27527965ed37903482aa7f0db7237720_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

27527965ed37903482aa7f0db7237720_NeikiAnalytics.exe
Size

60KB
MD5

27527965ed37903482aa7f0db7237720
SHA1

4583875b6a9b04d0325b889b112091f141957d04
SHA256

b74b796fd3c6e0d342000db09e87668aa670bb576ca01296fd64e779de603445
SHA512

ad3a36c71dc7ae422ef7d74fc1a50a7f8fb78523f6af4b765e5bf079bad42ad46b18895cd479f03a51f5a7b4fad9f64aab0bea3752969544fb388e7485522999
SSDEEP

768:1HGJ8nF2UHY1demW7KSxQamnhavjlugRujommh2u/6x:1O7wmW7KUQaWhKusfmef6x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27527965ed37903482aa7f0db7237720_NeikiAnalytics.exe

Files

27527965ed37903482aa7f0db7237720_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

84038ff2406643482f65e79cc2decada

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl100.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@LoadResString$qqrp20System@TResStringRec
@System@FreeMemory$qpv
@System@TInterfacedObject@_Release$qqsv
@System@TInterfacedObject@_AddRef$qqsv
@System@TInterfacedObject@QueryInterface$qqsrx5_GUIDpv
@System@TInterfacedObject@NewInstance$qqrp17System@TMetaClass
@System@TInterfacedObject@BeforeDestruction$qqrv
@System@TInterfacedObject@AfterConstruction$qqrv
@System@@IntfAddRef$qqrx45System@%DelphiInterface$t17System@IInterface%
@System@@IntfCopy$qqrr45System@%DelphiInterface$t17System@IInterface%x45System@%DelphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@%DelphiInterface$t17System@IInterface%
@System@RegisterModule$qqrp17System@TLibModule
@System@@FinalizeArray$qqrpvt1ui
@System@@FinalizeRecord$qqrpvt1
@System@@WStrAddRef$qqrr17System@WideString
@System@@WStrCat3$qqrr17System@WideStringx17System@WideStringt2
@System@@WStrToPWChar$qqrx17System@WideString
@System@@WStrFromLStr$qqrr17System@WideStringx17System@AnsiString
@System@@WStrAsg$qqrr17System@WideStringx17System@WideString
@System@@WStrArrayClr$qqrpvi
@System@@WStrClr$qqrpv
@System@@LStrCopy$qqrv
@System@@LStrToPChar$qqrx17System@AnsiString
@System@@LStrAddRef$qqrpv
@System@@LStrCmp$qqrv
@System@@LStrCatN$qqrv
@System@@LStrCat3$qqrv
@System@@LStrLen$qqrx17System@AnsiString
@System@@LStrFromArray$qqrr17System@AnsiStringpci
@System@@LStrAsg$qqrpvpxv
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@InitImports$qqrv
@System@@StartLib$qqrv
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@RaiseExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleAnyException$qqrv
@System@@BeforeDestruction$qqrp14System@TObjectzc
@System@@AfterConstruction$qqrp14System@TObject
@System@@ClassDestroy$qqrp14System@TObject
@System@@ClassCreate$qqrp17System@TMetaClasso
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@AfterConstruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@Free$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrp17System@TMetaClass
@System@@FillChar$qqrpvic
@System@ParamStr$qqri
@System@@FreeMem$qqrpv
@System@@GetMem$qqri
@System@TInterfacedObject@
@$xp$17System@WideString
@$xp$13System@string
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@RaiseLastWin32Error$qqrv
@Sysutils@IncludeTrailingPathDelimiter$qqrx17System@AnsiString
@Sysutils@Exception@$bctr$qqrx17System@AnsiStringpx14System@TVarRecxi
@Sysutils@ExtractFilePath$qqrx17System@AnsiString
@Sysutils@StrToInt$qqrx17System@AnsiString
@Sysutils@IntToStr$qqri
@Sysutils@LowerCase$qqrx17System@AnsiString
@Sysutils@Exception@
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TStringList@SetSorted$qqro
@Classes@TStringList@
@Classes@TList@
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Widestrings@initialization$qqrv
@Widestrings@Finalization$qqrv
@Mapi@initialization$qqrv
@Mapi@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv

kernel32

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
TerminateProcess
Sleep
ReleaseMutex
OpenProcess
LoadLibraryA
GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
FreeLibrary
ExitProcess
CreateMutexA
CloseHandle

