622e1e624ec43505090a1f50882adc10_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

622e1e624ec43505090a1f50882adc10_NeikiAnalytics.exe
Size

1.2MB
MD5

622e1e624ec43505090a1f50882adc10
SHA1

75b305310698397c556908963cc8efcbcc2e1d51
SHA256

33569fc842340a3b1a2d2cf6e9f4a2e683331f4b71c7ee80581de192907ad495
SHA512

916f2e7296eafc2cdcf9796bacaa570c902372da10d63c963d261ddc21fc547445753261cae74b83956a7d8e1f2c7ece4da97ec99a48d9de6da561787a4398bb
SSDEEP

24576:zYGXOip5OteF4BHnOD7dhSWZJHiBNLQwzCu9:cGbUBHnOD7duNzCu9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
622e1e624ec43505090a1f50882adc10_NeikiAnalytics.exe

Files

622e1e624ec43505090a1f50882adc10_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x86 arch:x86

823e947f0b9b7e32880865badb1c7ece

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\Jabber\products\jabber-win\src\jabber-client\jabber-build\Win32\bin\Release\CUCMessenger.pdb

Imports

kernel32

LoadResource
FindResourceW
DecodePointer
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
RaiseException
GetHandleInformation
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetCurrentThreadId
WideCharToMultiByte
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetLastError
MultiByteToWideChar
InitializeCriticalSectionEx
LeaveCriticalSection
EncodePointer
GetThreadLocale
GetModuleFileNameW
EnterCriticalSection
SetThreadLocale
CloseHandle
SizeofResource
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime

user32

CharNextW

advapi32

RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW
RegQueryValueExW

ole32

CoRegisterClassObject
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoGetClassObject
CoInitializeEx
CoRevokeClassObject
IIDFromString
CoTaskMemFree

oleaut32

SysAllocStringLen
SafeArrayRedim
UnRegisterTypeLi
SafeArrayDestroy
LoadRegTypeLi
VariantInit
SafeArrayGetUBound
LoadTypeLi
SafeArrayUnlock
SafeArrayGetLBound
VariantCopyInd
SysFreeString
RegisterTypeLi
SafeArrayCopy
SysStringByteLen
SafeArrayGetVartype
SysAllocStringByteLen
VarBstrCat
SysAllocString
VariantCopy
VarBstrCmp
SafeArrayLock
SysStringLen
SafeArrayCreate
VarUI4FromStr
VariantClear

msvcp140

?widen@?$ctype@_W@std@@QBE_WD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??_7_Facet_base@std@@6B@
_Wcscoll
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?id@?$collate@_W@std@@2V0locale@2@A
??_7facet@locale@std@@6B@
_Wcsxfrm
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
??1_Facet_base@std@@UAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ

vcruntime140

__std_type_info_name
strchr
__RTtypeid
_CxxThrowException
wcsstr
memcpy
memmove
memset
_except_handler4_common
__std_type_info_destroy_list
__std_exception_destroy
_purecall
__std_exception_copy
memchr
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_beginthread
_invalid_parameter_noinfo
_resetstkoflw
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_errno

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
_recalloc
malloc
realloc

api-ms-win-crt-string-l1-1-0

wcsncpy_s
_wcsnicmp
wcscat_s
wcscpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32

Exports

Exports

?StartCUCMessenger@@YAXI@Z
?StopCUCMessenger@@YAXV?$shared_ptr@VCUCMessengerStoppedCallback@@@std@@@Z
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

823e947f0b9b7e32880865badb1c7ece

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 559KB - Virtual size: 558KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 24KB - Virtual size: 25KB

.rsrc Size: 427KB - Virtual size: 426KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 559KB - Virtual size: 558KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 24KB - Virtual size: 25KB

.rsrc
Size: 427KB - Virtual size: 426KB

.reloc
Size: 41KB - Virtual size: 41KB