ab6b57ad7beac8543f63e1445a76ee90_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ab6b57ad7beac8543f63e1445a76ee90_NeikiAnalytics.exe
Size

105KB
MD5

ab6b57ad7beac8543f63e1445a76ee90
SHA1

e2725ba083b85e91b21e4d57b62858816d0f1089
SHA256

9ef9430dcf226b854e4bee36545dc57bb3907e3a2efb6dea0c20d70b4171c2ae
SHA512

9e79d67e3ee4112f627959770006e7fb248b1ddaf8cfd031324839dc2baad56b6b1680020583ea2673fe57cd75cf533c479b16656fedd0257475a49e0d8e161e
SSDEEP

1536:kTms/EONzIwhCyXXyVIbg9j4qN9Opm/RgxaDfR:kTms/VNzIwgyHyV+glHjOpmqx0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab6b57ad7beac8543f63e1445a76ee90_NeikiAnalytics.exe

Files

ab6b57ad7beac8543f63e1445a76ee90_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

558242d5a6fe547279d6dbdbaf62052e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

h:\IsMedia\SW_4.6\customer\MCN_root\Inspections\Controller\isChartAlignV3\x64\Release\isChartAlignV3.pdb

Imports

isbase

?SaveOptions@CisInspection@@UEAAHXZ
?Initialize@CisInspection@@MEAAHXZ
?GetOption_ImageAcquisition@CisInspection@@QEBAPEBVCisOption_ImageAcquisition@1@XZ
??1CisInspection@@UEAA@XZ
??4KEY@CisBinManager@@QEAAAEBV01@AEBV01@@Z
??0KEY@CisBinManager@@QEAA@PEBVCisInspection@@PEBDAEBW4BIN_TYPE@1@@Z
?SetOptionDialog@CisInspection@@IEAAPEAUHWND__@@PEAU2@@Z
??0KEY@CisBinManager@@QEAA@XZ
??0CisInspection@@QEAA@PEBDW4IVI_INSPECTION_TYPE@0@W4IVI_INSPECTION_METHOD@0@PEAVCisInterface@@PEAUHWND__@@4@Z
?GetIcon@CisInspection@@UEBAQEAUHICON__@@XZ
?GetInspectionResult@CisInspection@@QEBAHXZ
?Finalize@CisInspection@@MEAAXXZ
?GetOptionDialog@CisInspection@@QEBAQEAUHWND__@@XZ
?SetInspectionResult@CisInspection@@IEAAXH@Z
?LoadOptions@CisInspection@@UEAAHXZ
?GetName@CisInspection@@QEBAPEBDXZ

