a3ab2c3786ad496f8cbfe339d89dd640_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a3ab2c3786ad496f8cbfe339d89dd640_NeikiAnalytics.exe
Size

4.9MB
MD5

a3ab2c3786ad496f8cbfe339d89dd640
SHA1

c85c8964ab8b2eebf73f1361998fc9b8f5131846
SHA256

ad04de8db481346849524b1d00b72407b2f784bbee8ff19c2c403fb15043430d
SHA512

eb69e098e2bd1c8a11550099c7bf7b339eb743119d39c370fb1083c0e0e35328418b16ef24b2170616fe10d24edbfb743eef162cd4bb2a4b75a4cef5967119b8
SSDEEP

24576:+dXsl/Zq1hsMV4TH7T1XrMekeVe5emelJIER8wY2yiTF3my8TPkIVOAfvF4JC4tE:fBk2lJJ8dGTWfKO5UZZQyI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3ab2c3786ad496f8cbfe339d89dd640_NeikiAnalytics.exe

Files

a3ab2c3786ad496f8cbfe339d89dd640_NeikiAnalytics.exe
.exe windows:1 windows x86 arch:x86

50f5501ece105703ec4cc1a723a89e5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

user32

FindWindowA
IsWindow
SendMessageA
DefWindowProcA
SetWindowTextA
SetTimer
BeginPaint
EndPaint
PostQuitMessage
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBeep
BringWindowToTop
LoadStringA
MessageBoxA
PostMessageA
PeekMessageA
LoadStringA
wsprintfA

kernel32

ExitProcess
GetVersion
SetHandleCount
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetStartupInfoA
GetCommandLineA
GlobalMemoryStatus
GetModuleFileNameA
WinExec
GetTickCount
lstrlenA
GetPrivateProfileStringA
GetUserDefaultLCID
GetLocaleInfoA
GetTempPathA
GetTempFileNameA
_llseek
_lread
GetComputerNameA
CreateProcessA
Sleep
GetExitCodeProcess
TerminateProcess
GetLastError
lstrcpyA
lstrcmpiA
CreateFileA
SetFilePointer
WriteFile
CloseHandle
lstrcatA
lstrcmpA
WritePrivateProfileStringA
GetEnvironmentVariableA

vo28run

ArrayBuild
RTInit
RTExit
SysAddAtom
CreateAtomTable
AtomInit
MemInit
MemAlloc
__ConvertResult
_GetRTCount
LabelPush
LabelPop
LabelJump
__NotifyUnload
INCKidStackPtr
__chkstk
_GAS
uiLineNum_RT
String2Psz
_PAS
DECKidStackPtr
SetMaxDynSize
SetKidStackSize
SetMaxRegisteredKids
SetWipeDynSpace
_GetCmdLine
Psz2String
AllTrim
Upper
Right
Left
_CPSE
ProcName
_P2S
_CCS
ProcLine
_DW2T
_NCARG
ValType
_P2Date
DToC
_P2String
_Str
_P2Logic
_P2Symbol
Symbol2String
_P2Object
ClassName
voflFloatNull_RT
UsualType
_P2T
__Str
At
_PGT
_W2T
_PLS
_L2T
Space
_Hex
_T2DW
SLen
_HexByte
Lower
DynLock
DynUnLock
DynInfoUsed
Memory
CollectForced
IsNumeric
_PDE_REF
Chr
_P2DW
_PSB
MemSet
MemCopyString
MemFree
FOpen2
FSeek3
FPutS
FClose
_GetInst
Mem2String
RAt
SubStr
StrTran
Trim
SetDateFrmt
SetFloatDelta
SetFixed
SetDecimal
_SetIntl
PCount
CreateInstance
AsString
ErrorBlock
Eval
SetDecimalSep
SetThousandSep
SetTimeSep
Val
_P2L
SetAmPm
SetAMExt
SetPMExt
_P2I
_INSTR
_SetDict
SetCentury
SetEpoch
_CPPSZ
LabelJump
__chkstk
_S2P
Send
DeclareClass
MemCopy
AsPsz
DirMake
DeclareMethod
NoMethod
Empty
_SendSelf
AAdd
ALen
_ArrayGetCollection
_P2Array
AClone
IsString
IsArray
IsDate
XTransform
PadR
IVarGet
_P2Ptr
IsCodeBlock
IVarPut
GetCallerEBP
SetCallerEBP
_SDWP
_PLS_REF
_SWP
_PGT_REF
_PML_REF
_PASS
SetExact
EnterCGCSection
_PEQ_REF
LeaveCGCSection
_PDE
Tone
_RefErr
_PAD
Replicate
CToD
POW
_T2L
_ArrayPutCollection
_P2W
Min
SubStr2
FErase
FOpen
ArrayNew
_PUE
File
At3
ASort
SubStr3
RAt
At
_PLE
Today
Time
PadL
_PML
Ceil
Floor
_PMO_REF
_PAD_REF
ADel
ASize
_PGE
IsLogic
FWrite3
CompString
DToS
Time24
_PGenRef
_P2RefPtr
RegisterAxit
_SSP
_Str1
_P2RefString
_P2RefL
Len
FCreate2
FRead3
MemChr
_P2RefDW
InString
GetNatDLL
SetNatDLL
LTrim
Default
_P2Psz
osprintf
_P2F
_F2T
SToD
String2Symbol
FWrite
FSeek
FReadStr
DynToOldSpaceString
_D2T
_Str2
_T2D
Asc
_P2RefLogic
_Quit
MemComp
_VODBErrInfoPtr
Cast2Psz
IsPtr
ArrayCreate
Max
ArrayInit
_P2Code
SendClass
IsNil
_SDAP
_SLOP
_STP
_P2D
_P2B
Day
Month
Year
_W2D
Abs
AFill
IsInstanceOf
IsFloat
AbsFloat
_TCP
IsLong
FCreate
_P2RefArray
IsMethodOf
IVarPutSelf
FTell
AEval
FError
DosErrString
CharPos
IsDigit
_P2RefW
IsXDigit
IsAlphaNum
SClone
MCompile
MExec
PadR
_PNEG
Integer
_PEQ
_PDV
_TSB
_I2T
_TML
_TDV
_TAD
Round
_PDV_REF
_PUE_REF
DoW
Secs
_PSB_REF
_SPOP
GetDASPtr
StrZero
ProcFile
NTrim
_ExecName
CBRTInit
CBRTEval
ErrorFunc
MemClear
ErrorBuild
NetErr
ErrString
TypeString
IVarGetInfo
SetBeep
CanBreak
SetErrorLog
WorkDir
FPutS3
GetDefaultDir
SetDefaultDir
GetDefault
SetDefault
_IError
FPutS
Version
ErrorMessageBox
EmptyUsual
MathInit
ErrorLevel
VODBCloseAll
__CollectPublics
FieldGetAlias
FieldPutAlias
_GetFParam
ArrayGet
_CallClipFunc
ArrayPut
IsSymbol
IsClass
AIns
_SendClassParams

asqras

isRasLoaded
GetRasEntries
ftp_setascii
ftp_cd
ftp_ls
ftp_delete

asqgui

__StartWait
__EndWait
hATxtLibrary
hETxtLibrary
LoadAjyalString
ResetOverideTable
SetSingleOverideString

asqfcm

Asq_Compress
Asq_Decompress
lzrw1_decompress
lzrw1_compress
zlib_decompress
zlib_compress

asqencrp

XORStr
TeaDecode

asqhijri

y_InitDateTable
y_HijriToGreg

art

enable_memdump
disable_memdump
snprintf
AcquireExclusiveSemaphore
L_FileExist
_mem_strcat
_mem_memset
_mem_memcpy
_mem_memcmp
_mem_memmove
_JHeapSize
_JHeapReAlloc
mem_free_notify
mem_realloc_notify
_JHeapFree
_JHeapAlloc
mem_alloc_notify
_JHeapCreate
_JHeapDestroy
DoubleToString
UpdateIdleTime
UnLoadQuery
LoadTable
UnLoadTable
Soundix

csyslog

vsyslog
setrotate
csetlog

odbc32

SQLGetInfo
SQLFreeStmt
SQLExecDirect
SQLMoreResults
SQLDisconnect
SQLFetch
SQLExecute
SQLDriverConnect
SQLGetData
SQLNumResultCols
SQLDescribeCol
SQLBindCol
SQLPrepare
SQLBindParameter
SQLParamData
SQLPutData
SQLSetConnectAttr
SQLFreeHandle
SQLEndTran
SQLAllocHandle
SQLSetStmtAttr
SQLSetEnvAttr
SQLGetDiagRec
SQLColAttribute
SQLGetStmtAttr

ole32

CoCreateGuid

asqbidi

GetWindowLanguage
bidi
IsArabicOpSys

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50f5501ece105703ec4cc1a723a89e5d

Headers

File Characteristics

Imports

advapi32

user32

kernel32

vo28run

asqras

asqgui

asqfcm

asqencrp

asqhijri

art

csyslog

odbc32

ole32

asqbidi

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.data Size: 414KB - Virtual size: 414KB

.idata Size: 10KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 76B

.reloc Size: 180KB - Virtual size: 179KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 414KB - Virtual size: 414KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 76B

.reloc
Size: 180KB - Virtual size: 179KB

.rsrc
Size: 96KB - Virtual size: 95KB