4288d3dda5f30f9020036b1afeda1c7e6ea076e72a10462a259fd1af60b64e94_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4288d3dda5f30f9020036b1afeda1c7e6ea076e72a10462a259fd1af60b64e94_NeikiAnalytics.exe
Size

290KB
MD5

fcd4ea4357edfb144fb83d49165a1530
SHA1

5991bb8a9112491b5f4669b302a4a0e603671898
SHA256

4288d3dda5f30f9020036b1afeda1c7e6ea076e72a10462a259fd1af60b64e94
SHA512

98b1775080a43359e7730e623b2f566be76e05ccf6168090b0b93499e240a2df35f28e653e2764c5ec4785082c7527272063ca56a312ecd2bd61d59fb01d7105
SSDEEP

6144:wtZk2wxyXBIAwjz9bFEEiW1wY19sMiIXV:g3RIAwjz9l1v/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4288d3dda5f30f9020036b1afeda1c7e6ea076e72a10462a259fd1af60b64e94_NeikiAnalytics.exe

Files

4288d3dda5f30f9020036b1afeda1c7e6ea076e72a10462a259fd1af60b64e94_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

fd8e4d974f911f814a2c572711cf3502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

acad.exe

acedIsMenuGroupLoaded
ads_term_dialog

accore

acedCommandS
?acedArxUnload@@YAHPEB_W@Z
?acedGetVar@@YAHPEB_WPEAUresbuf@@@Z
?acedRestoreStatusBar@@YAXXZ
?acedMenuCmd@@YAHPEB_W@Z
?acedPrompt@@YAHPEB_W@Z
?acedAlert@@YAHPEB_W@Z
?acedRetNil@@YAHXZ
?acedRetVoid@@YAHXZ
?acedGetFunCode@@YAHXZ
?acedGetAppName@@YAPEB_WXZ
?acedGetArgs@@YAPEAUresbuf@@XZ
?acedInvoke@@YAHPEBUresbuf@@PEAPEAU1@@Z
?acedDefun@@YAHPEB_WH@Z
?acedUndef@@YAHPEB_WH@Z
?acedRetStr@@YAHPEB_W@Z
?acedFindFile@@YAHPEB_WPEA_W_K@Z
?acedSetVar@@YAHPEB_WPEBUresbuf@@@Z
?acedArxLoad@@YAHPEB_W@Z
?acedArxLoaded@@YAPEAUresbuf@@XZ
?adsw_acadMainWnd@@YAPEAUHWND__@@XZ

acdb23

?acutPrintf@@YAHPEB_WZZ
?acrxRegisterAppMDIAware@@YA_NPEAX@Z
?acrxUnlockApplication@@YA_NPEAX@Z
?writeCommandNameToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@PEB_W0@Z
?writeGroupNameToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@PEB_W@Z
?setLoadReason@AcadAppInfo@@QEAAXW4LoadReasons@AcadApp@@@Z
?writeToRegistry@AcadAppInfo@@QEAA?AW4ErrorStatus@AcadApp@@XZ
?setAppDesc@AcadAppInfo@@QEAAXPEB_W@Z
?setModuleName@AcadAppInfo@@QEAAXPEB_W@Z
?setAppName@AcadAppInfo@@QEAAXPEB_W@Z
??1AcadAppInfo@@UEAA@XZ
??0AcadAppInfo@@QEAA@XZ
?acutRelRb@@YAHPEAUresbuf@@@Z
?close@AcDbObject@@QEAA?AW4ErrorStatus@Acad@@XZ
?isA@AcDbDatabaseReactor@@UEBAPEAVAcRxClass@@XZ
?objectUnAppended@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?objectReAppended@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?objectOpenedForModify@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEBVAcDbObject@@@Z
?headerSysVarWillChange@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_W@Z
?headerSysVarChanged@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_W_N@Z
?proxyResurrectionCompleted@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@PEB_WAEAV?$AcArray@VAcDbObjectId@@V?$AcArrayMemCopyReallocator@VAcDbObjectId@@@@@@@Z
?goodbye@AcDbDatabaseReactor@@UEAAXPEBVAcDbDatabase@@@Z

mfc140

ord2332
ord2229
ord473
ord2207

kernel32

OutputDebugStringW
GetModuleHandleA
GetModuleFileNameA
AllocConsole
GetStdHandle
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
CloseHandle
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount

user32

RegisterWindowMessageA
GetActiveWindow
MessageBoxA

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

vcruntime140

__std_terminate
__CxxFrameHandler3
memset
strchr
strstr
__C_specific_handler
_CxxThrowException
__vcrt_InitializeCriticalSectionEx
__std_exception_destroy
__std_type_info_destroy_list
memmove
_purecall
strrchr
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsscanf
freopen
__acrt_iob_func
__stdio_common_vfprintf
fopen
fclose
fwrite
fread
fgets
feof
_getcwd

api-ms-win-crt-filesystem-l1-1-0

_makepath
_access
_chdrive
_getdrive
_mkdir
_findfirst64i32
_splitpath
_findclose
_unlink
_chdir

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
isspace
strncat
_strnicmp
strtok
_wcsnicmp
_stricmp
_strdup
_strupr

api-ms-win-crt-convert-l1-1-0

atof
wcstombs
mbstowcs
atoi

api-ms-win-crt-math-l1-1-0

floor
sin
pow

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_initialize_narrow_environment
terminate
_initialize_onexit_table
_register_onexit_function
strerror
_cexit
_configure_narrow_argv
_execute_onexit_table
_crt_atexit
_errno
_seh_filter_dll
abort

api-ms-win-crt-time-l1-1-0

_localtime64
_difftime64
_time64

aplitopgeo8

LeerParKCombinada
EstablecerValDefectoKCombinada

ac1st23

?clone@AcRxObject@@UEBAPEAV1@XZ
?copyFrom@AcRxObject@@UEAA?AW4ErrorStatus@Acad@@PEBV1@@Z
?isEqualTo@AcRxObject@@UEBA_NPEBV1@@Z
??0AcRxObject@@IEAA@XZ
?subQueryX@AcRxObject@@MEBAPEAV1@PEBVAcRxClass@@@Z
?comparedTo@AcRxObject@@UEBA?AW4Ordering@AcRx@@PEBV1@@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd8e4d974f911f814a2c572711cf3502

Headers

DLL Characteristics

File Characteristics

Imports

acad.exe

accore

acdb23

mfc140

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

ole32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

aplitopgeo8

ac1st23

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 21KB - Virtual size: 88KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 21KB - Virtual size: 88KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB