4df3fa509366968418bf447ed4194a10e60839e99cc956b53eb1c7ac3dd8d4f7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4df3fa509366968418bf447ed4194a10e60839e99cc956b53eb1c7ac3dd8d4f7_NeikiAnalytics.exe
Size

2.0MB
MD5

699b0d81e50bb4ffbcfdf4a77c256c60
SHA1

1b1833c56a99a7a6c56f1828dec84a8e2c854566
SHA256

4df3fa509366968418bf447ed4194a10e60839e99cc956b53eb1c7ac3dd8d4f7
SHA512

ea7df6d8b7c03728b703792ead815ae45f531bb38a1cd10f72b83a9e07057b68437b1297e498ef5cc601c37a64422f9c2cdffcd9024565cfb4718972d6a84104
SSDEEP

49152:omFjcSvX6ilhf2rwai8K8uBg1mLEOSQbo+deWKVAeRR+HH8:osjcu6igcvg1m4Oe+dzK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4df3fa509366968418bf447ed4194a10e60839e99cc956b53eb1c7ac3dd8d4f7_NeikiAnalytics.exe

Files

4df3fa509366968418bf447ed4194a10e60839e99cc956b53eb1c7ac3dd8d4f7_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

674e721d12d3da5e0c9c3453116b92b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_except_handler3
_CIsin
_CIcos
_CIsqrt
fwrite
fread
fseek
ftell
_findclose
_findnext64i32
_findfirst64i32
strncpy
_makepath
_splitpath
_CIatan
_CIfmod
_CItan
floor
_CIlog
_CIcosh
_CIsinh
_CIpow
ceil
_CIacos
ferror
_CIasin
strrchr
malloc
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy
memmove
isalnum
??0exception@std@@QAE@ABV01@@Z
wcstombs
mbstowcs
_stricmp
_itoa
bsearch
fputs
freopen
__iob_func
abort
vsprintf
calloc
realloc
toupper
fgetc
_CIexp
strerror
_errno
isspace
_getcwd
getenv
_controlfp
rand
srand
_gmtime64
_time64
_difftime64
_localtime64
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_CxxThrowException
setlocale
clock
sscanf
fprintf
fclose
strchr
qsort
atoi
sprintf
fopen
localeconv
_access
strncat
_getdrive
_chdrive
_mkdir
_strnicmp
_chdir
_strdup
_finite
_strlwr
_wcsnicmp
memchr
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_gcvt
_CItanh
_CIlog10
_mbsnbcpy
_mbsnbicmp
atol
_unlink
_strupr
_lfind
_getpid
vfprintf
strtol
_mbsupr
_beginthreadex
mbtowc
_pctype
_isctype
__mb_cur_max
wcslen
fgetpos
strcpy
strlen
_time32
_ctime32
feof
strtok
fgets
atof
memset
??2@YAPAXI@Z
strncmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_purecall
strstr
__CxxFrameHandler3
sprintf_s
_CIatan2
??3@YAXPAX@Z

zwcad.exe

?zcedGetZcadWinApp@@YAPAVCWinApp@@XZ
zds_get_tile
zcedZrxUnload
zcedRetT
zcedGetArgs
zcedAlert
zcedGetPoint
zcedPrompt
zcedSSFree
zcedSSName
zcedSSLength
zcedSSGet
zcdbEntGet
zds_set_tile
zds_mode_tile
zds_end_list
zds_add_list
zds_start_list
zds_end_image
zds_slide_image
zds_start_image
zds_dimensions_tile
zds_fill_image
zds_start_dialog
zds_client_data_tile
zds_action_tile
zcedEntSel
zcedRetStr
zcedDefun
zcedUndef
zcedGetAppName
zcedCommand
zcedIsMenuGroupLoaded
zcedMenuCmd
zcedGetFunCode
zcdbEntMake
zcedTrans
?zcedRestoreStatusBar@@YAXXZ
?zcedSetStatusBarProgressMeter@@YAHPBDHH@Z
?zcedSetStatusBarProgressMeterPos@@YAHH@Z
zcedSetVar
zcedGetVar
zcedGetKword
zcedGetReal
zcedGetString
zdsw_zcadMainWnd
zcdbEntGetX
zcdbEntMod
zds_new_positioned_dialog
zds_done_positioned_dialog
zds_load_dialog
zds_unload_dialog
zcedGetInput
zcdbTblSearch
zcdbRegApp
zcedZrxLoaded
zcdbTblNext
zcedSetColorDialog
zcedZrxLoad
zcedInvoke
zcdbInters
zcedRetNil
zcedFindFile
?zcedGetZcadDwgView@@YAPAVCView@@XZ
zcedXformSS
zcedSSAdd
zcedDragGen
zcedInitGet
zcdbEntLast
zcdbEntNext
zcdbEntDel
zcedUsrBrk
?zcDocManagerPtr@@YAPAVZcApDocManager@@XZ
zds_vector_image
zcedRetVoid
zds_term_dialog
?zcedGetZcadFrame@@YAPAVCMDIFrameWnd@@XZ

