11bdaf14691b5469402ac22406e344d0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

11bdaf14691b5469402ac22406e344d0_NeikiAnalytics.exe
Size

1.4MB
MD5

11bdaf14691b5469402ac22406e344d0
SHA1

508f0cd483c29d35d9e8f236e6d3739e95aa2752
SHA256

7e9f614981900e87bbec76df02c8c9a531b2bb849500231132447a674a082b34
SHA512

2e3bfffb46ec6eb6ede70e69581a7be7da2dc61ca97684fee2d8610a1e6d7a7009c953979b562d5720df9739c068cd6a80e31977291106a13166a9dfccddf173
SSDEEP

24576:v6imLD2MjG5Ddpme1PrTz3pVp/zpIG9ta7S6aFj/Z7sOu9lAHm15vuwBucS3:gLBabtfpL94mZNsdj5B0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11bdaf14691b5469402ac22406e344d0_NeikiAnalytics.exe

Files

11bdaf14691b5469402ac22406e344d0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

4d393cf46c1717eda88330b856a97972

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

comdlg32

GetOpenFileNameA

comctl32

ord17

wsock32

gethostname

qt-mt333

?makeSharedNull@QString@@CAPAUQStringData@@XZ
??4QString@@QAEAAV0@ABV0@@Z
??1QEvent@@UAE@XZ
??0QString@@QAE@ABV0@@Z
?critical@QMessageBox@@SAHPAVQWidget@@ABVQString@@1111HH@Z
??1QString@@QAE@XZ
?shared_null@QString@@0PAUQStringData@@A
?deleteSelf@QStringData@@QAEXXZ
?null@QString@@2V1@A
?postEvent@QApplication@@SAXPAVQObject@@PAVQEvent@@@Z
??0QString@@QAE@PBD@Z
?real_detach@QString@@AAEXXZ
?deleteData@QGArray@@MAEXPAUarray_data@1@@Z
?newData@QGArray@@MAEPAUarray_data@1@XZ
??0QGArray@@IAE@H@Z
??1QGArray@@MAE@XZ
?duplicate@QGArray@@IAEAAV1@ABV1@@Z
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QMemArray@PAD@@@Z
?qstrcpy@@YAPADPADPBD@Z
?qstrlen@@YAIPBD@Z

msvcr71

_controlfp
_onexit
?terminate@@YAXXZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
??3@YAXPAX@Z
_acmdln
_cexit
_ismbblead
_XcptFilter
_c_exit
??1type_info@@UAE@XZ
_strdup
_pclose
??0exception@@QAE@XZ
??1exception@@UAE@XZ
puts
memmove
_mktemp
_unlink
_access
_open
_getcwd
_getpid
ftell
fputc
putc
_mkdir
atol
ungetc
fseek
clearerr
strtol
_exit
__mb_cur_max
_isctype
_pctype
_wunlink
_wremove
_waccess
_wrename
rename
_wstat
_close
_wopen
_wfreopen
freopen
_wfopen
_beginthread
_endthread
_putenv
mktime
_findfirst
_findnext
_findclose
qsort
memcmp
longjmp
__p__environ
getenv
tolower
strrchr
_sys_nerr
_sys_errlist
_setjmp3
abs
localtime
getchar
_popen
perror
strcmp
strcat
strcpy
srand
rand
_stat
strchr
atoi
strtod
tmpnam
remove
fgets
isspace
ldexp
strstr
_purecall
toupper
_errno
strerror
_fmode
strncmp
vfprintf
sprintf
fflush
fwrite
fread
sscanf
atof
fgetc
strncpy
printf
ceil
fscanf
realloc
acos
malloc
floor
atan
sin
cos
tan
pow
exp
sqrt
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_assert
strlen
time
memset
memcpy
calloc
fopen
free
fclose
fabs
_CxxThrowException
??0exception@@QAE@ABV0@@Z
vsprintf
log
__CxxFrameHandler
??2@YAPAXI@Z
_iob
fprintf
exit
__dllonexit

msvcp71

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
GetUserNameA
GetUserNameW
RegEnumKeyExA
CreateServiceA
StartServiceA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegEnumValueA

user32

DialogBoxIndirectParamA
CreateDialogIndirectParamA
wsprintfA
GetSystemMetrics
GetClientRect
SetWindowTextA
SetFocus
GetFocus
EndDialog
GetDlgItemTextA
SetDlgItemTextA
MessageBeep
GetWindowLongA
SendMessageA
GetDlgItem
GetWindowRect
EnableWindow
ShowWindow
ScreenToClient
MoveWindow
GetParent
GetActiveWindow
MessageBoxA
GetDlgItemTextW

kernel32

QueryPerformanceFrequency
GetModuleHandleA
GetTickCount
GetVersion
SetEvent
CreateEventA
ResetEvent
WaitForSingleObject
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
GetVersionExA
ReleaseMutex
GetLastError
CreateMutexA
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
SetFileAttributesA
WideCharToMultiByte
GetCommandLineW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetProcessTimes
GetCurrentProcess
GetPrivateProfileStringA
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
SetLastError
GetVolumeInformationA
GetDriveTypeA
VirtualAlloc
VirtualFree
GetCurrentThread
CreateFileA
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
GetFileAttributesA
GetStartupInfoA
FindFirstFileW
GetPrivateProfileIntA
SetErrorMode
MultiByteToWideChar
SetHandleInformation

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d393cf46c1717eda88330b856a97972

Headers

File Characteristics

Imports

netapi32

comdlg32

comctl32

wsock32

qt-mt333

msvcr71

msvcp71

advapi32

user32

kernel32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 44KB - Virtual size: 219KB

_TEXT_HA Size: 68KB - Virtual size: 66KB

.reloc Size: 96KB - Virtual size: 93KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 44KB - Virtual size: 219KB

_TEXT_HA
Size: 68KB - Virtual size: 66KB

.reloc
Size: 96KB - Virtual size: 93KB