774c7ce2ca043b7e5ca8a00dd37fc210_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

774c7ce2ca043b7e5ca8a00dd37fc210_NeikiAnalytics.exe
Size

118KB
MD5

774c7ce2ca043b7e5ca8a00dd37fc210
SHA1

d43570d7bbfb7e59a3fa8b8d8cf10e11f008aff7
SHA256

0bdd41c5e78a88b62fd224826221d47bc0d3ca6034badd8c51898764ac804781
SHA512

1908e08396b9ff84e7167ff1a8d8363015f3bf03fae02bd727620593bc01cfcd29f9d9a464794869eb18585f34ac0f763941ef0d1f53f6276d2f3e5006dde1ab
SSDEEP

1536:wvf/cpe1umYOxGLoBDT8H0QlezCOj1iQ24TfewsA4UrYV15/8I+z2fSkXOs9/:wHEkP27wsA4UkV15/8IAvkXOsJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
774c7ce2ca043b7e5ca8a00dd37fc210_NeikiAnalytics.exe

Files

774c7ce2ca043b7e5ca8a00dd37fc210_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

505451c4108230fed722ebe133efdf71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

apiclient10m

get_host_os_srv
get_host_id
set_triangle_direct_hooks
PcmsDisconnectAll
PcmsDisconnectEx

libnetserver10m

PcmsAcceptEx
PcmsMessageLoop

libnetclient10m

MsgBinSend
DmnPrintContext
DmnBinPrintHandler
MsgBinPopAllTS
??0RFFileHandleTracker@@QEAA@XZ
?cleanup@RFFileHandleTracker@@QEAAXXZ
??1RFFileHandleTracker@@QEAA@XZ
MsgBinPushBB
buildRPCmessage
g_sdpSocketTimeout
LCNetGotoSSL
MsgBinPrintSet
DMSSL_init
SDPdumpSSLErrors
OsRfClose
tcp_set_default_port
RfRpcHandleRemove
RfRpcHandleCreate
RFErrorMsg
RPCArgCheck
startup_winsock

libmsgsrv10m

MsgPopAllTS
MsgPrintContextSet
MsgStrPush
MsgFlush

libfilesys10m

sjmalfa5
??_7DeltaEngineClient@@6B@
??1DeltaEngineClient@@UEAA@XZ
CheckResponse
GetToken
GetPrivateKey
GetSeed
GetChallenge
OsMoveAndRemoveDir
OsLibRenameFile
OsLibOpenRawDelta
OsRfRead
?fromArg@DMFileInfo@@QEAAHAEBURPCarg@@@Z
OsLibOpenFile
OsLibGetFullname
??0DMFileInfo@@QEAA@XZ
??1DMFileInfo@@QEAA@XZ
OsLibFileInfo
?toOutArg@DMFileInfo@@QEBAXAEAURPCarg@@H@Z
OsLibDeleteFile
OsLibDelete
ObjTmpDir
sjmalfa7
?InstallExternalDeltaEngineClient@@YAXPEAVDeltaEngineClient@@@Z

libmetadata_api10m

FinishMetadataHandle

libutil10m

int64_asString
AddToMessageLog
_umbschdir
?getConnectionMgr@@YAAEAVCPcmsConnectionMgr@@XZ
SDPtrace
SDPtraceEnabled
pObtainVersionInfoHead
OsCheckFlag
OsSleep
OsGetSymbol
OsGetMemoryFunc
OsResizeMemoryFunc
_umbsfopen
OsGetDirSeparator
OsGetLoginName
OsFreeMemoryFunc
OsGetSystemName
UniDir2Os
OsGetZeroMemoryFunc
OsGetSymbolX
OsTerminate
OsSetAppName
Libutil_SetPersona
?mtSafe@CPcmsConnectionMgr@@QEAA_N_N@Z

libeay64

ord248
ord1015
ord1017
ord1016
ord653
ord585
ord657
ord680
ord82
ord395
ord66
ord1515
ord84

ssleay64

ord35
ord58
ord5
ord15
ord6
ord176
ord225
ord21
ord17
ord222
ord12
ord112
ord24
ord83
ord75
ord8

tls9112d

??1RWCString@@QEAA@XZ
??0RWCString@@QEAA@XZ
??BRWCString@@QEBAPEBDXZ
??YRWCString@@QEAAAEAV0@AEBV0@@Z
??YRWCString@@QEAAAEAV0@D@Z
??RRWCString@@QEAAAEAD_K@Z
?length@RWCString@@QEBA_KXZ
??0RWCString@@QEAA@PEBD@Z
??YRWCString@@QEAAAEAV0@PEBD@Z
??0RWCString@@QEAA@AEBV0@@Z
??4RWCString@@QEAAAEAV0@PEBD@Z
?isNull@RWCString@@QEBA_NXZ
?append@RWCString@@QEAAAEAV1@PEBD@Z
?data@RWCString@@QEBAPEBDXZ

sync4112d

?release@RWMutexLock@@QEAAXXZ
?acquire@RWMutexLock@@QEAAXXZ
??0RWMutexLock@@QEAA@P6AXXZ@Z
??1RWMutexLock@@QEAA@XZ
??1RWThreadId@@QEAA@XZ
?self@RWThreadId@@SA?AV1@XZ
?acquireRead@RWReadersWriterLock@@QEAAXXZ
??0RWReadersWriterLock@@QEAA@P6AXXZ@Z
??1RWReadersWriterLock@@QEAA@XZ
?release@RWReadersWriterLock@@QEAAXXZ

advapi32

AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
LookupAccountSidA
GetTokenInformation
CreateProcessAsUserA
DuplicateTokenEx
LookupPrivilegeValueA

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
DecodePointer
RtlCaptureContext
DuplicateHandle
CloseHandle
ReadFile
WriteFile
TerminateProcess
FormatMessageA
LocalFree
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
OpenProcess
EncodePointer
GetSystemTimeAsFileTime
GetStartupInfoA
CreateFileA
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
GetProcessHandleCount
CreateProcessA

user32

GetThreadDesktop
CreateWindowStationA
SetProcessWindowStation
CreateDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
GetProcessWindowStation

wsock32

ntohl
htonl

ws2_32

WSASocketA

netapi32

DsGetDcNameW
NetApiBufferFree
NetGetDCName
NetUserGetInfo

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileA

msvcr100

fwrite
fflush
fclose
_purecall
atoi
exit
_mbsicmp
vsprintf
memset
sprintf
__CxxFrameHandler3
_time64
_localtime64
strftime
_mbsnbcpy
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_getmbcp
wcsncmp
wcsncpy
_getpid
__C_specific_handler
??2@YAPEAX_K@Z
_errno
memcpy
memmove
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
_CxxThrowException
??0exception@std@@QEAA@AEBV01@@Z
??3@YAXPEAX@Z
strncpy
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_unlock
_initterm_e
_initterm
__initenv
_cexit
_exit
_XcptFilter
__getmainargs
_amsg_exit
_onexit
_lock
__dllonexit

msvcp100

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

505451c4108230fed722ebe133efdf71

Headers

DLL Characteristics

File Characteristics

Imports

apiclient10m

libnetserver10m

libnetclient10m

libmsgsrv10m

libfilesys10m

libmetadata_api10m

libutil10m

libeay64

ssleay64

tls9112d

sync4112d

advapi32

kernel32

user32

wsock32

ws2_32

netapi32

userenv

msvcr100

msvcp100

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 706B

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 706B