zwdatabase

ord429
ord490
ord837
ord4538
ord6019
ord478
ord425
ord428
ord6453
ord290
ord325
ord967
ord6501
ord1538
ord241
ord8305
ord397
ord426
ord150
ord1020
ord7967
ord8000
ord281
ord588
ord530
ord342
ord356
ord651
ord974
ord1189
ord1203
ord946
ord543
ord541
ord538
ord535
ord805
ord5958
ord581
ord653
ord611
ord580
ord259
ord943
ord158
ord75
ord74
ord1713
ord221
ord4796
ord5831
ord4908
ord4909
ord5727
ord5728
ord5729
ord29
ord26
ord5058
ord6296
ord2
ord8521
ord3917
ord8520
ord8519
ord8518
ord8517
ord540
ord534
ord8333
ord542
ord537
ord4292
ord7922
ord649
ord528
ord4914
ord390
ord1092
ord589
ord1234
ord8472
ord9135
ord9126
ord9129
ord9124
ord9127
ord9133
ord9132
ord9131
ord9134
ord156
ord243
ord586
ord551
ord368
ord890
ord1183
ord1178
ord546
ord891
ord1179
ord889
ord1812
ord1332
ord5247
ord5350
ord4693
ord4235
ord4191
ord4471
ord4203
ord4543
ord4259
ord4260
ord4612
ord4613
ord4099
ord4448
ord4568
ord4426
ord4434
ord4644
ord4661
ord4660
ord3839
ord3938
ord222
ord340
ord3916
ord964
ord1699
ord4730
ord3274
ord4420
ord1102
ord237
ord238
ord239
ord24
ord12
ord48
ord1230
ord149
ord226
ord439
ord8973
ord933
ord348
ord27
ord166
ord5430
ord153
ord892
ord225
ord1082
ord941
ord5738
ord839
ord523
ord354
ord8496
ord232
ord310
ord155
ord389
ord407
ord59
ord28
ord945
ord1188
ord721
ord670
ord973
ord650
ord1000
ord1091
ord1085
ord1086
ord1088
ord1089
ord1093
ord347
ord355
ord784
ord1206
ord1050
ord341
ord321
ord917
ord913
ord1217
ord415
ord1197
ord370
ord406
ord558
ord646
ord848
ord791
ord1090
ord795
ord794
ord1157
ord912
ord838
ord793
ord615
ord614
ord414
ord529
ord587
ord7002
ord5985
ord5986
ord5987
ord955
ord957
ord1037
ord1007
ord1006
ord982
ord981
ord984
ord983
ord7308
ord7307
ord4395
ord7312
ord986
ord1045
ord987
ord3014
ord2956
ord6464
ord5916
ord7497
ord4213
ord2622
ord3189
ord4705
ord8043
ord4332
ord5606
ord4709
ord629
ord630
ord601
ord664
ord1158
ord1087
ord617
ord618
ord616
ord600
ord796
ord627
ord797
ord677
ord676
ord1144
ord9307
ord638

mfc100

ord7265
ord320
ord2076
ord2892
ord1331
ord781
ord310
ord782
ord1322
ord744
ord745
ord1342
ord2084
ord11447
ord901
ord1982
ord3406
ord2063
ord2067
ord2050
ord1948
ord408
ord1929

kernel32

GetExitCodeThread
TerminateThread
WaitForMultipleObjects
SetEvent
OpenEventA
FlushViewOfFile
GetTempPathA
OpenFileMappingA
CreateEventA
ReleaseMutex
GetVersion
GetSystemDirectoryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpA
GetFileSize
GetLocaleInfoA
GetWindowsDirectoryA
lstrlenW
MulDiv
GetProfileStringA
GetDateFormatA
CreateProcessA
GetModuleHandleA
GetModuleFileNameA
GlobalAlloc
GlobalLock
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpyA
GlobalUnlock
GlobalFree
WideCharToMultiByte
GetVersionExA
GetStdHandle
AllocConsole
CreateFileA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
CreateMutexA
GetLastError
MultiByteToWideChar
InterlockedDecrement
WinExec
CloseHandle
WaitForSingleObject
SetDllDirectoryA
LoadLibraryExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
FormatMessageA
lstrlenA
LocalAlloc
LocalFree
RaiseException
GetPrivateProfileIntA
GetPrivateProfileStringA
QueryDosDeviceA
DefineDosDeviceA
DeviceIoControl
VerSetConditionMask
VerifyVersionInfoA
ResetEvent

