77588a995f5ec453550a88b9cba84b90_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

77588a995f5ec453550a88b9cba84b90_NeikiAnalytics.exe
Size

289KB
MD5

77588a995f5ec453550a88b9cba84b90
SHA1

3fb9b346364f0b9ab5c281372b2629875bd314c1
SHA256

d3baf2ba3a6d48ebbf6a9d2679ba6fe4e47b062845b6b83b61a5873a8bccbefe
SHA512

e8a7dcec22edee5bfba5ebd4cd895fb27a76b0dfb5b87a4e66c301454617ae89e6f22468f17b77ed6cad359c2bd55de42d391d71b48a2829470560016258b664
SSDEEP

3072:w90B50j2CDDIEc3wC/pr3S633f27GQmv2CRtK79WGMp9KeHnsqqcU+X9SeTAwv/r:XI2CAEmpr3Ksm8HPqeNSe3v/OBOJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77588a995f5ec453550a88b9cba84b90_NeikiAnalytics.exe

Files

77588a995f5ec453550a88b9cba84b90_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

bcf9f32bed919997efc399bd90c010d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Lee\Desktop\SDK4.6\Inspections\Mcnex\mcCommon_Item\mc_A5A7_16m_Dump\x64\Debug\mc_A5A7_Dumpd.pdb

Imports

isbase

??4KEY@CisBinManager@@QEAAAEBV01@AEBV01@@Z
??0KEY@CisBinManager@@QEAA@PEBVCisInspection@@PEBDAEBW4BIN_TYPE@1@@Z
?SetOptionDialog@CisInspection@@IEAAPEAUHWND__@@PEAU2@@Z
??0KEY@CisBinManager@@QEAA@XZ
??0CisInspection@@QEAA@PEBDW4IVI_INSPECTION_TYPE@0@W4IVI_INSPECTION_METHOD@0@PEAVCisInterface@@PEAUHWND__@@4@Z
?GetIcon@CisInspection@@UEBAQEAUHICON__@@XZ
?GetReportComparators@CisInspection@@UEAAPEBDXZ
?SaveOptions@CisInspection@@UEAAHXZ
?LoadOptions@CisInspection@@UEAAHXZ
?Initialize@CisInspection@@MEAAHXZ
?Finalize@CisInspection@@MEAAXXZ
?GetInspectionResult@CisInspection@@QEBAHXZ
?SetInspectionResult@CisInspection@@IEAAXH@Z
?GetName@CisInspection@@QEBAPEBDXZ
??1CisInspection@@UEAA@XZ

imgproc

?copyFrom@CImageProcessor@@QEAAXPEAV1@@Z
?RankFilter@CImageProcessor@@QEAAXNH@Z
?getAutoThreshold@CImageProcessor@@QEAAHXZ

isafx60

?IsFileExist@CPublic@@SAHPEBD@Z
?SetInt@CProfile@@QEAAXPEBD0H@Z
??1CRegistry@@UEAA@XZ
?MakeSurePathExists@CPublic@@SAHAEAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetInt@CProfile@@QEAAHPEBD0H@Z
??0CExProfile@@QEAA@PEBD@Z
?GetDouble@CProfile@@QEAANPEBD0N@Z
??0CProfile@@QEAA@PEBD@Z
??1CPublic@@UEAA@XZ
?SetDouble@CProfile@@QEAAXPEBD0N@Z

isext60

?SetWindowTextA@CGradientStatic@@QEAAXPEBD@Z
??0CGradientStatic@@QEAA@XZ
??1CGradientStatic@@UEAA@XZ

mfc90d

ord1363
ord5420
ord7771
ord2711
ord2756
ord6161
ord8887
ord5412
ord8889
ord5754
ord5796
ord904
ord926
ord5444
ord681
ord916
ord1424
ord3167
ord306
ord911
ord698
ord1525
ord2586
ord334
ord712
ord364
ord2582
ord707
ord4767
ord2386
ord353
ord1167
ord756
ord3209
ord430
ord2074
ord5604
ord7660
ord2023
ord7403
ord4176
ord7057
ord753
ord427
ord5901
ord7560
ord3497
ord1465
ord2081
ord311
ord4224
ord8684
ord4220
ord7232
ord7234
ord5638
ord6427
ord7244
ord7209
ord7754
ord4077
ord6330
ord6089
ord2973
ord1806
ord4761
ord675
ord5217
ord316
ord269
ord270
ord8841
ord2537
ord2549
ord2457
ord2556
ord4608
ord2611
ord7144
ord3201
ord942
ord4175
ord659
ord3016
ord7601
ord1084
ord1228
ord1168
ord1100
ord890
ord6439
ord3953
ord5928
ord4212
ord2286
ord3279
ord1109
ord5345
ord7802
ord5175
ord2700
ord2458
ord924
ord7175
ord6031
ord6649
ord6823
ord2713
ord2306
ord7071
ord2152
ord2151
ord4397
ord8329
ord2238
ord2235
ord5634
ord1965
ord6070
ord2572
ord7036
ord8886
ord6001
ord7199
ord3077
ord1849
ord4898
ord6635
ord6111
ord2206
ord8407
ord7250
ord7248
ord1193
ord1198
ord1202
ord1200
ord1204
ord3365
ord8819
ord7473
ord3385
ord3369
ord3375
ord3373
ord3371
ord3388
ord3383
ord3367
ord1628
ord2583
ord5645
ord5033
ord1590
ord1588
ord1617
ord1517
ord8718
ord1468
ord1577
ord413
ord1382
ord1487
ord1446
ord1627
ord1625
ord1480
ord1398
ord1467
ord335
ord922
ord699
ord909
ord3390
ord3378
ord3360
ord3362
ord3380
ord3088
ord3075
ord2115
ord8890
ord5413
ord8888
ord4778
ord6919
ord8287
ord4239
ord1911
ord7168
ord2644
ord2283
ord2282
ord2205
ord7196
ord3603
ord3900
ord4074
ord6142
ord3877
ord4102
ord3606
ord3780
ord3598
ord5282
ord5283
ord5273
ord3778
ord5641
ord6335
ord6090
ord2866
ord1718
ord7887
ord394
ord322
ord434
ord945
ord728
ord687
ord759
ord4972
ord917
ord2305
ord5446
ord4771

msvcr90d

wcscpy
strcpy
free
_CrtDbgReport
_errno
_snprintf_s
_localtime64_s
_gmtime64_s
_CrtDbgReportW
_mktime64
_time64
floor
atoi
fclose
fwrite
_vsnprintf_s
_vsnwprintf_s
fopen
memset
_CxxThrowException
memcpy
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
strtol
malloc
_purecall
_CRT_RTC_INITW
wcslen
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_dbg
_free_dbg
_encoded_null
_CrtSetCheckCount
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CxxFrameHandler3
__crt_debugger_hook
__clean_type_info_names_internal

kernel32

RaiseException
IsDebuggerPresent
LocalAlloc
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
LocalFree
GetFileSize
ReadFile
RtlLookupFunctionEntry
RtlCaptureContext
CreateFileA
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
WriteFile
CloseHandle
Sleep
DeleteFileA
GetTickCount
CreateDirectoryA
CopyFileA
GetLocalTime
HeapFree

user32

IntersectRect
EqualRect
SetRectEmpty
OffsetRect
InflateRect
MessageBoxA
GetDC
ReleaseDC
GetSystemMetrics
CopyRect
IsRectEmpty
PtInRect
SetRect
UnionRect
SubtractRect

gdi32

BitBlt
DeleteDC
CreateCompatibleDC
SelectObject
SetBkMode
CreateDIBSection
GetDeviceCaps
DeleteObject

