5d5ecd7dd141156ac7f488d28c4f88e0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5d5ecd7dd141156ac7f488d28c4f88e0_NeikiAnalytics.exe
Size

556KB
MD5

5d5ecd7dd141156ac7f488d28c4f88e0
SHA1

ec50d6d1c0a7f9365e442801b258abc1eff02263
SHA256

65f493ecac332c08cf9aacdf818b8b766f97c50233f706dbf7c7867271d3bea3
SHA512

faf5058bd64548051e45c7dc2de00bd211d9311c7261481f9d9acbc8e5ed809af57a67268da1ae04b5fec369e804c9e2b3ab9f03c879ece2086d8a009cd782b3
SSDEEP

6144:MDqkJl2b7vNUEwGROOJ0IjH6tPbXJHnDwvOgY7F/p/uwONct43j92UiPQp:MDqq2bJUEfRojJ2+9pGHNu4B2Ut

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5d5ecd7dd141156ac7f488d28c4f88e0_NeikiAnalytics.exe

Files

5d5ecd7dd141156ac7f488d28c4f88e0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

7a4e66f3ec8a792000b0e735abb49f1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\JMY\documents\visual studio 2010\Projects\TTE_Application\Debug\TTE_Application.pdb

Imports

mfc100ud

ord12076
ord9934
ord9898
ord3403
ord3537
ord2809
ord2148
ord15717
ord12055
ord3250
ord12398
ord10600
ord9931
ord9895
ord13730
ord14638
ord4212
ord4905
ord12188
ord15641
ord3344
ord3343
ord3521
ord8652
ord2876
ord15589
ord5943
ord2727
ord3823
ord4247
ord4232
ord15847
ord14366
ord3318
ord15648
ord4387
ord2131
ord12646
ord15626
ord14460
ord2967
ord2992
ord12514
ord1449
ord712
ord7401
ord14224
ord2642
ord4606
ord6687
ord12634
ord10187
ord13156
ord8990
ord9205
ord4785
ord15660
ord2117
ord9929
ord9881
ord15532
ord9339
ord14064
ord15814
ord12246
ord1774
ord2837
ord4322
ord2863
ord8955
ord9936
ord9897
ord12056
ord3252
ord10231
ord9896
ord9902
ord4214
ord4907
ord15643
ord3392
ord3533
ord13893
ord9271
ord9363
ord9266
ord9366
ord14440
ord8829
ord8830
ord8874
ord13709
ord13677
ord4020
ord13939
ord6432
ord6375
ord14447
ord13792
ord2893
ord13943
ord8667
ord15765
ord13170
ord9782
ord12283
ord11257
ord12812
ord10023
ord10043
ord2847
ord4386
ord4400
ord10885
ord10448
ord10453
ord10463
ord9804
ord5111
ord2127
ord4473
ord3509
ord10322
ord4770
ord9956
ord2032
ord15505
ord2850
ord9879
ord14039
ord9305
ord15592
ord12690
ord6918
ord1251
ord15031
ord14807
ord3359
ord3438
ord10239
ord12450
ord14846
ord8852
ord1003
ord1148
ord15748
ord7718
ord9310
ord532
ord14152
ord6450
ord8678
ord14092
ord10217
ord2205
ord15459
ord5625
ord7553
ord2365
ord1340
ord4376
ord14093
ord8559
ord862
ord14708
ord12288
ord1802
ord3358
ord9300
ord4076
ord3033
ord13615
ord1095
ord6844
ord5606
ord9220
ord7178
ord1674
ord5232
ord13988
ord5441
ord6487
ord1460
ord6848
ord7671
ord4291
ord6887
ord5520
ord457
ord302
ord6265
ord2318
ord9585
ord9590
ord2204
ord9586
ord3760
ord754
ord1439
ord9575
ord9582
ord2303
ord9064
ord7853
ord9452
ord3189
ord8229
ord1451
ord1441
ord7880
ord1239
ord1264
ord1210
ord1105
ord6337
ord693
ord732
ord625
ord471
ord14235
ord10153
ord6559
ord14926
ord15966
ord8687
ord5369
ord5336
ord5332
ord5366
ord5387
ord5345
ord5374
ord5383
ord5353
ord5357
ord5361
ord5349
ord5378
ord5341
ord1777
ord1770
ord1766
ord10178
ord2743
ord4885
ord13127
ord15963
ord13027
ord9044
ord3351
ord9282
ord5398
ord5399
ord6759
ord13451
ord1788
ord14936
ord6564
ord14934
ord6563
ord12345
ord6586
ord9768
ord10293
ord12720
ord12715
ord5867
ord4044
ord4991
ord12408
ord11293
ord2103
ord11743
ord2093
ord6322
ord12423
ord10143
ord10649
ord12416
ord4223
ord2079
ord4745
ord16188
ord1870
ord1869
ord694
ord9352
ord3386
ord3385
ord10243
ord13050
ord14776
ord2308
ord2613
ord4575
ord1427
ord15999
ord13508
ord8041
ord15290
ord16683
ord16170
ord8043
ord8040
ord8044
ord9420
ord8042
ord16726
ord14592
ord8039
ord990
ord13020
ord12377
ord4290
ord9681
ord9684
ord5067
ord7004
ord1403
ord1096
ord16017
ord14123
ord12900
ord458
ord962
ord1212
ord629
ord7351
ord2649
ord4613
ord14784
ord15327
ord14873
ord15341
ord15457
ord5890
ord15397
ord14609
ord7140
ord5681
ord6369
ord16047
ord9884
ord8659
ord6988
ord6996
ord15088
ord12426
ord15664
ord15083
ord3279
ord15086
ord15018
ord10682
ord10487
ord9957
ord2894
ord3134
ord5071
ord5094
ord5088
ord5099
ord15921
ord9872
ord13495
ord7029
ord5976
ord6227
ord16057
ord10634
ord6460
ord6456
ord11419
ord2068
ord6014
ord6009
ord16080
ord9806
ord11538
ord11592
ord11701
ord11496
ord12682
ord9801
ord13828
ord6414
ord5972
ord4471
ord10081
ord14631
ord10539
ord8999
ord14272
ord9136
ord1855
ord8375
ord12857
ord1248
ord709
ord3391
ord1032
ord14751
ord7790
ord7776
ord5741
ord14164
ord365
ord2045
ord14718
ord508
ord7284
ord13168
ord10069
ord3365
ord4433
ord9670
ord3193
ord4082
ord15947
ord2958
ord1132
ord15884
ord605
ord2298
ord7918
ord15538
ord8430
ord2247
ord1034
ord1100
ord608
ord369
ord463
ord1202
ord14564
ord2043
ord4998
ord14322
ord4996
ord609
ord610
ord4754
ord4831
ord607
ord4728
ord611
ord6526
ord5304
ord4849
ord1947
ord1914
ord855
ord1339
ord2049
ord612
ord844
ord613
ord292
ord9641
ord15445
ord4777
ord4798
ord12368
ord3557
ord6859
ord4146
ord8218
ord8374
ord11059
ord11055
ord11052
ord1429
ord16556
ord992
ord7543
ord2695
ord4670
ord11148
ord6343
ord13997
ord13167
ord13216
ord11324
ord9053
ord13206
ord13198
ord6535
ord4053
ord16155
ord16158
ord16156
ord16159
ord16154
ord16157
ord8765
ord13525
ord15841
ord12908
ord16763
ord2080

msvcr100d

__CxxFrameHandler3
_fmode
_commode
__setusermatherr
_snprintf_s
_errno
_CxxThrowException
_CrtDbgReport
free
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
wcslen
??_V@YAXPAX@Z
memset
_purecall
_configthreadlocale
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
_wcmdln
exit
_cexit
_XcptFilter
_exit
__wgetmainargs
_amsg_exit
__set_app_type

kernel32

LocalFree
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
MulDiv
CreateDirectoryW
lstrlenW
InterlockedExchange
Sleep
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
DecodePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
CopyFileW
MultiByteToWideChar
RaiseException
lstrlenA
InterlockedDecrement
InterlockedIncrement
lstrcpyW
EncodePointer
LoadLibraryW
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetProcAddress

user32

InflateRect
IsRectEmpty
CopyRect
SetRect
SetRectEmpty
EqualRect
OffsetRect
IntersectRect
PtInRect
SubtractRect
GetSystemMetrics
LoadImageW
GetSysColor
UnionRect

gdi32

GetStockObject
DeleteObject

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW

oleaut32

VariantClear
SysFreeString
GetErrorInfo
VariantChangeType
VariantInit
CreateErrorInfo
SysAllocString
SetErrorInfo

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a4e66f3ec8a792000b0e735abb49f1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100ud

msvcr100d

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleaut32

advapi32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 152KB - Virtual size: 152KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 12KB - Virtual size: 12KB

.rsrc Size: 332KB - Virtual size: 332KB

.reloc Size: 14KB - Virtual size: 14KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 332KB - Virtual size: 332KB

.reloc
Size: 14KB - Virtual size: 14KB