user32

SendMessageA
MessageBoxW
MessageBoxA
GetWindowThreadProcessId
FindWindowA

vcl100.bpl

@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Dialogs@TFontDialog@
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@GetExeName$qqrv
@Forms@TApplication@Terminate$qqrv
@Forms@TApplication@ProcessMessages$qqrv
@Forms@Screen
@Forms@Application
@Forms@TFrame@
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Extactns@initialization$qqrv
@Extactns@Finalization$qqrv
@Extdlgs@initialization$qqrv
@Extdlgs@Finalization$qqrv
@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv
@Oleserver@initialization$qqrv
@Oleserver@Finalization$qqrv
@Olectrls@initialization$qqrv
@Olectrls@Finalization$qqrv
@Axctrls@initialization$qqrv
@Axctrls@Finalization$qqrv

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

base.bpl

@Nativexml@initialization$qqrv
@Nativexml@Finalization$qqrv
@Sskinmanager@initialization$qqrv
@Sskinmanager@Finalization$qqrv
@Acntutils@initialization$qqrv
@Acntutils@Finalization$qqrv
@Sconst@initialization$qqrv
@Sconst@Finalization$qqrv
@Sskinprovider@initialization$qqrv
@Sskinprovider@Finalization$qqrv
@Acsbutils@initialization$qqrv
@Acsbutils@Finalization$qqrv
@Acpng@initialization$qqrv
@Acpng@Finalization$qqrv
@Slabel@TSkinLabel@
@Smessages@initialization$qqrv
@Smessages@Finalization$qqrv
@Sstylesimply@initialization$qqrv
@Sstylesimply@Finalization$qqrv
@Sskinmenus@initialization$qqrv
@Sskinmenus@Finalization$qqrv
@Svclutils@initialization$qqrv
@Svclutils@Finalization$qqrv
@Sgraphutils@initialization$qqrv
@Sgraphutils@Finalization$qqrv
@Sdefaults@initialization$qqrv
@Sdefaults@Finalization$qqrv
@Sglyphutils@initialization$qqrv
@Sglyphutils@Finalization$qqrv
@Sthirdparty@initialization$qqrv
@Sthirdparty@Finalization$qqrv
@Acglow@initialization$qqrv
@Acglow@Finalization$qqrv
@Acdials@initialization$qqrv
@Acdials@Finalization$qqrv
@Scalcunit@initialization$qqrv
@Scalcunit@Finalization$qqrv
@Sdateutils@initialization$qqrv
@Sdateutils@Finalization$qqrv
@Scombobox@TSkinComboBox@
@Sedit@TSkinEdit@
@Scomboboxes@initialization$qqrv
@Scomboboxes@Finalization$qqrv
@Sdialogs@initialization$qqrv
@Sdialogs@Finalization$qqrv
@Sgradient@initialization$qqrv
@Sgradient@Finalization$qqrv
@Rvscroll@initialization$qqrv
@Rvscroll@Finalization$qqrv
@Rvstr@initialization$qqrv
@Rvstr@Finalization$qqrv
@Rvxptheme@initialization$qqrv
@Rvxptheme@Finalization$qqrv
@Rvitem@initialization$qqrv
@Rvitem@Finalization$qqrv
@Rvstyle@initialization$qqrv
@Rvstyle@Finalization$qqrv
@Rvdocparams@initialization$qqrv
@Rvdocparams@Finalization$qqrv
@Rvuni@initialization$qqrv
@Rvuni@Finalization$qqrv
@Rvfmisc@initialization$qqrv
@Rvfmisc@Finalization$qqrv
@Rvfuncs@initialization$qqrv
@Rvfuncs@Finalization$qqrv
@Crvdata@initialization$qqrv
@Crvdata@Finalization$qqrv
@Richview@initialization$qqrv
@Richview@Finalization$qqrv
@Rvseqitem@initialization$qqrv
@Rvseqitem@Finalization$qqrv
@Rvlabelitem@initialization$qqrv
@Rvlabelitem@Finalization$qqrv
@Rvrtf@initialization$qqrv
@Rvrtf@Finalization$qqrv
@Rvtable@initialization$qqrv
@Rvtable@Finalization$qqrv
@Rvanimate@initialization$qqrv
@Rvanimate@Finalization$qqrv
@Rvnote@initialization$qqrv
@Rvnote@Finalization$qqrv
@Regexpr@initialization$qqrv
@Regexpr@Finalization$qqrv
@Rvgifanimate@initialization$qqrv
@Rvgifanimate@Finalization$qqrv
@Urlscan@initialization$qqrv
@Urlscan@Finalization$qqrv
@Slistview@initialization$qqrv
@Slistview@Finalization$qqrv
@Slistview@TSkinListView@
@Slistbox@TSkinListBox@
@Streeview@TSkinTreeView@
@Ocsflatpager@TOCSFlatPager@
@Gnugettext@initialization$qqrv
@Gnugettext@Finalization$qqrv
@Rzcommon@initialization$qqrv
@Rzcommon@Finalization$qqrv
@Rzbutton@initialization$qqrv
@Rzbutton@Finalization$qqrv
@Rzpopups@initialization$qqrv
@Rzpopups@Finalization$qqrv
@Rzcmbobx@initialization$qqrv
@Rzcmbobx@Finalization$qqrv
@Rzborder@initialization$qqrv
@Rzborder@Finalization$qqrv

core.bpl

@Tntclasses@initialization$qqrv
@Tntclasses@Finalization$qqrv
@Tntsysutils@initialization$qqrv
@Tntsysutils@Finalization$qqrv
@Tntsystem@initialization$qqrv
@Tntsystem@Finalization$qqrv
@Tntforms@initialization$qqrv
@Tntforms@Finalization$qqrv
@Tntcontrols@initialization$qqrv
@Tntcontrols@Finalization$qqrv
@Tntmenus@initialization$qqrv
@Tntmenus@Finalization$qqrv
@Tntwindows@initialization$qqrv
@Tntwindows@Finalization$qqrv
@Tntdialogs@initialization$qqrv
@Tntdialogs@Finalization$qqrv
@Tntstdctrls@TTntLabel@
@Tntstdctrls@TTntEdit@
@Tntclipbrd@initialization$qqrv
@Tntclipbrd@Finalization$qqrv
@Udebug@initialization$qqrv
@Udebug@Finalization$qqrv
@Udebug@TDebug@Show$qqr17System@AnsiString
@Udebug@Debug
@Gdiptypes@initialization$qqrv
@Gdiptypes@Finalization$qqrv
@Gdiplus@initialization$qqrv
@Gdiplus@Finalization$qqrv
@Tntcomctrls@initialization$qqrv
@Tntcomctrls@Finalization$qqrv
@Gifimage@initialization$qqrv
@Gifimage@Finalization$qqrv
@Tntinifiles@initialization$qqrv
@Tntinifiles@Finalization$qqrv
@Gdipobj@initialization$qqrv
@Gdipobj@Finalization$qqrv
@Pngimage@initialization$qqrv
@Pngimage@Finalization$qqrv

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
WSAStartup
gethostname
gethostbyname

vcljpg100.bpl

@Jpeg@initialization$qqrv
@Jpeg@Finalization$qqrv

net.bpl

@Embeddedwb@initialization$qqrv
@Embeddedwb@Finalization$qqrv
@Ewbacc@initialization$qqrv
@Ewbacc@Finalization$qqrv
@Ewb.ieconst@initialization$qqrv
@Ewb.ieconst@Finalization$qqrv
@Shdocvw_ewb@initialization$qqrv
@Shdocvw_ewb@Finalization$qqrv
@Ewbcore@initialization$qqrv
@Ewbcore@Finalization$qqrv
@Ewbtools@initialization$qqrv
@Ewbtools@Finalization$qqrv
@Browse4folder@initialization$qqrv
@Browse4folder@Finalization$qqrv

Exports

Exports

GetPlugFileInfo
GetPlugIntf

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 228B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84038ff2406643482f65e79cc2decada

Headers

File Characteristics

Imports

rtl100.bpl

kernel32

user32

vcl100.bpl

shell32

base.bpl

core.bpl

iphlpapi

ws2_32

vcljpg100.bpl

net.bpl

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.itext Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 236B

.bss Size: - Virtual size: 228B

.idata Size: 18KB - Virtual size: 17KB

.edata Size: 512B - Virtual size: 102B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 13KB - Virtual size: 12KB

.itext
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 236B

.bss
Size: - Virtual size: 228B

.idata
Size: 18KB - Virtual size: 17KB

.edata
Size: 512B - Virtual size: 102B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 22KB - Virtual size: 22KB