imgproc

??1CByteProcessor@@UEAA@XZ
?compute@CByteProcessor@@UEAANHN@Z
?calculate@CByteProcessor@@UEAAXHPEAVCImageProcessor@@0@Z
?process@CByteProcessor@@UEAAXHN@Z
?convolve5x5@CByteProcessor@@UEAAXPEAHH@Z
?convolve3x3@CByteProcessor@@UEAAXPEAHHH@Z
?filterDynamic@CByteProcessor@@UEAAXHHH@Z
?thresholdByBG@CByteProcessor@@UEAAXNN@Z
?threshold@CByteProcessor@@UEAAXNN@Z
?threshold@CByteProcessor@@UEAAXNNN@Z
?getHistogram@CByteProcessor@@UEAAPEAHHH@Z
?getMin@CByteProcessor@@UEAANXZ
?getSizeBytes@CImageProcessor@@QEAAHXZ
??0CWordProcessor@@QEAA@HH@Z
?GetRuntimeClass@CWordProcessor@@UEBAPEAUCRuntimeClass@@XZ
?createProcessor@CWordProcessor@@UEAAPEAVCImageProcessor@@HHPEAX@Z
?createProcessor@CWordProcessor@@UEAAPEAVCImageProcessor@@XZ
?duplicate@CWordProcessor@@UEAAPEAVCImageProcessor@@XZ
?crop@CWordProcessor@@UEAAPEAVCImageProcessor@@PEAUtagRECT@@@Z
?inflate@CWordProcessor@@UEAAPEAVCImageProcessor@@PEAUtagRECT@@H@Z
?resize@CWordProcessor@@UEAAPEAVCImageProcessor@@HHH@Z
?getLine@CWordProcessor@@UEAAPEAXH@Z
?getPixel@CWordProcessor@@UEAAHH@Z
?getPixel@CWordProcessor@@UEAAHHH@Z
?putPixel@CWordProcessor@@UEAAXHH@Z
?putPixel@CWordProcessor@@UEAAXHHH@Z
?Get2d@CWordProcessor@@UEAAXHHHHPEAXJ@Z
?getValue@CWordProcessor@@UEAANH@Z
?getValue@CWordProcessor@@UEAANHH@Z
?putValue@CWordProcessor@@UEAAXHN@Z
?putValue@CWordProcessor@@UEAAXHHN@Z
?flipHorizontal@CWordProcessor@@UEAAXXZ
?SaveFile@CImageProcessor@@UEAAHPEBD@Z
?findMinAndMax@CWordProcessor@@UEAAXXZ
?resetMinAndMax@CWordProcessor@@UEAAXXZ
?getMax@CWordProcessor@@UEAANXZ
?getMin@CWordProcessor@@UEAANXZ
?getHistogram@CWordProcessor@@UEAAPEAHHH@Z
?threshold@CWordProcessor@@UEAAXNNN@Z
?threshold@CWordProcessor@@UEAAXNN@Z
?thresholdByBG@CWordProcessor@@UEAAXNN@Z
?filter@CWordProcessor@@UEAAXH@Z
?filterDynamic@CWordProcessor@@UEAAXHHH@Z
?setBinaryBackground@CImageProcessor@@UEAAXH@Z
?convolve3x3@CWordProcessor@@UEAAXPEAHHH@Z
?convolve5x5@CWordProcessor@@UEAAXPEAHH@Z
?process@CWordProcessor@@UEAAXHN@Z
?calculate@CWordProcessor@@UEAAXHPEAVCImageProcessor@@0@Z
?compute@CWordProcessor@@UEAANHN@Z
??1CWordProcessor@@UEAA@XZ
??0CExRect@@QEAA@XZ
?Invert@CImageProcessor@@QEAAXXZ
?getAutoThreshold@CImageProcessor@@QEAAHXZ
??0CExRect@@QEAA@HHHH@Z
?SetCenter@CExRect@@QEAAXHH@Z
??0CByteProcessor@@QEAA@HH@Z
?GetThisClass@CByteProcessor@@SAPEAUCRuntimeClass@@XZ
?GetRuntimeClass@CByteProcessor@@UEBAPEAUCRuntimeClass@@XZ
?createProcessor@CByteProcessor@@UEAAPEAVCImageProcessor@@HHPEAX@Z
?createProcessor@CByteProcessor@@UEAAPEAVCImageProcessor@@XZ
?duplicate@CByteProcessor@@UEAAPEAVCImageProcessor@@XZ
?crop@CByteProcessor@@UEAAPEAVCImageProcessor@@PEAUtagRECT@@@Z
?inflate@CByteProcessor@@UEAAPEAVCImageProcessor@@PEAUtagRECT@@H@Z
?resize@CByteProcessor@@UEAAPEAVCImageProcessor@@HHH@Z
?getLine@CByteProcessor@@UEAAPEAXH@Z
?getPixel@CByteProcessor@@UEAAHH@Z
?getPixel@CByteProcessor@@UEAAHHH@Z
?putPixel@CByteProcessor@@UEAAXHH@Z
?putPixel@CByteProcessor@@UEAAXHHH@Z
?Get2d@CByteProcessor@@UEAAXHHHHPEAXJ@Z
?getValue@CByteProcessor@@UEAANH@Z
?getValue@CByteProcessor@@UEAANHH@Z
?putValue@CByteProcessor@@UEAAXHN@Z
?putValue@CByteProcessor@@UEAAXHHN@Z
?flipHorizontal@CByteProcessor@@UEAAXXZ
?findMinAndMax@CByteProcessor@@UEAAXXZ
?resetMinAndMax@CByteProcessor@@UEAAXXZ
?getMax@CByteProcessor@@UEAANXZ
?filter@CByteProcessor@@UEAAXH@Z

