02399c4b47a53610ee3ed700d9c0cbe0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

02399c4b47a53610ee3ed700d9c0cbe0_NeikiAnalytics.exe
Size

42KB
MD5

02399c4b47a53610ee3ed700d9c0cbe0
SHA1

428e658c60fdef6d03054eb826a51edfc3c29ed7
SHA256

c45f6d87ccb67a30d1f5bf088444b6bb8d496a34341d37dfcd20ff46bc3f7303
SHA512

bcca878ef0b6a2497f5fba1f8b802e19f9cdd38a9e51cbfba04f78b3d8729841b4c39b5ee86ee5c8da2393fc52b2fddce8ab207bd1ce13e514c25a7125fdbc3b
SSDEEP

768:gPpHnGwL/I4g0VAbVD1dZlaOmibVxK1J89jEbdrrA8Z6CdYId1JtJeNocDsn1RtG:gPpB3g0VAb5Da/1JAsdrrnLv17

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02399c4b47a53610ee3ed700d9c0cbe0_NeikiAnalytics.exe

Files

02399c4b47a53610ee3ed700d9c0cbe0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

e7b5f95a68c886f70c69383cde4b137f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

proj_9_3

proj_get_id_code
proj_as_proj_string
proj_get_source_crs
proj_get_units_from_database
proj_unit_list_destroy
proj_crs_get_coordinate_system
proj_cs_get_axis_count
proj_cs_get_axis_info
?create@DatabaseContext@io@proj@osgeo@@SA?AV?$nn@V?$shared_ptr@VDatabaseContext@io@proj@osgeo@@@std@@@oxygen@dropbox@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@9@PEAUpj_ctx@@@Z
?createExtent@AuthorityFactory@io@proj@osgeo@@QEBA?AV?$nn@V?$shared_ptr@VExtent@metadata@proj@osgeo@@@std@@@oxygen@dropbox@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?create@AuthorityFactory@io@proj@osgeo@@SA?AV?$nn@V?$shared_ptr@VAuthorityFactory@io@proj@osgeo@@@std@@@oxygen@dropbox@@AEBV?$nn@V?$shared_ptr@VDatabaseContext@io@proj@osgeo@@@std@@@67@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?listAreaOfUseFromName@AuthorityFactory@io@proj@osgeo@@QEBA?AV?$list@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@6@_N@Z
?westBoundLongitude@GeographicBoundingBox@metadata@proj@osgeo@@QEBANXZ
?southBoundLatitude@GeographicBoundingBox@metadata@proj@osgeo@@QEBANXZ
?eastBoundLongitude@GeographicBoundingBox@metadata@proj@osgeo@@QEBANXZ
proj_get_type
?description@Extent@metadata@proj@osgeo@@QEBAAEBV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@util@34@XZ
?geographicElements@Extent@metadata@proj@osgeo@@QEBAAEBV?$vector@V?$nn@V?$shared_ptr@VGeographicExtent@metadata@proj@osgeo@@@std@@@oxygen@dropbox@@V?$allocator@V?$nn@V?$shared_ptr@VGeographicExtent@metadata@proj@osgeo@@@std@@@oxygen@dropbox@@@std@@@std@@XZ
?createFromBBOX@Extent@metadata@proj@osgeo@@SA?AV?$nn@V?$shared_ptr@VExtent@metadata@proj@osgeo@@@std@@@oxygen@dropbox@@NNNNAEBV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@util@34@@Z
?isEquivalentName@Identifier@metadata@proj@osgeo@@SA_NPEBD0@Z
?ci_find@internal@proj@osgeo@@YA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD@Z
?split@internal@proj@osgeo@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@D@Z
?toString@internal@proj@osgeo@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NH@Z
?c_locale_stod@internal@proj@osgeo@@YANAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
proj_context_get_use_proj4_init_rules
?pj_stderr_proj_lib_deprecation_warning@@YAXXZ
?pj_get_release@@YAPEBDXZ
?pj_get_default_ctx@@YAPEAUpj_ctx@@XZ
?pj_add_type_crs_if_needed@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV12@@Z
proj_crs_promote_to_3D
?rtodms@@YAPEADPEAD_KNHH@Z
?set_rtodms@@YAXHH@Z
proj_get_name
?dmstor@@YANPEBDPEAPEAD@Z
?northBoundLatitude@GeographicBoundingBox@metadata@proj@osgeo@@QEBANXZ
proj_cleanup
proj_list_prime_meridians
proj_list_ellps
proj_list_operations
proj_log_level
proj_errno_string
proj_context_errno
proj_trans
proj_area_destroy
proj_area_set_name
proj_area_set_bbox
proj_area_create
proj_destroy
proj_create_crs_to_crs_from_pj
proj_create
proj_context_use_proj4_init_rules

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140

__std_terminate
strchr
strrchr
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
memchr
memcpy
memmove
__std_exception_copy
__std_exception_destroy
memset
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
__p___argv
__p___argc
_register_onexit_function
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_crt_atexit
strerror
terminate
_invalid_parameter_noinfo_noreturn
_cexit
exit
_errno

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-stdio-l1-1-0

fgetc
fgets
fopen
fputs
putchar
fflush
__stdio_common_vfprintf
__stdio_common_vsprintf
__acrt_iob_func
_set_fmode
__p__commode
puts
putc
fclose
fputc

api-ms-win-crt-convert-l1-1-0

strtod
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

strncmp
strcmp

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

kernel32

QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7b5f95a68c886f70c69383cde4b137f

Headers

DLL Characteristics

File Characteristics

Imports

proj_9_3

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 76B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 76B