296716b17abe6f171f7d3997a43e9780_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

296716b17abe6f171f7d3997a43e9780_NeikiAnalytics.exe
Size

452KB
MD5

296716b17abe6f171f7d3997a43e9780
SHA1

de20c9170dc5f618c2e07cfd4990b2ec7ac86242
SHA256

0d59ff8321d2bd87d2f6d612e5c39ecc722a2680a26f519c5a5f560ddd7d0f92
SHA512

4d2b44bbcd916ddb217a673ef9b70219d5fc18ff59544221df7c9707cdf119856e44c80e87dd1b6285f25503d047217b9a482d67af6e16237094702caba26f64
SSDEEP

6144:o5xld89RX3+jq1M+OjxKLjxsExbiWeOP9Hggk12E91H3XBQygTG/9iYvEP:glARX3cq1MWR1XeOPScICJyEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296716b17abe6f171f7d3997a43e9780_NeikiAnalytics.exe

Files

296716b17abe6f171f7d3997a43e9780_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

2b8564ff593b90cb6ce69b46b147bb2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\BIEW\PJ_SP-BIEW0808\Packages\InfoDisplay\Rel\InfoDisplay.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

xerces-c_2_6

?fgXercescDefaultLocale@XMLUni@xercesc_2_6@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_6@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
??1MemBufInputSource@xercesc_2_6@@UAE@XZ
??0MemBufInputSource@xercesc_2_6@@QAE@QBEIQBG_NQAVMemoryManager@1@@Z
?makeStream@MemBufInputSource@xercesc_2_6@@UBEPAVBinInputStream@2@XZ
??2XMemory@xercesc_2_6@@SAPAXI@Z
??0Wrapper4InputSource@xercesc_2_6@@QAE@QAVInputSource@1@_NQAVMemoryManager@1@@Z
?setEncoding@Wrapper4InputSource@xercesc_2_6@@UAEXQBG@Z
??1Wrapper4InputSource@xercesc_2_6@@UAE@XZ
??3XMemory@xercesc_2_6@@SAXPAX@Z
?Terminate@XMLPlatformUtils@xercesc_2_6@@SAXXZ
?getEncoding@InputSource@xercesc_2_6@@UBEPBGXZ
?getPublicId@InputSource@xercesc_2_6@@UBEPBGXZ
?getSystemId@InputSource@xercesc_2_6@@UBEPBGXZ
?getIssueFatalErrorIfNotFound@InputSource@xercesc_2_6@@UBE_NXZ
?setEncoding@InputSource@xercesc_2_6@@UAEXQBG@Z
?setPublicId@InputSource@xercesc_2_6@@UAEXQBG@Z
?setSystemId@InputSource@xercesc_2_6@@UAEXQBG@Z
?setIssueFatalErrorIfNotFound@InputSource@xercesc_2_6@@UAEX_N@Z
?fgMemoryManager@XMLPlatformUtils@xercesc_2_6@@2PAVMemoryManager@2@A
?transcode@XMLString@xercesc_2_6@@SA_NQBDQAGIQAVMemoryManager@2@@Z
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_6@@SAPAVDOMImplementation@2@PBG@Z
?transcode@XMLString@xercesc_2_6@@SAPAGQBD@Z
?transcode@XMLString@xercesc_2_6@@SAPADQBG@Z
?release@XMLString@xercesc_2_6@@SAXPAPAD@Z
?release@XMLString@xercesc_2_6@@SAXPAPAG@Z
??0DOMErrorHandler@xercesc_2_6@@IAE@XZ
??1DOMErrorHandler@xercesc_2_6@@UAE@XZ

mfc71

ord6297
ord744
ord1452
ord5346
ord5097
ord556
ord5563
ord5491
ord5320
ord6286
ord5419
ord4109
ord5529
ord631
ord1440
ord2751
ord3931
ord2288
ord2280
ord386
ord442
ord382
ord675
ord3850
ord6178
ord1248
ord6205
ord1230
ord1486
ord4044
ord548
ord378
ord723
ord531
ord1084
ord2285
ord1115
ord314
ord262
ord1069
ord1072
ord1003
ord2748
ord3150
ord4081
ord870
ord866
ord4063
ord423
ord3019
ord907
ord2468
ord5403
ord1917
ord869
ord3022
ord4066
ord2271
ord664
ord663
ord427
ord426
ord5469
ord4067
ord783
ord5430
ord2131
ord1916
ord6168
ord1258
ord6295
ord5331
ord1580
ord259
ord2346
ord3255
ord1482
ord266
ord265
ord1187
ord1191
ord300
ord1247
ord2322
ord911
ord6118
ord2933
ord299
ord2902
ord1489
ord3830
ord297
ord395
ord304
ord3934
ord2272
ord3997
ord781
ord4108
ord784
ord4085
ord1254
ord762
ord764
ord5715
ord5716
ord1185
ord6006
ord876
ord2248
ord745
ord566
ord310
ord557
ord757
ord578
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord581
ord1167
ord1092
ord1209
ord315
ord765
ord1056
ord1207

msvcr71

_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
strcat
_rmdir
strtoul
_ultoa
realloc
strcpy
_mbsstr
strlen
memset
_mbsninc
_mbsinc
_mbsdec
_mbsnbcpy
_mbschr
fprintf
_mkdir
_errno
fopen
fclose
atol
time
_localtime64
memmove
_mbsicmp
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
qsort
isdigit
_atoi64
_purecall
strncpy
_vsnprintf
_strdup
sprintf
strncat
atoi
_except_handler3
_resetstkoflw
free
malloc
__CxxFrameHandler
_snprintf
_stricmp
srand
rand
_mbspbrk
_mbsrchr
_mbscmp
_mbsnbcmp
_ismbcdigit
_setmbcp
_ftime

kernel32

MultiByteToWideChar
GetVersionExA
MoveFileA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
CreateEventA
MapViewOfFile
lstrlenA
GetCurrentProcessId
CreateFileMappingA
CreateThread
GetProcAddress
LoadLibraryA
GetLocalTime
OutputDebugStringA
DeleteFileA
CreateFileA
CreateDirectoryA
InitializeCriticalSection
GetLastError
ResetEvent
GetCurrentProcess
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultUILanguage
OpenFileMappingA
DeleteCriticalSection
Sleep
GetModuleFileNameA
SetEvent
CloseHandle
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
CopyFileA
GetTickCount
GetShortPathNameA
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalHandle
ReadFile
GlobalLock
GetFileInformationByHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
SetFileAttributesA
MoveFileExA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentThreadId

user32

PostMessageA
wsprintfA

advapi32

IsValidSid
ConvertSidToStringSidA
GetUserNameA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
LookupAccountNameA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SafeArrayRedim
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SysAllocStringLen
VariantInit
SysFreeString
SysAllocString
VariantCopy
VariantClear

msvcp71

?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b8564ff593b90cb6ce69b46b147bb2f

Headers

File Characteristics

PDB Paths

Imports

version

xerces-c_2_6

mfc71

msvcr71

kernel32

user32

advapi32

ole32

oleaut32

msvcp71

Sections

.text Size: 344KB - Virtual size: 340KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 344KB - Virtual size: 340KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 24KB - Virtual size: 23KB