user32

RegisterWindowMessageA
CreateDialogParamA
GetDlgItem
DestroyWindow
SetWindowTextA
EnableWindow
FillRect
GetActiveWindow
GetKeyState
GetSystemMetrics
EnumDisplayMonitors
GetMonitorInfoA
wsprintfA
MessageBoxA
SetForegroundWindow
FindWindowA

gdi32

StartDocA
CreatePen
CreateSolidBrush
Rectangle
SaveDC
SetTextAlign
GetTextExtentPoint32A
RestoreDC
TextOutA
MoveToEx
DeleteObject
CreateDCA
GetStockObject
StartPage
SetMapMode
SelectClipRgn
EndPage
AbortDoc
EndDoc
GetDeviceCaps
CreateFontA
SetBkMode
SelectObject
DeleteDC
GetTextMetricsA

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA

winspool.drv

ClosePrinter
GetPrinterA
OpenPrinterA

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
GetUserNameA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

ole32

CoUninitialize
CoCreateInstance
OleRun
CoInitialize
CLSIDFromProgID

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
VarBstrCat
CreateErrorInfo
VariantChangeType
VariantInit
SysAllocString

editarmaterial_dll

MostrarListado
MostrarDialogo

msvcp100

?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1_Locinfo@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1facet@locale@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_BADOFF@std@@3_JB
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
_Getcvt
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0facet@locale@std@@IAE@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0_Locinfo@std@@QAE@PBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??1_Lockit@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Id_cnt@id@locale@std@@0HA
??0_Lockit@std@@QAE@H@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??0_Locimp@locale@std@@AAE@ABV012@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?classic@locale@std@@SAABV12@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z

ws2_32

closesocket
getsockname
bind
WSAGetLastError
send
connect
sendto
gethostname
WSAStartup
recv
getpeername

zwgeometry

??0ZcGeLine3d@@QAE@ABVZcGePoint3d@@ABVZcGeVector3d@@@Z
??0ZcGeLine3d@@QAE@ABVZcGePoint3d@@0@Z
?closestPointTo@ZcGeCurve3d@@QBE?AVZcGePoint3d@@ABV1@AAV2@ABVZcGeTol@@@Z
?distanceTo@ZcGeCurve3d@@QBENABVZcGePoint3d@@ABVZcGeTol@@@Z
??1ZcGeEntity3d@@QAE@XZ
??1ZcGeLine3d@@QAE@XZ
?normalize@ZcGeVector3d@@QAEAAV1@ABVZcGeTol@@@Z
?perpVector@ZcGeVector3d@@QBE?AV1@XZ
?intersectWith@ZcGeLinearEnt2d@@QBEHABV1@AAVZcGePoint2d@@ABVZcGeTol@@@Z
??0ZcGeLineSeg2d@@QAE@ABVZcGePoint2d@@0@Z
?distanceTo@ZcGeCurve2d@@QBENABVZcGePoint2d@@ABVZcGeTol@@@Z
?closestPointTo@ZcGeCurve2d@@QBE?AVZcGePoint2d@@ABV2@ABVZcGeTol@@@Z
??1ZcGeEntity2d@@QAE@XZ
??1ZcGeLineSeg2d@@QAE@XZ
??0ZcGePoint2d@@QAE@XZ
?distanceTo@ZcGePoint2d@@QBENABV1@@Z
?crossProduct@ZcGeVector3d@@QBE?AV1@ABV1@@Z
?gTol@ZcGeContext@@2VZcGeTol@@A
?isZeroLength@ZcGeVector3d@@QBEHABVZcGeTol@@@Z
??0ZcGePoint3d@@QAE@XZ
?normal@ZcGeVector3d@@QBE?AV1@ABVZcGeTol@@@Z

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

674e721d12d3da5e0c9c3453116b92b6

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

zwcad.exe

zwdatabase

mfc100

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

editarmaterial_dll

msvcp100

ws2_32

zwgeometry

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 249KB - Virtual size: 248KB

.data Size: 35KB - Virtual size: 92KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 200KB - Virtual size: 199KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 249KB - Virtual size: 248KB

.data
Size: 35KB - Virtual size: 92KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 200KB - Virtual size: 199KB