464aac6317dbdcc6925ae575ade8d96041f3dff32676ab740a91f4958ed73e88_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

464aac6317dbdcc6925ae575ade8d96041f3dff32676ab740a91f4958ed73e88_NeikiAnalytics.exe
Size

1.1MB
MD5

ef8a8ad22e9389a770a9877b93159b70
SHA1

da4b29479cd6b71df6e1bee4d689e488e588719c
SHA256

464aac6317dbdcc6925ae575ade8d96041f3dff32676ab740a91f4958ed73e88
SHA512

d5b8ada3e278d687363baff5a812fd339b7296a1c2a694905fb2bb6e1ada5c1fd8ddef84c236c1f17e959a9651348ad34f73f978884bb241483b62cefe1e22ff
SSDEEP

24576:uNZY+kbpsy7vh9yg4ss7niY6RmKL6CogMKGef:KZY+kjD/W6RmKL6CoglGef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
464aac6317dbdcc6925ae575ade8d96041f3dff32676ab740a91f4958ed73e88_NeikiAnalytics.exe

Files

464aac6317dbdcc6925ae575ade8d96041f3dff32676ab740a91f4958ed73e88_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

0b2554e6be92dc1111f2376619da2077

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100u

ord826
ord12152
ord1479
ord293
ord13206
ord13213
ord13212
ord11045
ord11043
ord277
ord12154
ord2015
ord1010
ord11299
ord12021
ord12296
ord10985
ord5057
ord462
ord4478
ord7618
ord2088
ord890
ord1292
ord12147
ord11374
ord10969
ord868
ord4511
ord417
ord4519
ord13398
ord979
ord2528
ord11333
ord10960
ord421
ord911
ord2518
ord325
ord1313
ord13218
ord978
ord415
ord13415
ord261
ord11353
ord2823
ord4331
ord1440
ord7210
ord2148
ord11571
ord3846
ord11516
ord11683
ord13208
ord7871
ord11838
ord4151
ord11682
ord4150
ord7913
ord1269
ord2119
ord265
ord13214
ord13220
ord1861
ord2620
ord269
ord900
ord2683
ord1943
ord11801
ord7524
ord7357
ord7914
ord11619
ord11531
ord7662
ord469
ord1020
ord1446
ord2614
ord4290
ord869
ord1270
ord1476
ord5264
ord285
ord1450
ord5229
ord13127
ord2629
ord12153
ord2062
ord12801
ord1312
ord290
ord13219
ord1298
ord266
ord871
ord1272
ord2064
ord2068
ord5813
ord11704
ord4890
ord4888
ord5852
ord11375
ord4516
ord2542
ord4282
ord1498
ord13263
ord7653
ord13412
ord11346
ord5238
ord12525
ord11965
ord3834
ord14205
ord4958
ord4961
ord4954
ord5664
ord6120
ord296
ord1310
ord280
ord286
ord902
ord6089
ord6036
ord1233

msvcr100

__CxxUnregisterExceptionObject
ungetc
memcpy_s
fgetc
fwrite
fputc
fgetpos
_fseeki64
fsetpos
fclose
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
clock
fgets
__FrameUnwindFilter
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_purecall
_vswprintf
__CxxFrameHandler3
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
fflush
setvbuf
_unlock_file
_lock_file
_wchmod
malloc
free
_wrename
_wremove
wcsncpy
memset
_wtoi
sprintf
_controlfp_s
_invoke_watson
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
??0bad_cast@std@@QAE@PBD@Z
strncpy
wprintf
memmove
_localtime64_s
_wtoi64
??1exception@std@@UAE@XZ
__set_app_type
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException
_time64
_swprintf
_wcsicmp

msvcp100

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z

kernel32

GetCurrentProcessId
InitializeCriticalSection
GetACP
RemoveDirectoryW
MultiByteToWideChar
WideCharToMultiByte
CreateNamedPipeW
ConnectNamedPipe
lstrlenW
WaitNamedPipeW
GetComputerNameW
GetFileSize
SetFilePointer
ReadFile
WriteFile
lstrcmpiW
GetModuleHandleW
GetCommandLineW
GetModuleFileNameW
CreateMutexW
GetLongPathNameW
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
WritePrivateProfileStringW
CreateFileW
SetEvent
CreateEventW
CloseHandle
WaitForSingleObject
lstrcpyW
FindFirstFileW
FindClose
ResetEvent
GetFileAttributesW
DeleteFileW
CreateDirectoryW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ReadDirectoryChangesW
WaitForMultipleObjects
OutputDebugStringW
GetWindowsDirectoryW
MoveFileExW
SetFileAttributesW
InterlockedExchange
Sleep
InterlockedCompareExchange
HeapSetInformation
EncodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
FindNextFileW
GetSystemTimeAsFileTime
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

oleaut32

VariantClear
SysFreeString
SysAllocString
SysAllocStringByteLen

advapi32

SetServiceStatus
GetUserNameW
RegisterServiceCtrlHandlerW

shell32

SHGetDesktopFolder
SHChangeNotify
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
StringFromGUID2
CoCreateGuid

shlwapi

PathFileExistsW
PathIsDirectoryW
PathIsDirectoryEmptyW
StrStrIW
PathFindExtensionW

ssleay32

ord142
ord21
ord225
ord83
ord141
ord12
ord170
ord74
ord43
ord183
ord48
ord75
ord8
ord42
ord96
ord59
ord78
ord108
ord61
ord58
ord15
ord6

libeay32

ord254
ord2604
ord67
ord52
ord109
ord87
ord78
ord57
ord223
ord227
ord80
ord89
ord467
ord95

rpcrt4

UuidToStringW
RpcStringFreeW

gdiplus

GdipDrawImageRectI
GdipGraphicsClear
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCloneBitmapAreaI
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipDeleteGraphics

ws2_32

setsockopt
select
WSAGetLastError

mscoree

_CorExeMain

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b2554e6be92dc1111f2376619da2077

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

msvcp100

kernel32

oleaut32

advapi32

shell32

ole32

shlwapi

ssleay32

libeay32

rpcrt4

gdiplus

ws2_32

mscoree

Sections

.text Size: 470KB - Virtual size: 469KB

.rdata Size: 620KB - Virtual size: 619KB

.data Size: 4KB - Virtual size: 562KB

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 470KB - Virtual size: 469KB

.rdata
Size: 620KB - Virtual size: 619KB

.data
Size: 4KB - Virtual size: 562KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 12KB - Virtual size: 11KB