34a095c4c2ba5c9016303d2f3b0b5820_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

34a095c4c2ba5c9016303d2f3b0b5820_NeikiAnalytics.exe
Size

86KB
MD5

34a095c4c2ba5c9016303d2f3b0b5820
SHA1

04cfe50563ed745692df13dc2e5d5e6bcdc43dbb
SHA256

57088aaf5ed98e3d563cf3ff234c21a0ad3e51d933ce1e20d7a4ec78d806efae
SHA512

2c555dbd1949f2a936e9bcd433f0c97754a40040c6e3a608b92278d7bf882f15673ca06d0ca100cdd4328a700a1e1b8a22d7d6e73500256d505c6a9993f12dbd
SSDEEP

768:ASvBl3QjQhUWIadzMg5S7fVl9c9WbKKxm3LlLd6dAtxdU/C:AC8QhUWHkfBq6Otxd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34a095c4c2ba5c9016303d2f3b0b5820_NeikiAnalytics.exe

Files

34a095c4c2ba5c9016303d2f3b0b5820_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

8c2632c77e2af675ca9dde6e4141b7d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

xb2net

XBSOAPENVELOPE
XBSAVETOFILE
XBCOMPLEXTYPE

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
?retStackItem
?conNRelease
?frameExit
?ehUnwind
__vft21ConNumericFloatObject10AtomObject
?conNewNil
?conNewString
?conOpNewInt
__vft19ConNumericIntObject10AtomObject
ARRAY
?exePcodeEval
__vft20ConStringConstObject10AtomObject
__vft18ConUndefinedObject10AtomObject
ACREATE
?retNil
?conNAllocL
?momSOff
SETCOLOR
SET
UPPER
?domValXEql
?domAssign
SETCURSOR
SCROLL
SETPOS
?domGetElem
?executeMacro
?conMemberToItem
EMPTY
?orShortCut
?domXEql
?domOr
?retStackValue
QOUT
QQOUT
?conSendItem
ROW
MAXROW
MAXCOL
MEMOEDIT
CHR
VAR2CHAR
_KEYBOARD
?conNReleaseL
?passParameter
LEN
VALTYPE
?andShortCut
?domAnd
SPACE
?domAdd
DISPBOX
DEVPOS
DEVOUT
?pushCodeBlock
ACHOICE
AEVAL
LASTKEY
?domNEql
GET
COL
AADD
STRTRAN
?conAssignRefWMember
ALLTRIM
STR
LTRIM
TRIM
?conOpNewFloat
?conNewLogic
DATE
MSGBOX
APPNAME
PADR
FEXISTS
ERROR
?domNot
RTRIM
EVAL
?conNNewNil
AFILL
?domRefElem
PADL
FERASE
FRENAME
_WAIT
ASCAN
__vft14ConLogicObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_2_00_0
___xpprt1Version

xppsys

ANCHORCB
READMODAL
APPSYS
APPEXIT
ERRORSYS

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 512B - Virtual size: 471B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c2632c77e2af675ca9dde6e4141b7d4

Headers

File Characteristics

Imports

xb2net

xpprt1

xppsys

Sections

.text Size: 67KB - Virtual size: 67KB

.data Size: 11KB - Virtual size: 10KB

.xpp Size: 512B - Virtual size: 471B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 67KB

.data
Size: 11KB - Virtual size: 10KB

.xpp
Size: 512B - Virtual size: 471B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB