3daf9581ab56ca9b54c20d751a5a951d9dc80305919a3b40248d17586e01a861_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3daf9581ab56ca9b54c20d751a5a951d9dc80305919a3b40248d17586e01a861_NeikiAnalytics.exe
Size

437KB
MD5

b94f7364dbb076df5e3f110a707d9070
SHA1

ac8fa5f81e0599df587a6a3f5d0fd5dd926a0607
SHA256

3daf9581ab56ca9b54c20d751a5a951d9dc80305919a3b40248d17586e01a861
SHA512

2eeb6aff9b123083192ebf1286e1517a9719e54c4ea20902e134a3fd140adc4ed21edabbb6a98e593d5a0b7b0f3a5e7b353df7a7027f211792bf1b080b802124
SSDEEP

6144:Va0wnSPtTgrrxJNu2uz4MMGezvT+LIQIigGxafPM6K/psv5uww+8r:Va0QSPtknxJNu5U6ev+b9wfBRux+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3daf9581ab56ca9b54c20d751a5a951d9dc80305919a3b40248d17586e01a861_NeikiAnalytics.exe

Files

3daf9581ab56ca9b54c20d751a5a951d9dc80305919a3b40248d17586e01a861_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

397f5ff228f59d1417a3dcd0353675ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\NVMS_v2.1.4_SP1\CommonFile\CommonLib\Release\NetDeviceDVR.pdb

Imports

sharelib

?SHARESDK_CreateRunOneThread@@YAPAXP6AXPAX@Z0_NPBDH3@Z
?SHARESDK_DestroyThread@@YAXPAXPBDH@Z
?SHARESDK_NormalOutput@@YAXPBD0I@Z
?SHARESDK_AbnormalOutput@@YAXPBD0I@Z
?SHARESDK_DebugOutput@@YAXPBD0I@Z

netcommon

?DecReference@CCmdProcObject@@QAEHH@Z
?AddReference@CCmdProcObject@@QAEHH@Z
?NET_COMM_RegistDevProtocolProcObject@@YA_NIPAVCNetProtocolProc@@@Z
??0CCmdProcParamPlayStreamTWDevice@@QAE@AAU_GUID@@U1@1PBXIPAVCCmdProcParameter@@_N@Z
??1CCmdProcParamPlayStreamTWDevice@@UAE@XZ
??1CNetProtocolProc@@UAE@XZ
??0CCmdProcParam@@QAE@PAVCCmdProcParameter@@PBXI_N@Z
??0CCmProcParamAlarmInfo@@QAE@U_GUID@@IIEEPAVCCmdProcParameter@@@Z
?NET_COMM_SetConnectState@@YAXU_GUID@@I0_N@Z
?HasReply@CCmdProcObject@@QAE_NXZ
?GetRequestCommand@CCmdProcObject@@QBE?AW4_net_protocol_cmd_def_@NVMS_NET_PROTOCOL@@XZ
?GetRouteGUID@CCmdProcObject@@QAE?AU_GUID@@XZ
?GetSrcID@CCmdProcObject@@QAE?AU_GUID@@XZ
?GetTaskGUID@CCmdProcObject@@QBE?AU_GUID@@XZ
?GetCommandID@CCmdProcObject@@QAEIXZ
??0CCmProcParamDevRecordInfo@@QAE@U_GUID@@IPAVCCmdProcParameter@@@Z
??1CCmProcParamAlarmInfo@@UAE@XZ
??1CCmProcParamDevRecordInfo@@UAE@XZ
?NET_COMM_AddLiveData@@YAXPBDIAAU_GUID@@@Z
??1CCmdProcParam@@UAE@XZ
??0CNetProtocolProc@@QAE@XZ

mempool

?MEM_POOL_New@@YAIPBXHH@Z
?MEM_POOL_AddReference@@YAHIH@Z
?MEM_POOL_Delete@@YAXI@Z
?MEM_POOL_DecReference@@YAHIH@Z
?MEM_POOL_GetContent@@YA_NIAAV?$CChildPairContainer@PAEH@@@Z
?MEM_POOL_GetLength@@YAHI@Z

netsocket

?NET_SOCKET_Stop@@YAXH@Z
?NET_SOCKET_RegisterNode@@YA_NHPAVCSocketDataObserver@@PAXHH@Z
?NET_SOCKET_UnRegisterNode@@YAXH@Z
?NET_SOCKET_DestroyHNetCommunication@@YAXH@Z
?NET_SOCKET_Start@@YA_NH@Z

commonfilesdk

?GetNext@CVoiceBroadcastItemIterator@@QAEPAVCCommonFileNode@@XZ
?HasNext@CVoiceBroadcastItemIterator@@QAE_NXZ
??1CVoiceBroadcastItemIterator@@QAE@XZ
??0CVoiceBroadcastItemIterator@@QAE@ABU_GUID@@@Z

nodemanager

?GetNodeType@CLocalNode@@QBEIXZ
??CCOneNodeIterator@@QAEPAVCLocalNode@@XZ
??BCOneNodeIterator@@QAEPAVCLocalNode@@XZ
??1COneNodeIterator@@QAE@XZ
??0COneNodeIterator@@QAE@ABU_GUID@@@Z

kernel32

LocalFree
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetLocalTime
GetSystemInfo
Sleep
GetCurrentThreadId
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
GetLastError
CloseHandle
EnterCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
DeleteCriticalSection

oleaut32

VariantClear

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

strchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list
memcpy
memcmp
memchr
__RTDynamicCast
_purecall
__CxxFrameHandler3
strstr
memmove

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__acrt_iob_func
__stdio_common_vsscanf

api-ms-win-crt-string-l1-1-0

isdigit
isspace
strncmp
_strnicmp
isalpha
strncpy

api-ms-win-crt-convert-l1-1-0

atoi
atol
strtol

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-time-l1-1-0

_mktime64
_tzset

Exports

Exports

?NET_DEV_DVRSDK_Initial@@YA_NG@Z
?NET_DEV_DVRSDK_Quit@@YAXXZ

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

397f5ff228f59d1417a3dcd0353675ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sharelib

netcommon

mempool

netsocket

commonfilesdk

nodemanager

kernel32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB