c0f9ed7b729d706f6c19d6278549f9d0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c0f9ed7b729d706f6c19d6278549f9d0_NeikiAnalytics.exe
Size

602KB
MD5

c0f9ed7b729d706f6c19d6278549f9d0
SHA1

636795915e5adfef84bc75e7d927b10152cb969c
SHA256

af8e09600558fdb7db4731ffa78a6ddb8c708fbe9dccc01bbbfa4069570ac30f
SHA512

110170713830a0f78103075fada5eb89cb9c4c67c74a4e12357dbe4b5ee2ee72db91cd81babad5dbc75b423d25d1e2a10023d6d46c550c79fe9bcf1e049d3b48
SSDEEP

6144:Jk7BJeqbetq4R2pF/p/uwONct43j92U5PQz0NgxGmt:JWJeq6YV9pGHNu4B2UWmAt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0f9ed7b729d706f6c19d6278549f9d0_NeikiAnalytics.exe

Files

c0f9ed7b729d706f6c19d6278549f9d0_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

bf1129961d17d6658beba1b778cf5312

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Research\F1MultiDoc\Debug\F1MultiDoc.pdb

Imports

mfc140d

ord5382
ord14098
ord10692
ord17046
ord13785
ord4467
ord13963
ord10874
ord13563
ord13562
ord6798
ord12039
ord12035
ord12037
ord12038
ord12036
ord17243
ord1603
ord3310
ord3024
ord5145
ord9816
ord12005
ord3890
ord3893
ord16044
ord7508
ord866
ord1461
ord851
ord10363
ord10370
ord2628
ord8898
ord3884
ord7385
ord8969
ord1645
ord1655
ord3756
ord5974
ord5975
ord7386
ord7185
ord15972
ord15982
ord7190
ord15980
ord7189
ord3085
ord5381
ord10548
ord11093
ord9815
ord10950
ord13634
ord6455
ord4473
ord5488
ord10975
ord13955
ord13317
ord12154
ord3773
ord9176
ord2962
ord5072
ord10062
ord4585
ord13636
ord7213
ord4463
ord8636
ord605
ord2408
ord12624
ord14434
ord14520
ord6786
ord6785
ord13642
ord17184
ord9954
ord16997
ord13486
ord8460
ord12945
ord13484
ord13485
ord8461
ord6554
ord14059
ord2041
ord13254
ord13982
ord16382
ord1301
ord2047
ord16381
ord2522
ord2556
ord9945
ord14390
ord9414
ord12000
ord7218
ord6451
ord16941
ord9704
ord8791
ord883
ord6668
ord6559
ord15677
ord5982
ord6545
ord14533
ord3460
ord4802
ord12045
ord3634
ord2034
ord10805
ord13097
ord11217
ord11146
ord11147
ord13314
ord12047
ord3225
ord10625
ord10645
ord11144
ord12114
ord10820
ord12280
ord13239
ord13021
ord13644
ord1475
ord15255
ord2978
ord5090
ord14855
ord5812
ord6209
ord5699
ord3319
ord11127
ord7064
ord14384
ord17118
ord3519
ord6970
ord8639
ord11894
ord11897
ord8952
ord9109
ord1880
ord1171
ord6959
ord17019
ord16643
ord4814
ord3745
ord3744
ord4007
ord4006
ord4749
ord12225
ord13218
ord12821
ord10769
ord1218
ord2925
ord5026
ord10947
ord3309
ord16040
ord7506
ord14006
ord14097
ord14147
ord9825
ord14129
ord7159
ord4483
ord391
ord1178
ord10135
ord5331
ord16241
ord15362
ord14518
ord7685
ord17126
ord7686
ord17127
ord7684
ord17125
ord9535
ord14513
ord16915
ord2129
ord13837
ord13838
ord2371
ord13885
ord14136
ord9476
ord15029
ord4747
ord4808
ord11139
ord17051
ord9454
ord17053
ord14523
ord14524
ord2884
ord6440
ord9960
ord5341
ord9532
ord14942
ord15010
ord12187
ord14137
ord10043
ord3021
ord5142
ord10143
ord15571
ord868
ord2679
ord2686
ord2701
ord2558
ord1220
ord7898
ord493
ord14051
ord10973
ord2178
ord8223
ord1091
ord1600
ord5491
ord9481
ord9534
ord9553
ord9561
ord6299
ord9146
ord10134
ord3358
ord15089
ord13737
ord16623
ord10702
ord10945
ord10153
ord16729
ord14637
ord8766
ord16460
ord13673
ord13672
ord13623
ord11759
ord11746
ord13662
ord13663
ord8958
ord1638
ord4480
ord16443
ord3422
ord9868
ord16001
ord6743
ord7479
ord10813
ord14856
ord6708
ord14629
ord13072
ord10057
ord9113
ord3406
ord15524
ord3089
ord14389
ord14720
ord5612
ord11227
ord3254
ord4745
ord16964
ord6464
ord6454
ord12001
ord12948
ord12949
ord11104
ord13582
ord11723
ord6961
ord8802
ord910
ord6940
ord8366
ord7468
ord2165
ord14750
ord5241
ord16980
ord7674
ord13347
ord2983
ord5096
ord16140
ord1491
ord4497
ord15257
ord13969
ord4795
ord15047
ord12186
ord12782
ord12832
ord13089
ord10935
ord7410
ord6283
ord10083
ord15093
ord12486
ord10959
ord8961
ord270
ord2773
ord9836
ord8588
ord6106
ord2787
ord334
ord534
ord13816
ord7111
ord14322
ord3451
ord1250
ord269
ord380
ord16304
ord6406
ord1173
ord8232
ord14468
ord385
ord1174
ord4326
ord3093
ord5389
ord6318
ord6518
ord16538
ord9328
ord9329
ord3429
ord9690
ord16176
ord5968
ord5967
ord5970
ord5966
ord5965
ord1056
ord11252
ord11267
ord11257
ord11730
ord11734
ord11269
ord13585
ord12932
ord10740
ord12956
ord11792
ord11793
ord8243
ord10963
ord13998
ord13962
ord11208
ord11899
ord14936
ord3215
ord12927
ord9288
ord13095
ord13098
ord13404
ord8597
ord547
ord1259
ord2938
ord5045
ord12257
ord11271
ord3755
ord14054
ord10647
ord10639
ord16042
ord7507
ord13195
ord983
ord1526
ord904
ord9689
ord1486
ord7061
ord4481
ord4451
ord15909
ord6948
ord4731
ord915
ord4757
ord4013
ord8284
ord1495
ord8972
ord2618
ord5191
ord9771
ord5002
ord2913
ord10483
ord14496
ord15821
ord2039
ord7212
ord3864
ord2963
ord5073
ord13643
ord4475
ord5976
ord15983
ord15981
ord4464
ord1089
ord1598
ord3846
ord829
ord1433
ord8767
ord15626
ord9862
ord6364
ord6538
ord6533
ord7612
ord10532
ord16529
ord3711
ord12898
ord3934
ord13142
ord5855
ord5845
ord5909
ord5879
ord5931
ord3628
ord5891
ord5885
ord5940
ord5897
ord5903
ord5956
ord5917
ord5870
ord2024
ord1997
ord1983
ord17035
ord4768
ord2404
ord6043
ord6048
ord9953
ord3713
ord15324
ord14023
ord4688

kernel32

OutputDebugStringW
FreeLibrary
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetCurrentDirectoryA
MultiByteToWideChar
SetLastError
GetLastError
LocalFree

user32

PostQuitMessage
InflateRect
SetRect
SetRectEmpty
FillRect
GetSystemMetrics
IsRectEmpty
LoadImageA
GetSysColor
UnregisterClassA
PeekMessageA

gdi32

PlayEnhMetaFile
DeleteDC
GetStockObject
SetWindowOrgEx
SetWindowExtEx
TextOutA
SetWinMetaFileBits
CloseMetaFile
GetEnhMetaFileA
SetTextColor
SetMapMode
SaveDC
RestoreDC
Pie
DeleteObject
CreateSolidBrush
CreateMetaFileA

comctl32

InitCommonControlsEx

oleaut32

GetErrorInfo
VariantInit
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysFreeString
VariantClear
SysAllocString

gdiplus

GdiplusShutdown

vcruntime140d

__CxxFrameHandler3
memset
_purecall
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
_CxxThrowException

ucrtbased

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
terminate
_controlfp_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
strlen
__stdio_common_vsprintf_s
malloc
free
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
wcslen
_CrtDbgReportW
_CrtDbgReport
__stdio_common_vswprintf_s
_setmbcp
wcscpy_s
strcpy_s

Sections

.textbss
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf1129961d17d6658beba1b778cf5312

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140d

kernel32

user32

gdi32

comctl32

oleaut32

gdiplus

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 76KB

.text Size: 189KB - Virtual size: 188KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 3KB - Virtual size: 14KB

.idata Size: 15KB - Virtual size: 15KB

.gfids Size: 512B - Virtual size: 486B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 321KB - Virtual size: 320KB

.reloc Size: 17KB - Virtual size: 17KB

.textbss
Size: - Virtual size: 76KB

.text
Size: 189KB - Virtual size: 188KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 14KB

.idata
Size: 15KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 486B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 321KB - Virtual size: 320KB

.reloc
Size: 17KB - Virtual size: 17KB