41dfeacfafa504b149879ceac1deaad0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

41dfeacfafa504b149879ceac1deaad0_NeikiAnalytics.exe
Size

320KB
MD5

41dfeacfafa504b149879ceac1deaad0
SHA1

03e788e3d6ec650ce85878ae2983545094f780a5
SHA256

eb4d4b66650ab60c647a153ccf4e5a3e092c17228ff32dcd75577ed3c9c5992f
SHA512

51a38295efa3498ff19eaecd7058fb2e73a6a432aab8c433f4d9dbdb85daf24482d22375b8cc8c746c2403af3e9f239e0f218b106ee7e9623c4de2420f097a35
SSDEEP

6144:EfzBlpda5OpAX8rZuCvM7mllEIqOBrRIEyI:yzBlpdeOpAsrbvMMR5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41dfeacfafa504b149879ceac1deaad0_NeikiAnalytics.exe

Files

41dfeacfafa504b149879ceac1deaad0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

01dd639337d8119d405d95df3ad1bff5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\fb25\svn_prod\R2_5_2_Upd_1\firebird2\temp\Win32\Release\gdef\gdef.pdb

Imports

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA
WNetGetUniversalNameA

kernel32

LocalFree
OpenProcess
GetCurrentProcessId
WaitForSingleObject
GetComputerNameA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
FindFirstFileA
GetFileAttributesA
GetFullPathNameA
GetDriveTypeA
TlsAlloc
VirtualFree
OpenThread
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetConsoleMode
LocalAlloc
FreeLibrary
GetEnvironmentVariableA
FindClose
InterlockedIncrement
VirtualAlloc
TlsFree
TlsSetValue
TlsGetValue
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
FindNextFileA
CreateFileA
GetTempPathA
WriteFile
ReadFile
SetFilePointer
SleepEx
GetCurrentThreadId
GetVersion
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetModuleFileNameA
lstrcmpA
lstrlenA
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleMode
InterlockedExchangeAdd

user32

MessageBoxA
CharLowerBuffA
CharUpperBuffA

advapi32

RegQueryValueExA
RegCloseKey
GetUserNameA
GetSecurityInfo
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityInfo
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

fbclient

ord248
ord135
ord241
ord145
ord139
ord116
ord229
ord120
ord174
ord103
ord138
ord122
ord83
ord128
ord152
ord158
ord42
ord86
ord115
ord160
ord169
ord162
ord119
ord113
ord176
ord166
fb_interpret
ord280
ord250
ord51
ord44
ord117
ord168
ord156
ord1
ord56
ord87
ord37

msvcr80

fflush
printf
__iob_func
getc
sprintf
fopen
rewind
fclose
_open_osfhandle
atol
__CxxFrameHandler3
strncmp
strchr
fprintf
memcpy
fputc
strncpy
??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_purecall
memset
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_vsnprintf
fseek
fputs
_errno
puts
atoi
memmove
vsprintf
abort
_getcwd
_get_osfhandle
ferror
toupper
isprint
getenv
_ftime64
_access
fwrite
feof
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
exit
_unlink
_isatty
_close
_dup2
_strnicmp
_fileno
_stricmp
putc
_write

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01dd639337d8119d405d95df3ad1bff5

Headers

File Characteristics

PDB Paths

Imports

mpr

kernel32

user32

advapi32

fbclient

msvcr80

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 2KB

.rmnet Size: 56KB - Virtual size: 56KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 2KB

.rmnet
Size: 56KB - Virtual size: 56KB