shell32

ShellExecuteA

ole32

CoInitialize

oleaut32

SysFreeString

msvcp90d

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Exports

Exports

??0CExProfile@@QEAA@AEBV0@@Z
??0CExRect@@QEAA@AEBUtagPOINT@@@Z
??0CExRect@@QEAA@AEBUtagRECT@@@Z
??0CExRect@@QEAA@AEBVCPoint@@@Z
??0CExRect@@QEAA@AEBVCRect@@@Z
??0CExRect@@QEAA@HHHH@Z
??0CExRect@@QEAA@XZ
??0CProfile@@QEAA@AEBV0@@Z
??0CPublic@@QEAA@AEBV0@@Z
??0CRegistry@@QEAA@AEBV0@@Z
??0CisBinManager@@QEAA@AEBV0@@Z
??0CisBinManager@@QEAA@XZ
??0CisInspection@@QEAA@AEBV0@@Z
??0CisInterface@@QEAA@AEBV0@@Z
??0CisInterface@@QEAA@XZ
??0CisLogger@@QEAA@AEBV0@@Z
??0CisLogger@@QEAA@XZ
??0CisLotInfo@@QEAA@AEBV0@@Z
??0CisLotInfo@@QEAA@XZ
??1CExProfile@@QEAA@XZ
??1CProfile@@QEAA@XZ
??4CExProfile@@QEAAAEAV0@AEBV0@@Z
??4CExRect@@QEAAAEAV0@AEBUtagPOINT@@@Z
??4CExRect@@QEAAAEAV0@AEBUtagRECT@@@Z
??4CExRect@@QEAAAEAV0@AEBV0@@Z
??4CExRect@@QEAAAEAV0@AEBVCRect@@@Z
??4CImageProcessor@@QEAAXAEAV0@@Z
??4CImageProcessor@@QEAAXN@Z
??4CProfile@@QEAAAEAV0@AEBV0@@Z
??4CPublic@@QEAAAEAV0@AEBV0@@Z
??4CRegistry@@QEAAAEAV0@AEBV0@@Z
??4CisBinManager@@QEAAAEAV0@AEBV0@@Z
??4CisInterface@@QEAAAEAV0@AEBV0@@Z
??4CisLogger@@QEAAAEAV0@AEBV0@@Z
??4CisLotInfo@@QEAAAEAV0@AEBV0@@Z
??5CExRect@@QEAA?AV0@H@Z
??6CExRect@@QEAA?AV0@H@Z
??XCExRect@@QEAAAEAV0@AEBUtagPOINT@@@Z
??XCImageProcessor@@QEAAXAEAV0@@Z
??XCImageProcessor@@QEAAXN@Z
??YCImageProcessor@@QEAAXAEAV0@@Z
??YCImageProcessor@@QEAAXN@Z
??ZCImageProcessor@@QEAAXAEAV0@@Z
??ZCImageProcessor@@QEAAXN@Z
??_0CImageProcessor@@QEAAXAEAV0@@Z
??_0CImageProcessor@@QEAAXN@Z
??_2CExRect@@QEAAAEAV0@H@Z
??_3CExRect@@QEAAAEAV0@H@Z
??_4CImageProcessor@@QEAAXAEAV0@@Z
??_4CImageProcessor@@QEAAXN@Z
??_5CImageProcessor@@QEAAXAEAV0@@Z
??_5CImageProcessor@@QEAAXN@Z
??_6CImageProcessor@@QEAAXAEAV0@@Z
??_6CImageProcessor@@QEAAXN@Z
??_7CPublic@@6B@
??_7CRegistry@@6B@
??_7CisBinManager@@6B@
??_7CisInspection@@6B@
??_7CisInterface@@6B@
??_7CisLogger@@6B@
??_7CisLotInfo@@6B@
??_FCExProfile@@QEAAXXZ
??_FCProfile@@QEAAXXZ
?Add@CImageProcessor@@QEAAXH@Z
?Add@CImageProcessor@@QEAAXN@Z
?And@CImageProcessor@@QEAAXH@Z
?Average@CImageProcessor@@QEAANXZ
?ConfineRect@CExRect@@QEAAXAEAV1@@Z
?ConfineRect@CExRect@@QEAAXHHHH@Z
?Dilate@CImageProcessor@@QEAAXXZ
?Erode@CImageProcessor@@QEAAXXZ
?Fill@CImageProcessor@@QEAAXN@Z
?FindEdges@CImageProcessor@@QEAAXXZ
?Gamma@CImageProcessor@@QEAAXN@Z
?GetArea@CExRect@@QEAAJXZ
?GetColor@CGradientStatic@@QEBAKXZ
?GetFont@CGradientStatic@@QEBAPEAVCFont@@XZ
