03caa6ea372193702199ff2c2e58f6a6da18102bfb99dbd0e6086ecf31f93a06_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

03caa6ea372193702199ff2c2e58f6a6da18102bfb99dbd0e6086ecf31f93a06_NeikiAnalytics.exe
Size

400KB
MD5

e9e7bb6d5dfe3e79067e92f5b4eaca10
SHA1

ab34b4aefdf546207109cb50e007c0a7dad1a11b
SHA256

03caa6ea372193702199ff2c2e58f6a6da18102bfb99dbd0e6086ecf31f93a06
SHA512

73684de4565d25472bda932cc18518eb966dc855adcf61cb8ad4a2c39a70383d68e71527fbe5eac0f8a8580b354a9c6662e6ff889c86dda2fd8c1da6fc83f5e4
SSDEEP

6144:Y8MIJI316qZobC5oyQzrENf+ZTZa4eRlleB:Y8MN/i+uyQzrEwZZP8OB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03caa6ea372193702199ff2c2e58f6a6da18102bfb99dbd0e6086ecf31f93a06_NeikiAnalytics.exe

Files

03caa6ea372193702199ff2c2e58f6a6da18102bfb99dbd0e6086ecf31f93a06_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

c7b2913badbc5c1ca73a8ffd5e843f2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Build\PCM45_NET_DailyBuild\SourceCode\Pcm45_net\KernelSource\Music\CLAlbumArt\Release\CLAlbumArt.pdb

Imports

wsock32

send
WSAGetLastError
socket
setsockopt
htons
inet_ntoa
connect
getsockopt
shutdown
closesocket
accept
ioctlsocket
gethostbyname
WSAStartup
recv
select

mfc71

ord1151
ord265
ord2131
ord2271
ord1482
ord6179
ord5563
ord783
ord910
ord765
ord315
ord314
ord1209
ord1092
ord1167
ord581
ord2804
ord1198
ord865
ord5710
ord578
ord297
ord1489
ord299
ord2933
ord5918
ord629
ord1439
ord3388
ord383
ord655
ord6288
ord5111
ord421
ord313
ord304
ord781
ord4109
ord2272
ord784
ord5107
ord310
ord5661
ord1443
ord266
ord762
ord764
ord4085
ord2322

msvcr71

strrchr
strerror
_setmode
fclose
strncat
tolower
strncmp
strncpy
strchr
sprintf
memset
__security_error_handler
??1type_info@@UAE@XZ
strtol
strtoul
_vsnprintf
_beginthreadex
wcslen
_time64
__CxxFrameHandler
_except_handler3
free
malloc
_mbschr
__dllonexit
_onexit
?terminate@@YAXXZ
strstr
_write
_read
atol

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
GetTickCount
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
OutputDebugStringA
WaitForSingleObject
CloseHandle
lstrcpyA
GetFileAttributesA
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
GetACP

user32

RegisterClassExA
CreateWindowExA
DefWindowProcA
PostMessageA
DestroyWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoInitialize
CoUninitialize

msvcp71

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7b2913badbc5c1ca73a8ffd5e843f2b

Headers

File Characteristics

PDB Paths

Imports

wsock32

mfc71

msvcr71

kernel32

user32

advapi32

ole32

msvcp71

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 336KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 340KB - Virtual size: 336KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 16KB