber@CERutil@@UAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PADAAH111@Z
?makeBuildVersion@CERutil@@UAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HHHH@Z

color

FlushColorBooks

mfc70

ord523
ord1058
ord984
ord3356
ord462
ord659
ord1406
ord3003
ord561
ord1781
ord1344
ord3884
ord1939
ord1399
ord5669
ord1273
ord4015
ord4986
ord4503
ord2799
ord4042
ord2979
ord532
ord1646
ord1643
ord1744
ord3471
ord957
ord982
ord5838
ord5565
ord332
ord572
ord2124
ord2132
ord2561
ord1307
ord2012
ord2474
ord2479
ord2564
ord4648
ord4851
ord3196
ord3890
ord2712
ord4853
ord4361
ord2864
ord1871
ord2896
ord5462
ord977
ord261
ord518
ord701
ord2204
ord1162
ord3565
ord5815
ord1829
ord331
ord571
ord2201
ord503
ord686
ord5474
ord389
ord617
ord5471
ord703
ord705
ord1081
ord1077
ord3062
ord3061
ord5432
ord3008
ord4043
ord4267
ord3751
ord2461
ord3513
ord3523
ord3522
ord2751
ord2352
ord2463
ord2359
ord2675
ord2529
ord4088
ord2648
ord1099
ord2356
ord4972
ord1451
ord1507
ord1508
ord1814
ord4954
ord1234
ord4748
ord3152
ord5991
ord3610
ord5993
ord1377
ord2020
ord2026
ord2234
ord2216
ord2214
ord2237
ord2242
ord2223
ord2239
ord823
ord819
ord821
ord817
ord812
ord5714
ord1452
ord4063
ord4500
ord3208
ord4975
ord3966
ord5989
ord4854
ord1760
ord4933
ord4025
ord1272
ord3748
ord1469
ord1472
ord5666
ord1403
ord1522
ord1523
ord4671
ord4515
ord3992
ord4958
ord4691
ord4246
ord4406
ord4365
ord4245
ord4275
ord4753
ord4501
ord4983
ord1870
ord3994
ord3971
ord4625
ord4398
ord4578
ord4852
ord1725
ord5950
ord1180
ord2024
ord5591
ord3487
ord512
ord698
ord1014
ord947
ord1886
ord2096
ord3140
ord4262
ord2651
ord5322
ord4985
ord5002
ord4349
ord3750
ord4998
ord4996
ord2741
ord1770
ord3640
ord5152
ord5933
ord4883
ord899
ord3614
ord5339
ord1868
ord1913
ord4107
ord5990
ord3609
ord5992
ord3814
ord3832
ord3357
ord662
ord472
ord3472
ord869
ord4053
ord1376
ord4061
ord4984
ord1434
ord4364
ord1199
ord2232
ord2244
ord2221
ord2225
ord2227
ord2229
ord2219
ord5005
ord5007
ord262
ord706
ord1097
ord2546
ord4517

msvcr70

exit
__CxxFrameHandler
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
?terminate@@YAXXZ
_controlfp
_except_handler3
vsprintf
_vscprintf
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_mbsnbcpy
_mbsicmp
strcspn
strpbrk
__doserrno
atoi
_splitpath
_CxxThrowException
_mbsrchr
_mbsstr
_ismbcspace
_mbsinc
_ismbblead
_mkdir
memmove
_mbscmp
__p__fmode
_stricmp
_setmbcp
_mbschr

kernel32

lstrcpyA
lstrlenA
SetErrorMode
CreateFileA
CloseHandle
GetLastError
FormatMessageA
WideCharToMultiByte
GetVersionExA
DeleteFileA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
GetSystemTimeAsFileTime
LoadLibraryA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
LocalAlloc
GetModuleFileNameA

user32

EnableWindow
GetParent
EnumChildWindows
SendMessageA
PostMessageA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

shlwapi

PathFileExistsA

msvcp70

??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d632003e2a1dbe21bf75cc48f80b018

Headers

File Characteristics

PDB Paths

Imports

hcreg8

plotcfg8

plcfmgr

heidi8

apperr

styedit

userdata

adui16

color

mfc70

msvcr70

kernel32

user32

advapi32

shlwapi

msvcp70

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 107KB - Virtual size: 108KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 107KB - Virtual size: 108KB