12f9d184186f6836039f32d05d9ae7a0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

12f9d184186f6836039f32d05d9ae7a0_NeikiAnalytics.exe
Size

220KB
MD5

12f9d184186f6836039f32d05d9ae7a0
SHA1

01bbd7213931107e862d6fdffbf737f8081d211a
SHA256

c0687e46f8e9264bd79829731bfc3c59cbb9a16caacff2729fdaaf4b0bdf4a6e
SHA512

136a7c6cc26d46eef6a84585bea0c909d9d7a9f5f545d1809661622c03faadc408c443ab87b4636a473a105a98fa2649045d8433b05731042b35f15461d9eef4
SSDEEP

3072:fTG9mNWcVBVY7z4lQLkrxfAwlVnsSsosabsUDQ5lPk0Xm1ltBxJ1g8SV1nmcB1AF:5/j1zz7yfkP2z+Z1tFnEZMJek53T1V5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12f9d184186f6836039f32d05d9ae7a0_NeikiAnalytics.exe

Files

12f9d184186f6836039f32d05d9ae7a0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

8218bc337cbbf148fb93d80c7e7bdf77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\rfwSrv.pdb

Imports

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingFree
RpcServerUnregisterIf
NdrMapCommAndFaultStatus
NdrFreeBuffer
NdrSendReceive
NdrGetBuffer
NdrClientInitializeNew
NdrConformantArrayMarshall
NdrConformantArrayBufferSize
NdrAllocate
NdrConvert
NdrConformantArrayUnmarshall
RpcRaiseException
I_RpcGetBuffer
RpcServerUseProtseqEpA
RpcServerRegisterIf
RpcServerListen
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
NdrServerInitializeNew

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

WSACleanup
WSAGetLastError
WSACreateEvent
WSAStartup

mfc71

ord2272
ord578
ord297
ord1489
ord876
ord2902
ord6118
ord299
ord2933
ord1198
ord313
ord781
ord310
ord266
ord265
ord764
ord2131
ord4108
ord2271
ord4081
ord3934
ord5403
ord2468
ord907
ord911
ord304
ord2322
ord762
ord1191
ord1187
ord6003
ord1185
ord5712
ord3997
ord1486
ord5529
ord4085
ord3255
ord2346
ord1580
ord5331
ord6297
ord5320
ord6286
ord5441
ord262
ord370
ord618
ord910
ord4035
ord784

msvcr71

_mbsnbcat
_mbsrchr
_mbscmp
memmove
wcslen
__CxxFrameHandler
_vsnprintf
sprintf
_mbschr
_mbsnbcpy
_mbsstr
sscanf
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
strrchr
strncpy
_except_handler3
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_CxxThrowException
_itow
wcschr
_mbslwr
_mktime64
atoi
free
malloc
_time64
__p___argc
__p___argv
_beginthreadex
_endthreadex
rand
srand
time
_resetstkoflw
wcscpy
realloc
memset
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_c_exit
_controlfp
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
_stricmp
exit
_cexit
_ismbblead
_XcptFilter
_exit

kernel32

LocalAlloc
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
RaiseException
CreateThread
ResumeThread
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrcmpiW
SetProcessWorkingSetSize
HeapFree
GetProcessHeap
HeapAlloc
CopyFileA
lstrcmpA
InitializeCriticalSection
GetExitCodeThread
TerminateThread
DeleteCriticalSection
GetCurrentDirectoryA
SetCurrentDirectoryA
WaitForMultipleObjects
OpenProcess
GetExitCodeProcess
WritePrivateProfileStringA
GetSystemDirectoryA
CreateEventA
TerminateProcess
GetStdHandle
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
OpenEventA
SetEvent
CreateMutexA
GetFileAttributesA
GetTempPathA
ReadFile
SetEndOfFile
VirtualQuery
GetFileTime
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatus
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToDosDateTime
WinExec
GetVersion
CreateFileW
GetLastError
LocalFree
lstrcmpiA
FormatMessageA
Sleep
MultiByteToWideChar
IsBadStringPtrA
lstrcatA
GetTickCount
OutputDebugStringA
GetCurrentThreadId
GetFileSize
SetFileAttributesA
MoveFileA
lstrlenW
lstrcpyW
lstrcpyA
lstrlenA
lstrcpynA
GetPrivateProfileStringA
LoadLibraryA
FreeLibrary
FindFirstFileA
DeleteFileA
CreateDirectoryA
FindClose
GetPrivateProfileIntA
GetModuleFileNameA
CreateFileA
SetFilePointer
GetCurrentProcessId
GetLocalTime
WriteFile
FlushFileBuffers
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
CreateProcessA
CloseHandle
GetModuleHandleA
GetProcAddress
GetVersionExA

user32

SetTimer
MessageBoxA
wvsprintfA
IsWindow
FindWindowA
SendMessageA
CharUpperA
wsprintfA
PostMessageA
RemovePropA
DispatchMessageA
SetPropA
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
GetPropA
CharLowerA
CharLowerW
CharUpperW
PostThreadMessageA
MsgWaitForMultipleObjects
UnregisterClassA
TranslateMessage
DefWindowProcA
KillTimer

advapi32

CreateServiceA
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CreateProcessAsUserA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
QueryServiceConfigA
RegCloseKey
StartServiceA
SetServiceStatus
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
RegOpenKeyA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
StringFromGUID2
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

msvcp71

??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ

glu32

gluTessVertex

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8218bc337cbbf148fb93d80c7e7bdf77

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

version

ws2_32

mfc71

msvcr71

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

glu32

Sections

.text Size: 144KB - Virtual size: 142KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 16KB - Virtual size: 13KB

.l1 Size: 16KB - Virtual size: 16KB

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 16KB - Virtual size: 13KB

.l1
Size: 16KB - Virtual size: 16KB