ac2c74a362eeb3e8423eab5cf8ab8800_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ac2c74a362eeb3e8423eab5cf8ab8800_NeikiAnalytics.exe
Size

386KB
MD5

ac2c74a362eeb3e8423eab5cf8ab8800
SHA1

b481528bb95d830e0a8a6c3504753b09d7f6c46d
SHA256

c0e2c8dcb5c9e06916a8f1af87e2983893111430506d67b1ca9093e32f4d252e
SHA512

61fa989d5a4e1228c2ee43a27feefa95df35471675c4dba4992d1ca28360ab85c0e10aeaed4b2949f59140742955211dcd1a61bab91b6aada788f5f7b04a7645
SSDEEP

12288:MNZNhNuvbhYqQmU37uyVDNQBthcNDEertCfqpsKHuhC/nhburbgmREP7+Kx5iNL/:7UIpEdwN8S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac2c74a362eeb3e8423eab5cf8ab8800_NeikiAnalytics.exe

Files

ac2c74a362eeb3e8423eab5cf8ab8800_NeikiAnalytics.exe
.exe windows:1 windows x86 arch:x86

8c2131b8ae071ad7ed1f33936b615b3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

c55dosx

DOS

c55runx

Cla$ACCEPTED
Cla$ADDqueue
Cla$ADDqueuekey
Cla$CHANGE
Cla$CHOICE
Cla$CLEAR
Cla$clearstr
Cla$ClearType
Cla$CLOSEwindow
Cla$code
Cla$comparestr
Cla$CopyFile
Cla$DecDistinct
Cla$DecDistinctR
Cla$DESTROY
Cla$DISABLE
Cla$DISPLAY
Cla$DISPOSEqueue
Cla$DISPOSEref
Cla$DPopLong
Cla$DPushLong
Cla$duplicate
Cla$ENABLE
Cla$EndEventLoop
Cla$EndEventLoops
Cla$ERRCODE
Cla$EVENT
Cla$FILE_ADDf
Cla$FILE_CLEAR
Cla$FILE_CLOSE
Cla$FILE_CREATE
Cla$FILE_DELETE
Cla$FILE_GETfk
Cla$FILE_NEXT
Cla$FILE_OPEN
Cla$FILE_PUTf
Cla$FILE_RECORDSf
Cla$FILE_SETf
Cla$FILE_SETkk
Cla$FILE_SET_PROPERTY
Cla$FILE_SHARE
Cla$FIRSTFIELD
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GETINI
Cla$GetPropS
Cla$GETqueuekey
Cla$GETqueueptr
Cla$HELP
Cla$HIDE
Cla$init
Cla$LASTFIELD
Cla$longtostr
Cla$Mem2Ufo
Cla$MessageBox
Cla$NewMemT
Cla$NewMemZ
Cla$NEWqueue
Cla$OPENwindow
Cla$POINTERqueue
Cla$PopCString
Cla$PopReal
Cla$PopString
Cla$PopTemp
Cla$POST
Cla$PushCString
Cla$PushLong
Cla$PushString
Cla$PUTqueue
Cla$pwopen
Cla$RECORDSqueue
Cla$SELECT
Cla$SETCURSOR
Cla$SetPropS
Cla$SetPropV
Cla$Stack2DStack
Cla$StackALL
Cla$StackCLIP
Cla$StackCompareNEQ
Cla$StackConcat
Cla$StackConcatR
Cla$StackCONTENTS
Cla$StackErrstr
Cla$StackHeap
Cla$StackINSTRING
Cla$StackLen
Cla$STACKpop
Cla$StackRotate
Cla$StackSUB
Cla$StackUPPER
Cla$StartEventLoop
Cla$STOP
Cla$storecstr
Cla$storestr
Cla$TODAY
Cla$UNHIDE
Cla$UPDATE
Wsl$CloseDown
_exit
_free
_longjmp
_malloc
_setjmp
__checkversion
__e_index
__sysinit

c55tpsx

TOPSPEED

kernel32

FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
OutputDebugStringA

tmapp7

O_IMPORT$BBACCESS@FsbsbBq9_TPLQUEUE

tmdata7

$BILLMAT
$CONTROL
$CURUSER
$FCONTACT
$FEVENT
$FMATTER
$FNOTES
$FTODO
$FUSERID
$LICMGR
$PROPERTY
$SYSPREF
$USERID
CHKCODE@FRsb9_CODELIST
CONSTRUCT@F7_LICMGR
DEFORMATDATE@Fsb
DEFORMATTIME@Fsb
DEMOHLP@FsbOsbOsb
DESTRUCT@F7_LICMGR
DICTINIT@F
DMSG@FsbOsb
ENABLERANGE@Fsss
EXPANDPROMPTMACROS@Fs
FEATUREON@FsOs
GETFIELDPROP@FsbssbPgs
GETHELPFILENAME@F
GETPREFVALUE@Fsbsb
GETPRODUCTDESC@F
GETSIDEBARGRAPHIC@F
INIT@F12TMBILLMATMGR
INIT@F6TMPREF
INIT@F7_LICMGR
ISFOCUS@FUc
ISGRP@Fsb
ISTM@F
LOADCODES@Fsb9_CODELISTUcUc
LOADLICENSE@F7_LICMGRUcUc
LOADPROPFILE@FOsb
MOVECONTROLS@F9_CONTROLQssOsOsOs
PARSEPAIRS@FsbBq
SELECTCODE@FsbRsb9_CODELISTOsPsb
SETFMAN@Fsb
SPLITSTRING@FsbBqOsb
TRIMLASTCHAR@FRsbOsb
TYPE$TMBILLMATMGR
TYPE$_LICMGR
USERID$UID:RECORD
VALIDCODE@FRsb9_CODELISTRsbsPsb
VMT$TMBILLMATMGR
VMT$_LICMGR

user32

MessageBoxA

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c2131b8ae071ad7ed1f33936b615b3c

Headers

File Characteristics

Imports

c55dosx

c55runx

c55tpsx

kernel32

tmapp7

tmdata7

user32

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 21KB - Virtual size: 61KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 179KB - Virtual size: 179KB

.reloc Size: 11KB - Virtual size: 10KB

.rdata Size: 512B - Virtual size: 28B

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 21KB - Virtual size: 61KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 179KB - Virtual size: 179KB

.reloc
Size: 11KB - Virtual size: 10KB

.rdata
Size: 512B - Virtual size: 28B