isafx60

??0CProfile@@QEAA@PEBD@Z
?GetDouble@CProfile@@QEAANPEBD0N@Z
??0CRegistry@@QEAA@QEAUHKEY__@@@Z
?SetInt@CProfile@@QEAAXPEBD0H@Z
?SetDouble@CProfile@@QEAAXPEBD0N@Z
?GetInt@CProfile@@QEAAHPEBD0H@Z
??1CRegistry@@UEAA@XZ
?SetDouble@CRegistry@@QEAAHPEBD0N@Z
??1CProfile@@QEAA@XZ

isext60

??1CExListCtrl@@UEAA@XZ
??0CExListCtrl@@QEAA@XZ

mfc90

ord5191
ord1954
ord5272
ord4336
ord1434
ord4039
ord1659
ord1662
ord6041
ord3133
ord1581
ord2136
ord4196
ord1517
ord1977
ord602
ord617
ord362
ord3265
ord4364
ord5323
ord4346
ord1433
ord6038
ord3131
ord1713
ord1714
ord2067
ord5003
ord4846
ord4313
ord5302
ord1840
ord1931
ord1919
ord1839
ord1926
ord4689
ord2725
ord1516
ord6366
ord589
ord3852
ord798
ord316
ord3732
ord1215
ord1213
ord1060
ord3293
ord1149
ord2380
ord1980
ord3245
ord1311
ord1520
ord5521
ord2533
ord923
ord2185
ord919
ord3338
ord1209
ord5437
ord6417
ord4045
ord5448
ord6428
ord320
ord771
ord3682
ord577
ord4586
ord2907
ord5684
ord5333
ord5350
ord4677
ord4041
ord5346
ord5344
ord3002
ord1966
ord3923
ord6406
ord6348
ord5220
ord1023
ord3897
ord5701
ord2065
ord2110
ord4429
ord6407
ord3892
ord6409
ord4112
ord4136
ord1071
ord2303
ord3774
ord4833
ord4384
ord1636
ord6086
ord5355
ord5353
ord936
ord941
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2602
ord2797
ord2904
ord4410
ord2780
ord2932
ord2605
ord2711
ord2598
ord3069
ord3809
ord3810
ord3800
ord2709
ord4042
ord4591
ord4363
ord3253
ord583
ord1585
ord265
ord266
ord779
ord321
ord776
ord778
ord4285
ord5499
ord3488
ord5334
ord592
ord1239
ord1963
ord1205
ord1203
ord1229
ord1146
ord1195
ord379
ord1118
ord1238
ord1236
ord1111
ord1052
ord1103
ord380

msvcr90

??0exception@std@@QEAA@AEBQEBD@Z
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
__C_specific_handler
memcpy_s
atan
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
__CxxFrameHandler3
??0exception@std@@QEAA@XZ
cos
sin
memcpy
memset
sqrt
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
_unlock

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LocalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
LocalAlloc
GetSystemTimeAsFileTime

user32

EnableWindow
SendMessageA
SetRect
InflateRect
OffsetRect
PtInRect
PostMessageA
EqualRect

gdi32

SelectObject
SetBkMode
CreateSolidBrush

ole32

CoInitialize

oleaut32

SysFreeString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

Exports

Exports

CreateInspection

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

558242d5a6fe547279d6dbdbaf62052e

Headers

File Characteristics

PDB Paths

Imports

isbase

imgproc

isafx60

isext60

mfc90

msvcr90

kernel32

user32

gdi32

ole32

oleaut32

msvcp90

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB