2a1941745838cc48e75e0869ade89540_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2a1941745838cc48e75e0869ade89540_NeikiAnalytics.exe
Size

95KB
MD5

2a1941745838cc48e75e0869ade89540
SHA1

68cedf8574f2124659ac66c9d5fefd4bae8bfa10
SHA256

12b9a88b2a8a103e5a22d4cbb2a10796545b7add5711b03392eaec136e8195d5
SHA512

6ec6ef80ec27abcfc58f4b54ac0dd00e23c0e615a1943e4e0d8537d4ce99f93a45f6f2a44aca6c246b15205e8fd843558c99b5b0302ef3534913a95ab1f08e79
SSDEEP

1536:PqEGHKQMRduVH7MBNfCZ6Ck+H6HwFY3sbuDYiz8iw50ssiffK8aF8KMflWIW4Dic:PvQMRJR380SKP0W4WYYvQd2a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a1941745838cc48e75e0869ade89540_NeikiAnalytics.exe

Files

2a1941745838cc48e75e0869ade89540_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

426e7321d3af15e3fa2327bc5b8d304d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\video7osnova\build\x86\lib\cisco\cisco.pdb

Imports

kernel32

GetModuleHandleW
GetModuleFileNameW
GetProcAddress
WaitForSingleObject
IsBadReadPtr
FreeLibrary
InterlockedDecrement
GetSystemTimeAsFileTime
LoadLibraryW
GetCurrentProcessId
InterlockedCompareExchange
Sleep
IsProcessorFeaturePresent
EncodePointer
DecodePointer
QueryPerformanceCounter
GetCurrentThreadId
DisableThreadLibraryCalls
IsDebuggerPresent

msvcr120

strstr
memchr
atoi
strcpy_s
strcat_s
_putws
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
memcpy
__CxxFrameHandler3
_strnicmp
_stricmp
puts
rand
wcscat_s
wcsrchr
vsprintf_s
memset

core

core_dll_close
core_dll_open

tools

??4MString@@QAEAAV0@QBD@Z
??4MString@@QAEAAV0@QAD@Z
??4MString@@QAEAAV0@ABV0@@Z
??YMString@@QAEAAV0@QBD@Z
??YMString@@QAEAAV0@QAD@Z
??YMString@@QAEAAV0@ABV0@@Z
?Format@MString@@QAAAAV1@PBDZZ
?LastIndexOf@MString@@QAEHEHH@Z
?Substring@MString@@QAE?AV1@HH@Z
?Copy@MString@@QAEAAV1@PAEH@Z
?Remove@MString@@QAEAAV1@HH@Z
WINLINCOREInitTools
?ToWchar@MString@@QAEPB_WXZ
??8MString@@QAE_NQBD@Z
GetAppDirPathFreeW
GetAppDirPathW
?Free@MString@@QAEXXZ
?strcpy@MString@@SAHAAPADPBD@Z
GetDeltaFromTimes
mFreeMemory
mAllocMemory
WINLINCOREDeinitTools
?ToInt64@MString@@QAE_JXZ
?IndexOf@MString@@QAEHQBDHH@Z

ws2_32

ioctlsocket
connect
inet_addr
htonl
select
WSAGetLastError
htons
setsockopt
recv
socket
__WSAFDIsSet
closesocket
send
getsockopt

Exports

Exports

??4myajl_val_s@@QAEAAU0@ABU0@@Z
ModuleCall
ModuleExecute
ModuleFree
ModuleInit
ModuleVersion
dll_free
dll_init
exception_filter
pre_dll_init

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

426e7321d3af15e3fa2327bc5b8d304d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr120

core

tools

ws2_32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB