ff8a80ccbb622466a5bab63866281330_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ff8a80ccbb622466a5bab63866281330_NeikiAnalytics.exe
Size

2.6MB
MD5

ff8a80ccbb622466a5bab63866281330
SHA1

0b5971c7f39afd6b8fb42b4d36ca21e87775a06f
SHA256

6981c415a32f31b700e2742014f873aea99d185404e8e5c1f1a8fe2473afee7c
SHA512

859a225b77a917fd0ef069b7c2512dd9cd1c84b403523b44ef3d0c7ceed4eed082ee9df11688c12ceafeeda1bc2da6b17c3907f73ef2b26cfa83d7db160afad9
SSDEEP

12288:Iy4GpB/W1Cl7alU/csbTcvr0n9A0ZyzMahgHyRMAwkkmyS/Q4kiSu0cCeH4FLGU:EWBe1aal4HbV1ZXNyTTkiQ4k+QK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff8a80ccbb622466a5bab63866281330_NeikiAnalytics.exe

Files

ff8a80ccbb622466a5bab63866281330_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

ea908f4d57e1d30558cf894370b6c4af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ascom10

CREATEOBJECT

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?symRefItemConst
?momSOff
CURDIR
?domAdd
?getRFPC
FILE
?retStackValue
?domAssign
SUBSTR
UPPER
?symPublicConst
SCROLL
SETPOS
SET
?domValXEql
SETCURSOR
?pushCodeBlock
SETKEY
?symPrivateConst
DBSELECTAREA
DBUSEAREA
?getRFCC
?symGetItemConst
?setCWArea
DBCLOSEAREA
?restWArea
CTOD
ALLTRIM
SETCOLOR
DEVPOS
DEVOUT
_ATPROMPT
COL
_MENUTO
?floadTos
MAXROW
MAXCOL
SAVESCREEN
RESTSCREEN
_QUIT
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
ROW
DBCLOSEALL
ORDLISTCLEAR
ORDLISTADD
?conNNewNil
ACREATE
GET
?domRefElem
?conSendItem
AADD
LASTKEY
DATE
DBSEEK
?domGetElem
ROUND
?domGECmp
?andShortCut
?domAnd
?getWFCC
DBCOMMITALL
TONE
INKEY
RLOCK
EMPTY
?domNot
?getWCFC
DBUNLOCK
__vft19ConNumericIntObject10AtomObject
ARRAY
LEN
?domSub
?executeMacro
?domEql
?domLCmp
DEVOUTPICT
TIME
?orShortCut
?domOr
DBDELETE
?passParameter
?symParameterConst
RECNO
FOUND
?retStackItem
ISCOLOR
SETMOUSE
__vft20ConStringConstObject10AtomObject
APPDESKTOP
?conAssignRefWMember
SETAPPWINDOW
INDEXORD
DBGOTO
ORDSETFOCUS
?getWFPC
SETPRC
QOUT
DTOC
REPLICATE
?domLECmp
EOF
QQOUT
PROW
_EJECT
DBSKIP
DBGOTOP
?Xb2MacroSubstStringConst
RUNSHELL
_COPYFILE
ISPRINTER
SETBLINK
?domNEql
?conNewNil
SELECT
SPACE
DBUNLOCKALL
FERASE
DBCREATE
DBAPPEND
YEAR
STR
DBGOBOTTOM
DTOS
?domXEql
?domMul
?conMemberToItem
ASCAN
DISPBOX
ACHOICE
?conNewString
TRANSFORM
LASTREC
VAL
ABS
?domDiv
AFILL
TYPE
?domGCmp
RIGHT
LEFT
?domNegate
?domValEql
ISALPHA
CHR
_KEYBOARD
?domValLCmp
?conOpNewInt
_EARLYBOUNDCODEBLOCK
DBLOCATE
DBCONTINUE
PCOUNT
DBSORT
TBROWSE
FCOUNT
?conNewCon
FIELDNAME
LOWER
FIELDGET
TBCOLUMN
?conRelease
__vft14ConLogicObject10AtomObject
EVAL
?domValGCmp
BOF
?domSubStr
ORDLISTREBUILD
?domInc
NETERR
DBPACK
AT
STRTRAN
ASC
ADEL
?getRCFC
__vft21ConNumericFloatObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version
FIELDPOS
VALTYPE
LTRIM
BREAK
?pushDynamicCodeBlock
ERRORBLOCK
?ehUnsetContext
?ehGetBreakContainer
?domValNEql
AEVAL
FIELDPUT
PROCNAME
PROCLINE
NATIONMSG
DISPOUT
DBSTRUCT
DLLLOAD
DLLCALL
DLLUNLOAD
?nomClassLock
?nomClassUnlock
?retObject
XBPBASEDIALOG
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?conNewExtObject
?nomCallInitClass
?conGetSelfClass
XBPBASECRT
XBPBASECOMBOBOX
XBPBASELISTBOX
XBPBASEPUSHBUTTON
XBPBASESPINBUTTON
XBPBASEMENUBAR
XBPBASEMENU
XBPBASESLE
XBPBASEMLE
XBPBASETREEVIEW
XBPBASETREEVIEWITEM
XBPBASE3STATE
XBPBASETABPAGE
XBPBASESCROLLBAR
XBPBASECHECKBOX
XBPBASERADIOBUTTON
XBPBASESTATIC
XBPBASEPRESSPACE
ACLONE
INT
BAND
SHELLLINKRESOLVE
FOPEN
FSIZE
FREADSTR
FCLOSE
GRAQUERYTEXTBOX
?domAddEqu
L2BIN
CONVTOANSICP
SETAPPFOCUS
APPEVENT
SETAPPEVENT
BIN2L
LASTAPPEVENT
MAX
ATAIL
ASIZE
?domDec
LOADRESOURCE
THREADID
DOSERROR
ERROR
WORKSPACELIST
?setSWArea
DBCOMMIT
DBRROLLBACK
DBELOAD
ALERT
DBEBUILD
DBSESSION
ISFUNCTION
DOSERRORMESSAGE
APPTYPE
_BREAK
ERRORLEVEL
ISMETHOD
TRIM
CONFIRMBOX
ROOTCRT
PADL
OUTERR
MSGBOX
APPNAME
VERSION
OS
VAR2CHAR
MLCOUNT
MEMOLINE
RTRIM

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea908f4d57e1d30558cf894370b6c4af

Headers

File Characteristics

Imports

ascom10

xpprt1

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.data Size: 173KB - Virtual size: 173KB

.xpp Size: 8KB - Virtual size: 8KB

.idata Size: 6KB - Virtual size: 6KB

.reloc Size: 101KB - Virtual size: 100KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 173KB - Virtual size: 173KB

.xpp
Size: 8KB - Virtual size: 8KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 101KB - Virtual size: 100KB