3626562da695e1bdeda32dd7cce823e094b471fcab3c7de725c9a154cc576ff3_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3626562da695e1bdeda32dd7cce823e094b471fcab3c7de725c9a154cc576ff3_NeikiAnalytics.exe
Size

280KB
MD5

0c73f9195a7db222c365437827630070
SHA1

d541c1705cdabee73d3349ab6149d78df9391d5f
SHA256

3626562da695e1bdeda32dd7cce823e094b471fcab3c7de725c9a154cc576ff3
SHA512

c8efb5d5a0835242fc047bc060cc5ff19afb955fc840ef3d194688099b25e520c6da6edc80c66558ea57e3408268e27d062e751e0cda3b97c1142bd088088834
SSDEEP

6144:WGt2lRGTePAmlZwbIFmD7BEEiW1wAciKfY:+qq4mrwbIFmDJ1b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3626562da695e1bdeda32dd7cce823e094b471fcab3c7de725c9a154cc576ff3_NeikiAnalytics.exe

Files

3626562da695e1bdeda32dd7cce823e094b471fcab3c7de725c9a154cc576ff3_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

5f66ceed03125d62ae4b904c6e8a2462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

acad.exe

acedIsMenuGroupLoaded
ads_term_dialog

accore

?acedAlert@@YAHPEB_W@Z
?acedPrompt@@YAHPEB_W@Z
?acedFindFile@@YAHPEB_WPEA_W_K@Z
?acedGetVar@@YAHPEB_WPEAUresbuf@@@Z
?acedArxUnload@@YAHPEB_W@Z
?acedArxLoad@@YAHPEB_W@Z
?acedSetVar@@YAHPEB_WPEBUresbuf@@@Z
?acedRetStr@@YAHPEB_W@Z
?acedDefun@@YAHPEB_WH@Z
?acedInvoke@@YAHPEBUresbuf@@PEAPEAU1@@Z
?acedGetAppName@@YAPEB_WXZ
?acedGetFunCode@@YAHXZ
?acedRetVoid@@YAHXZ
?acedMenuCmd@@YAHPEB_W@Z
acedCommandS
?acedGetArgs@@YAPEAUresbuf@@XZ
?adsw_acadMainWnd@@YAPEAUHWND__@@XZ
?acedRetNil@@YAHXZ
?acedArxLoaded@@YAPEAUresbuf@@XZ
?acedRestoreStatusBar@@YAXXZ
?acedUndef@@YAHPEB_WH@Z

acdb22

?acutRelRb@@YAHPEAUresbuf@@@Z
?acrxRegisterAppMDIAware@@YA_NPEAX@Z
?acrxUnlockApplication@@YA_NPEAX@Z
?writeCommandNameToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@PEB_W0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@PEB_W@Z
?setLoadReason@AcadAppInfo@@QEAAXW4LoadReasons@AcadApp@@@Z
?writeToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@XZ
?setAppDesc@AcadAppInfo@@QEAAXPEB_W@Z
?setModuleName@AcadAppInfo@@QEAAXPEB_W@Z
?setAppName@AcadAppInfo@@QEAAXPEB_W@Z
??1AcadAppInfo@@UEAA@XZ
??0AcadAppInfo@@QEAA@XZ
?acutPrintf@@YAHPEB_WZZ
?close@AcDbObject@@QEAA?AW4ErrorStatus@Acad@@XZ
?isA@AcDbDatabaseReactor@@UEBAPEAVAcRxClass@@XZ
?objectUnAppended@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_W@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_W_N@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_WAEAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?goodbye@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@@Z

mfc140

ord2332
ord2229
ord473
ord2207

kernel32

GetModuleHandleA
GetModuleFileNameA
OutputDebugStringW
AllocConsole
GetStdHandle
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
CloseHandle

user32

RegisterWindowMessageA
MessageBoxA
GetActiveWindow

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

vcruntime140

strchr
_CxxThrowException
memset
__vcrt_InitializeCriticalSectionEx
strrchr
memmove
__std_terminate
__std_exception_copy
strstr
__C_specific_handler
__std_type_info_destroy_list
__std_exception_destroy
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
freopen
fclose
fopen
__stdio_common_vfprintf
__stdio_common_vsprintf
fwrite
fread
_getcwd
__stdio_common_vsscanf
fgets
feof

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-string-l1-1-0

_strdup
strncpy
strncmp
isspace
strtok
strncat
_strnicmp
_stricmp
_strupr

api-ms-win-crt-convert-l1-1-0

atof
atoi
wcstombs
mbstowcs

api-ms-win-crt-math-l1-1-0

floor
pow
sin
sqrt
atan
acos

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_initterm
_initterm_e
_register_onexit_function
_initialize_onexit_table
terminate
strerror
_errno
_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv
abort
_crt_atexit

api-ms-win-crt-filesystem-l1-1-0

_chdir
_unlink
_findfirst64i32
_findclose
_getdrive
_chdrive
_splitpath
_makepath
_access
_mkdir

api-ms-win-crt-time-l1-1-0

_localtime64
_difftime64
_time64

aplitopgeo8

LeerParKCombinada
EstablecerValDefectoKCombinada

ac1st22

?copyFrom@AcRxObject@@UEAA?AW4ErrorStatus@Acad@@PEBV1@@Z
?isEqualTo@AcRxObject@@UEBA_NPEBV1@@Z
?comparedTo@AcRxObject@@UEBA?AW4Ordering@AcRx@@PEBV1@@Z
?subQueryX@AcRxObject@@MEBAPEAV1@PEBVAcRxClass@@@Z
??0AcRxObject@@IEAA@XZ
?clone@AcRxObject@@UEBAPEAV1@XZ

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f66ceed03125d62ae4b904c6e8a2462

Headers

DLL Characteristics

File Characteristics

Imports

acad.exe

accore

acdb22

mfc140

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

aplitopgeo8

ac1st22

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 20KB - Virtual size: 88KB

.pdata Size: 10KB - Virtual size: 9KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 60B

_RDATA Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 20KB - Virtual size: 88KB

.pdata
Size: 10KB - Virtual size: 9KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 60B

_RDATA
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB