0efbf95775cc3db558b09ecac1e6be70_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0efbf95775cc3db558b09ecac1e6be70_NeikiAnalytics.exe
Size

199KB
MD5

0efbf95775cc3db558b09ecac1e6be70
SHA1

8758238b799046476d6580842c8f48670b235b43
SHA256

67cc347967ca4d68f9ff20063d6d90e72772c26690e89af1e713c9a0a3d991aa
SHA512

dddf3482e6f88fc350dcb6c364e31961a39c59dbf6500c9d26513bf1d305c85cbe1b5518bcc277756f5c399d3575bbb8b4474c33c3cae7b8430bc1f6c6d80b09
SSDEEP

1536:xRUaNp3WVS2Vm+VaZCG+9laZHePFGyMgboOEBKBth8zMvndEF/Rvpzd/xsuMcscR:gQRCGEsHLurVd7EZ/FxsuXj5zGQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0efbf95775cc3db558b09ecac1e6be70_NeikiAnalytics.exe

Files

0efbf95775cc3db558b09ecac1e6be70_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

fb46eba3317bae059d7bb935d3b8fc01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Workspace\Maestro Active\1.00.012.1XXX\Sorgenti\Release\x64\Nci32\EsaGv2\XilogLib.pdb

Imports

vpthru64

PTClose
PTSend
PTConnect

kvcom3x64

InitCNSignal
GetDefcnLastError
test_cpxreg_bit
write_cpxregdword_bit
write_cpxregdouble
write_cpxregdword
write_cpxregbyte
write_cpxregstring
read_cpxregdouble
read_cpxregdword
read_cpxregbyte
read_cpxregstring
write_regdword_bit
write_regword_bit
write_regbyte_bit
write_regdword
write_regbuffer
write_regstring
read_multireg
read_regdword
read_regbuffer
ConvToAbsoluteReg
get_reg_by_name
exit_board
init_board
ConvComunicationChannel
HostGetLastError
HostFileSend
HostFileReceive
HostDeleteFile
HostCloseHandle
HostWriteFile
HostCreateFile

vkenv64

ENVResetInitGlobalTable
KENVInitGlobalTable
_EstablishResourceLocation
KENVFreeGlobalTable

vshared64

InitShared
ShrReadAxNVel
ExitShared

mfc140

ord310
ord316
ord12873
ord5656
ord4937
ord1628
ord266
ord265
ord1485
ord1487
ord1504
ord1507
ord12214
ord4502
ord4503
ord8417
ord8418
ord12547
ord8025
ord1032
ord2344
ord2348

kernel32

LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW
LocalFree
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
WideCharToMultiByte
MultiByteToWideChar
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocaleInfoEx
FormatMessageA
InitializeCriticalSectionEx
CreateFileA
DeleteFileA
WriteFile
CloseHandle
GetLastError
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
OutputDebugStringA
DecodePointer
SetLastError

user32

UnregisterClassA
wsprintfA

msvcp140

?_Throw_C_error@std@@YAXH@Z
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ

oleaut32

SysFreeString

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memchr
memcmp
memcpy
memmove
__C_specific_handler
__current_exception
__current_exception_context
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strncpy
_strupr
strncmp

api-ms-win-crt-stdio-l1-1-0

fclose
fwrite
fopen
fputs
feof
fgets
__stdio_common_vsprintf

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-convert-l1-1-0

_itoa
atoi

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_onexit_function
_invalid_parameter_noinfo
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_crt_at_quick_exit
_errno
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

free
_recalloc
calloc
malloc

api-ms-win-crt-math-l1-1-0

floor
ceilf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

Kva_Close_Unite
Kva_ConnectRegisterIOT
Kva_ConnectRegisterPignaDisplay
Kva_ConnectRegisterTvma
Kva_DNC20_DialWithModes2_Grp
Kva_DNC20_Position_OM
Kva_DNC20_Position_OP
Kva_DNC20_ReadExxxxx
Kva_DNC20_WriteExxxxx
Kva_DncDeleteFileEx
Kva_DownLoadFile
Kva_DownLoadFileEx
Kva_DownLoadZone
Kva_GetCanNodeStatus
Kva_GetCanRingStatus
Kva_GetISOMsg
Kva_GetPlcVersion
Kva_GetRelease
Kva_Get_Port
Kva_InitEnv
Kva_OpenDownLoadSequence
Kva_ReadAxInfo
Kva_ReadAxisAlarm
Kva_ReadChanInfo
Kva_ReadGenAlarm
Kva_ReadLadderVar
Kva_ReadMemoryPP
Kva_ReadProgStatus
Kva_Read_Data_Tvma
Kva_SetLogPath
Kva_SetPLCTool
Kva_UpLoadFileEx
Kva_UpdateRegisterPignaDisplay
Kva_VerifyRegister
Kva_WriteDownLoadSegment
Kva_WriteLadderVar
Kva_WriteRegisterIOT
Kva_WriteRegisterPignaDisplay

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb46eba3317bae059d7bb935d3b8fc01

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vpthru64

kvcom3x64

vkenv64

vshared64

mfc140

kernel32

user32

msvcp140

oleaut32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 2KB - Virtual size: 12KB

.pdata Size: 6KB - Virtual size: 6KB

.idata Size: 12KB - Virtual size: 12KB

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 2KB - Virtual size: 12KB

.pdata
Size: 6KB - Virtual size: 6KB

.idata
Size: 12KB - Virtual size: 12KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB