1e73f1ce431a9f176f270e52aa1c51f0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1e73f1ce431a9f176f270e52aa1c51f0_NeikiAnalytics.exe
Size

167KB
MD5

1e73f1ce431a9f176f270e52aa1c51f0
SHA1

3bd6858971af52c1dcb4b0deade89784bc13cd91
SHA256

527e1d40216e73a9d146480b112e1b2d910dfa7fb6c2fa14c945004af9929e46
SHA512

d4d64dcd0fedd9f77102d78a6bd39b58da6ad1f82ccb6b90a649b2868f64c636f78345902a45eb0ada90ad50fb55919d02d6bb254f625ad7ebbdf4e53a05bdb1
SSDEEP

3072:ZRgIEOer03DhTEe/Usee+Vx0wXt41f1T9qYUL5ENZ:ZrEOeg3DxLAx031f1T9qYUL5u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e73f1ce431a9f176f270e52aa1c51f0_NeikiAnalytics.exe

Files

1e73f1ce431a9f176f270e52aa1c51f0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

2e4d840da887ad4a1acc5eb8de21650b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\develop\global\Release\bin\common\AcLauncher.pdb

Imports

kernel32

ReadFile
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
SetFilePointer
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
lstrlenW
CloseHandle
Sleep
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapReAlloc

user32

DdeDisconnect
wsprintfW
DdeCreateStringHandleW
UnregisterClassA
DdeConnect
DdeClientTransaction
DdeInitializeW
DdeUninitialize
DdeFreeStringHandle

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

shell32

ShellExecuteExW

ole32

CLSIDFromString
StringFromCLSID
CoTaskMemFree

msvcp80

?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z

msvcr80

strncmp
memcpy_s
memmove_s
?what@exception@std@@UBEPBDXZ
_wcsicmp
free
memset
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
__CxxFrameHandler3
_CxxThrowException
memcpy

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e4d840da887ad4a1acc5eb8de21650b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp80

msvcr80

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 45KB - Virtual size: 45KB

.rrdata Size: 80KB - Virtual size: 80KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 45KB - Virtual size: 45KB

.rrdata
Size: 80KB - Virtual size: 80KB