41312ec0cf11845ada6e96e76b3eff0f7b00d373adb4b59ef84cc4269d09ad6f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

41312ec0cf11845ada6e96e76b3eff0f7b00d373adb4b59ef84cc4269d09ad6f_NeikiAnalytics.exe
Size

787KB
MD5

600610eab7bdc84926213d6cb01410a0
SHA1

1b8a94b02af3550434aeaeb9c61f6b06eb1b9446
SHA256

41312ec0cf11845ada6e96e76b3eff0f7b00d373adb4b59ef84cc4269d09ad6f
SHA512

9b27d16d408cff6807525b598850f0f6d05d6ad6bd153c4a0a9b5e5ba50fec15657e02dc79c4a070a6b3085104e852912b5a16e9f94ee5f3f56d73c48051849c
SSDEEP

24576:jIqgvLlCf5jrMhpKGrt/QvKUsWsSoSIkSSM:7gvLlCRjradQbsWsSyFSM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41312ec0cf11845ada6e96e76b3eff0f7b00d373adb4b59ef84cc4269d09ad6f_NeikiAnalytics.exe

Files

41312ec0cf11845ada6e96e76b3eff0f7b00d373adb4b59ef84cc4269d09ad6f_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

66c838f24fa53fea6df1fb6c4d44a5bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

zwcad.exe

zds_action_tile
zds_client_data_tile
zds_queueexpr
?zcDocManagerPtr@@YAPAVZcApDocManager@@XZ
zcedInvoke
zcedGetArgs
ord1927
ord1900
ord1792
?zcedRemoveObjectContextMenu@@YAHPBVZcRxClass@@PAVZcEdUIContext@@@Z
?zcedAddObjectContextMenu@@YAHPBVZcRxClass@@PAVZcEdUIContext@@PBX@Z
zcdbEntGet
zcdbEntMake
?zcedGetZcadWinApp@@YAPAVCWinApp@@XZ
?zcedGetZcadFrame@@YAPAVCMDIFrameWnd@@XZ
zds_start_dialog
zds_new_positioned_dialog
zds_done_positioned_dialog
zds_load_dialog
zds_unload_dialog
?zcedRestoreStatusBar@@YAXXZ
?zcedSetStatusBarProgressMeter@@YAHPBDHH@Z
?zcedSetStatusBarProgressMeterPos@@YAHH@Z
zcedUsrBrk
zcedGetPoint
zcedGetString
zdsw_zcadMainWnd
?zcedGetZcadDwgView@@YAPAVCView@@XZ
zcdbTblSearch
zcedRetNil
zcedZrxLoad
zcedZrxLoaded
zcedSetVar
zcedGetVar
zcedFindFile
zds_get_tile
zds_set_tile
zds_start_list
zds_add_list
zds_end_list
zds_mode_tile
zds_term_dialog
zcedRetVoid
zcedGetFunCode
zcedMenuCmd
zcedIsMenuGroupLoaded
zcedAlert
zcedCommand
zcedZrxUnload
zcedGetAppName
zcedPrompt
zcedUndef
zcedDefun
zcedRetStr

zwdatabase

ord340
ord3916
ord964
ord1699
ord4730
ord3274
ord232
ord442
ord425
ord439
ord434
ord461
ord28
ord59
ord29
ord26
ord2
ord239
ord243
ord1234
ord8472
ord9135
ord9126
ord9129
ord9124
ord9127
ord9133
ord9132
ord9131
ord9134
ord156
ord12
ord48
ord226
ord8973
ord27
ord225
ord8517
ord8518
ord8520
ord8521
ord805
ord150

msvcr100

_mbsnbicmp
ferror
_errno
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_mbsnbcpy
__mb_cur_max
_isctype
_pctype
srand
rand
mbtowc
_beginthreadex
_mbsupr
strtol
vfprintf
_getpid
_strupr
_unlink
realloc
__clean_type_info_names_internal
memmove
strncpy
isspace
_strnset
_purecall
wcstombs
_difftime64
feof
fgets
_splitpath
strncmp
strrchr
??2@YAPAXI@Z
_ctime32
_time32
strlen
strcpy
fgetpos
_gmtime64
toupper
strtod
atol
_mbscmp
_strlwr
_itoa
_stricmp
memcpy
_chdir
_strnicmp
atof
malloc
_strdup
_findnext64i32
_mkdir
_findfirst64i32
_findclose
ftell
_chdrive
getenv
_getdrive
fputs
fread
fwrite
_getcwd
strncat
_makepath
_access
free
fgetc
fseek
calloc
wcslen
_time64
??3@YAXPAX@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memset
strchr
strstr
__CxxFrameHandler3
fclose
fprintf
fopen
sprintf
sscanf
setlocale
_CxxThrowException
atoi
strtok
mbstowcs
_localtime64
localeconv

mfc100

ord8351
ord9994
ord6217
ord11154
ord8070
ord13294
ord10883
ord3395
ord11025
ord8231
ord13973
ord13972
ord14045
ord14062
ord14058
ord14060
ord14061
ord14059
ord2417
ord7349
ord2878
ord2881
ord12535
ord5534
ord2838
ord3755
ord1263
ord5777
ord8222
ord2742
ord3738
ord915
ord5858
ord5302
ord8228
ord3744
ord1012
ord901
ord946
ord1316
ord316
ord381
ord5803
ord8305
ord11107
ord8235
ord2416
ord12531
ord5532
ord2752
ord2973
ord2974
ord3620
ord10360
ord10007
ord8137
ord11067
ord3373
ord3254
ord1210
ord11882
ord788
ord3977
ord2626
ord305
ord5242
ord6678
ord13219
ord310
ord1483
ord12868
ord9475
ord3390
ord7933
ord6117
ord2847
ord5875
ord3746
ord7863
ord3475
ord2187
ord1900
ord1982
ord2184
ord2183
ord11924
ord1290
ord7039
ord890
ord327
ord943
ord374
ord3439
ord909
ord325
ord2524
ord977
ord10906
ord421
ord5837
ord4283
ord6054
ord5776
ord4341
ord5830
ord5774
ord4340
ord4345
ord10595
ord12962
ord12344
ord1313
ord7876
ord3963
ord12865
ord4144
ord6970
ord2611
ord1292
ord7491
ord7927
ord2759
ord13047
ord13095
ord2505
ord13305
ord7871
ord6836
ord4785
ord2076
ord3839
ord320
ord1437
ord4464
ord6010
ord12644
ord1496
ord1503
ord1509
ord1507
ord1514
ord4410
ord4381
ord4415
ord4406
ord4364
ord4368
ord4401
ord3991
ord870
ord1268
ord1713
ord2061
ord10357
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord5444
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord6090
ord895
ord2050
ord1948
ord408
ord1929
ord6076
ord2826
ord1244
ord12694
ord11728
ord11940
ord12790
ord11939
ord12124
ord796
ord337
ord11941
ord11812
ord9445
ord2371
ord8554
ord11190
ord11188
ord4373
ord4393
ord4389
ord4385
ord4377
ord4419
ord4398
ord7265
ord7837
ord2617
ord6259
ord1011
ord2409
ord13280
ord3431
ord2614
ord7862
ord3743
ord2776
ord8227
ord5857
ord2892
ord1331
ord781
ord782
ord1322
ord744
ord745
ord1342
ord2084
ord11447
ord1908
ord2023
ord12128
ord968
ord5821
ord4589

kernel32

WideCharToMultiByte
WaitForSingleObject
GetVersionExA
lstrcmpA
MulDiv
GetProfileStringA
Sleep
GetWindowsDirectoryA
GetLocaleInfoA
LoadLibraryExA
DefineDosDeviceA
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetDateFormatA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
WinExec
CreateMutexA
GetLastError
CloseHandle
CreateProcessA
lstrlenA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
LocalFree
GetVersion
LocalAlloc
ReleaseMutex
CreateEventA
OpenFileMappingA
GetTempPathA
FlushViewOfFile
OpenEventA
SetEvent
WaitForMultipleObjects
GetExitCodeThread
TerminateThread
ResetEvent
VerifyVersionInfoA
VerSetConditionMask
UnmapViewOfFile
DeviceIoControl
QueryDosDeviceA
GetPrivateProfileStringA
GetPrivateProfileIntA
RaiseException
lstrcpyA
DeleteAtom
SetDllDirectoryA
GlobalAddAtomA

user32

SendMessageA
InvalidateRect
GetClientRect
ReleaseCapture
SetCapture
GetParent
GetWindowRect
ScreenToClient
GetDC
DrawFocusRect
ReleaseDC
GetPropA
CallWindowProcA
SetWindowLongA
RemovePropA
LoadMenuW
MessageBoxA
wsprintfA
SetForegroundWindow
GetKeyState
GetMonitorInfoA
EnumDisplayMonitors
GetSystemMetrics
FillRect
CreatePopupMenu
SetCursor
UpdateWindow
ValidateRect
SetActiveWindow
GetFocus
SetParent
GetSysColor
RegisterWindowMessageA
GetActiveWindow
ClientToScreen
SetScrollPos
GetMessagePos
SetScrollRange
ScrollDC
GetUpdateRect
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
IsChild
GetCursorPos
IsWindowVisible
SetWindowTextA
DestroyWindow
CreateDialogParamA
LoadCursorA
SetPropA
GetWindowLongA
GetDlgItem
CopyRect
EnableWindow
ModifyMenuA
FindWindowA

gdi32

StartPage
SetMapMode
SelectClipRgn
SetBkMode
GetTextMetricsA
Rectangle
SaveDC
SetTextAlign
RestoreDC
TextOutA
MoveToEx
EndPage
AbortDoc
EndDoc
GetTextExtentPointA
StretchBlt
BitBlt
GetTextExtentPoint32A
ExtTextOutA
Polygon
CreateFontA
GetDeviceCaps
CreateDCA
DeleteDC
GetStockObject
SelectObject
CreateSolidBrush
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
SetTextColor
DeleteObject
StartDocA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError
PrintDlgA

winspool.drv

OpenPrinterA
ClosePrinter
GetPrinterA

advapi32

GetUserNameA
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

SHDeleteKeyA

ole32

CoInitialize
CLSIDFromProgID
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
OleLoadPicture
VariantClear

ws2_32

closesocket
bind
WSAGetLastError
getpeername
recv
send
connect
sendto
gethostname
WSAStartup
getsockname

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66c838f24fa53fea6df1fb6c4d44a5bc

Headers

DLL Characteristics

File Characteristics

Imports

zwcad.exe

zwdatabase

msvcr100

mfc100

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 550KB - Virtual size: 550KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 17KB - Virtual size: 77KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 77KB - Virtual size: 77KB

.text
Size: 550KB - Virtual size: 550KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 17KB - Virtual size: 77KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 77KB - Virtual size: 77KB