1440653e5af1e36215166aa6d6660a50_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1440653e5af1e36215166aa6d6660a50_NeikiAnalytics.exe
Size

1.0MB
MD5

1440653e5af1e36215166aa6d6660a50
SHA1

bbe91a04b8d7b883186ef6059b0ad9b2f5977d64
SHA256

8dbf9aa44bcebe7e0276282902b5ec5258ecfcc73aec6b1db530ec8014fc67fc
SHA512

59da7560d29eba54aaa136eb2569161c902bb78bccefd45aef731ffe06ffa93ef5ffbe5f4347692dfacabfd915d1e8bcc0b9d7283911d09b3ef27127b126485a
SSDEEP

12288:RpInkrKZPcEZ2sEYP+E9ToWrBBcH6VKI6RvilqONfVxltW:RpIv2mlToWrBBcAKI6RaqKNjA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1440653e5af1e36215166aa6d6660a50_NeikiAnalytics.exe

Files

1440653e5af1e36215166aa6d6660a50_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

ad110e52805750c0c0b3a44172141b8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Development\Omni 7000\NetworkUtility\Release\Network Utility.pdb

Imports

ws2_32

gethostbyname
inet_ntoa
inet_addr
WSAGetLastError
setsockopt

iphlpapi

GetIpAddrTable
DeleteIpNetEntry
GetIpNetTable

mfc100

ord10882
ord10880
ord10881
ord5821
ord2918
ord2773
ord5855
ord1009
ord6010
ord13219
ord8360
ord11374
ord6971
ord8268
ord5770
ord1498
ord2516
ord11951
ord10287
ord10023
ord7999
ord2632
ord11377
ord11968
ord9399
ord9402
ord8368
ord6835
ord888
ord1288
ord1890
ord12672
ord13481
ord13482
ord1011
ord1012
ord1224
ord1004
ord3439
ord5837
ord5774
ord13484
ord13485
ord4078
ord6112
ord9281
ord5098
ord11787
ord11153
ord11184
ord9449
ord7355
ord11180
ord11172
ord5238
ord3409
ord13480
ord13483
ord7144
ord11413
ord13181
ord10922
ord14075
ord1732
ord7091
ord11806
ord3618
ord3676
ord8486
ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord10300
ord11744
ord3404
ord2409
ord13280
ord3431
ord2614
ord7862
ord3743
ord2776
ord8227
ord5857
ord3744
ord8228
ord5302
ord5858
ord2932
ord2819
ord6060
ord457
ord1900
ord1929
ord12865
ord13305
ord7206
ord2769
ord2184
ord4343
ord788
ord1210
ord10030
ord3390
ord12438
ord5141
ord7871
ord7211
ord12440
ord12430
ord343
ord1940
ord4344
ord3667
ord5175
ord7863
ord3746
ord5875
ord3475
ord2187
ord13095
ord6259
ord13312
ord5830
ord423
ord979
ord3167
ord12344
ord2628
ord4464
ord1480
ord4188
ord6572
ord812
ord1227
ord6809
ord11150
ord9571
ord9906
ord6213
ord2023
ord2068
ord6836
ord4782
ord4340
ord4345
ord7363
ord6588
ord6134
ord5151
ord6117
ord13129
ord7832
ord10213
ord8076
ord8139
ord10013
ord9992
ord2250
ord3636
ord2820
ord11151
ord8348
ord2660
ord8320
ord6970
ord1639
ord7933
ord11882
ord4785
ord9501
ord6810
ord822
ord1230
ord10879
ord1437
ord12090
ord1317
ord1483
ord11626
ord11461
ord7837
ord13137
ord13131
ord11781
ord2626
ord305
ord5242
ord2611
ord12002
ord6009
ord7190
ord12093
ord2061
ord12718
ord1981
ord4505
ord417
ord5827
ord4868
ord4870
ord11646
ord1294
ord11376
ord11509
ord310
ord968
ord266
ord265
ord5208
ord300
ord5627
ord3621
ord978
ord422
ord976
ord415
ord11902
ord2524
ord11277
ord1982
ord10906
ord977
ord421
ord11967
ord2741
ord1173
ord722
ord911
ord330
ord12962
ord3253
ord1479
ord11627
ord4143
ord4144
ord7875
ord7876
ord7487
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2416
ord8235
ord11107
ord8305
ord5803
ord11439
ord2528
ord3406
ord4283
ord11240
ord4032
ord11243
ord11964
ord1691
ord10930
ord5036
ord12868
ord2010
ord1008
ord462
ord9475
ord4282
ord7581
ord6678
ord3373
ord3254
ord1316
ord915
ord5777
ord8222
ord2742
ord3738
ord1263
ord895
ord1292
ord6090
ord8304
ord9286
ord7357
ord4772
ord6888
ord6898
ord6897
ord5444
ord4606
ord4774
ord4625
ord5123
ord4881
ord8439
ord5095
ord4903
ord4622
ord11103
ord2846
ord2944
ord2945
ord3484
ord11060
ord2338
ord5253
ord12482
ord10672
ord6128
ord13300
ord7074
ord13302
ord2661
ord3984
ord13980
ord3991
ord4401
ord4368
ord4364
ord4398
ord4419
ord4377
ord4406
ord4415
ord4385
ord4389
ord4393
ord4381
ord4410
ord4373
ord1514
ord1507
ord1509
ord1503
ord1496
ord11188
ord11190
ord12644
ord2847
ord8351
ord9994
ord6217
ord11154
ord8070
ord13294
ord10883
ord3395
ord11025
ord8231
ord13973
ord13972
ord14045
ord14062
ord14058
ord14060
ord14061
ord14059
ord2417
ord7349
ord2878
ord6573
ord10148
ord2881
ord12535
ord5534
ord2838
ord3755
ord946
ord381
ord3839
ord4498
ord1313
ord1485
ord316
ord2088
ord901
ord1296
ord7584

msvcr100

_fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_commode
_onexit
_lock
__dllonexit
_unlock
rand
atoi
strtoul
_mbsstr
??0exception@std@@QAE@ABV01@@Z
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_purecall
strcpy_s
__setusermatherr
_configthreadlocale
_initterm_e
_amsg_exit
_initterm
_localtime64_s
_time64
_setmbcp
__CxxFrameHandler3
memset
memcpy
_CxxThrowException
qsort
malloc
_strdup
free
sscanf_s
strncmp
?what@exception@std@@UBEPBDXZ

kernel32

LoadLibraryExA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
lstrcmpiA
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
MulDiv
lstrlenW
EncodePointer
GetModuleFileNameA
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
WideCharToMultiByte
IsProcessorFeaturePresent
GetVersionExA
TerminateProcess
CreateDirectoryA
GetFileAttributesA
MultiByteToWideChar
FreeLibrary
CloseHandle
CreateProcessA
ActivateActCtx
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
DeactivateActCtx
SetLastError
WaitForSingleObject
GetTickCount

user32

LoadIconW
GetClientRect
LoadBitmapW
SetTimer
IsIconic
GetSystemMetrics
DrawIcon
DrawFrameControl
InvalidateRect
PostMessageA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenuState
EnableMenuItem
CreatePopupMenu
AppendMenuA
PostQuitMessage
GetSysColor
GetClassNameA
SetRectEmpty
GetClassInfoA
DefWindowProcA
LoadCursorA
IsWindow
GetCursorPos
ScreenToClient
SetCursor
wsprintfA
ReleaseDC
KillTimer
EqualRect
SetRect
OffsetRect
SetWindowRgn
WindowFromPoint
ClientToScreen
GetFocus
RealChildWindowFromPoint
GetParent
IsWindowVisible
GetWindowLongA
GetWindowTextA
IsRectEmpty
PtInRect
DestroyCursor
LoadImageA
DestroyIcon
CopyIcon
GetIconInfo
CreateIconIndirect
FillRect
SendMessageA
GetWindowRect
DispatchMessageA
PeekMessageA
TranslateMessage
GetDC
EnableWindow
DrawMenuBar

gdi32

CombineRgn
OffsetRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
GetTextMetricsA
CreateRectRgn
BitBlt
TextOutA
CreatePen
MoveToEx
LineTo
GetDeviceCaps
GetObjectA
CreateDIBSection
CreateBitmap
SelectClipRgn
DeleteDC
DeleteObject
FillRgn
SetTextJustification
CreateSolidBrush
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetTextExtentPoint32A
FrameRgn

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comctl32

ord17
ImageList_GetIcon
ImageList_GetImageCount

wsock32

WSAStartup

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

uxtheme

EnableThemeDialogTexture

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad110e52805750c0c0b3a44172141b8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

wsock32

msvcp100

version

uxtheme

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 756KB - Virtual size: 755KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 756KB - Virtual size: 755KB

.reloc
Size: 25KB - Virtual size: 24KB