?GetGradientColor@CGradientStatic@@QEBAKXZ
?GetTExtSpacing@CGradientStatic@@QEBAHXZ
?GetTextAlign@CGradientStatic@@QEBA?AW4TEXT_ALIGN@1@XZ
?GetTextColor@CGradientStatic@@QEBAKXZ
?Invert@CImageProcessor@@QEAAXXZ
?IsInside@CExRect@@QEAAHAEAVCPoint@@@Z
?IsInside@CExRect@@QEAAHAEAVCRect@@@Z
?IsInside@CExRect@@QEAAHHH@Z
?Log@CImageProcessor@@QEAAXXZ
?Maximum@CImageProcessor@@QEAAXN@Z
?MeanRank@CImageProcessor@@QEAAXN@Z
?MedianFilter@CImageProcessor@@QEAAXXZ
?MedianRank@CImageProcessor@@QEAAXN@Z
?Minimum@CImageProcessor@@QEAAXN@Z
?Multiply@CImageProcessor@@QEAAXN@Z
?Or@CImageProcessor@@QEAAXH@Z
?Outline@CImageProcessor@@QEAAXXZ
?ScaleRect@CExRect@@QEAAXNN@Z
?SetCB@CExRect@@QEAAXHH@Z
?SetCT@CExRect@@QEAAXHH@Z
?SetCenter@CExRect@@QEAAXHH@Z
?SetColor@CGradientStatic@@QEAAXK@Z
?SetFont@CGradientStatic@@QEAAXPEAVCFont@@H@Z
?SetGradientColor@CGradientStatic@@QEAAXK@Z
?SetLB@CExRect@@QEAAXHH@Z
?SetLC@CExRect@@QEAAXHH@Z
?SetLT@CExRect@@QEAAXHH@Z
?SetRB@CExRect@@QEAAXHH@Z
?SetRC@CExRect@@QEAAXHH@Z
?SetRT@CExRect@@QEAAXHH@Z
?SetTextAlign@CGradientStatic@@QEAAXW4TEXT_ALIGN@1@@Z
?SetTextColor@CGradientStatic@@QEAAXK@Z
?SetTextSpacing@CGradientStatic@@QEAAXH@Z
?Smooth@CImageProcessor@@QEAAXXZ
?Sqr@CImageProcessor@@QEAAXXZ
?Sqrt@CImageProcessor@@QEAAXXZ
?StdDev@CImageProcessor@@QEAANXZ
?Subtract@CImageProcessor@@QEAAXH@Z
?Subtract@CImageProcessor@@QEAAXN@Z
?Sum@CImageProcessor@@QEAANXZ
?Xor@CImageProcessor@@QEAAXH@Z
?autoThreshold@CImageProcessor@@QEAAXXZ
?flipHorizontal@CImageProcessor@@UEAAXXZ
?getBitPerPixel@CImageProcessor@@QEAAHXZ
?getHeight@CImageProcessor@@QEAAHXZ
?getHistogramSize@CImageProcessor@@QEAAHXZ
?getPixels@CImageProcessor@@QEAAPEAXXZ
?getProcType@CImageProcessor@@QEAA?AW4IMAGE_PROCESSOR_TYPE@1@XZ
?getRoi@CImageProcessor@@QEAAAEAVCRect@@XZ
?getWidth@CImageProcessor@@QEAAHXZ
?setBinaryBackground@CImageProcessor@@UEAAXH@Z
?setBitPerPixel@CImageProcessor@@QEAAXH@Z
?setFilterEdgeType@CImageProcessor@@QEAAXH@Z
CreateInspection

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcf9f32bed919997efc399bd90c010d4

Headers

File Characteristics

PDB Paths

Imports

isbase

imgproc

isafx60

isext60

mfc90d

msvcr90d

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp90d

version

advapi32

Exports

Exports

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 11KB - Virtual size: 10KB

.idata Size: 15KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 11KB - Virtual size: 10KB

.idata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB