23b89751bd6d72e20c2c1387b5e2d49f2f74d9da94f403650fb111a90dba2936_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

23b89751bd6d72e20c2c1387b5e2d49f2f74d9da94f403650fb111a90dba2936_NeikiAnalytics.exe
Size

2.8MB
MD5

94d362f775b94073e77de532a1a7cfe0
SHA1

cecf812f5af16442ae2c77c00d5852288d429b3c
SHA256

23b89751bd6d72e20c2c1387b5e2d49f2f74d9da94f403650fb111a90dba2936
SHA512

65e9d42bfd810d14dab583bb2fe0eef2ad61c3c745612e2dc220aa419678576fcc5a3a2703bba753c3586ef6e4dc199e14e61f08dfeeecbd89cec20d8e216299
SSDEEP

49152:ZGtlq7nVwASOmIIU6iwN2dPY60pPb2GNMv3Sy4VPadGLE+gpKBTKtqpmPHH6:W3+kNRfBTKtgIH6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23b89751bd6d72e20c2c1387b5e2d49f2f74d9da94f403650fb111a90dba2936_NeikiAnalytics.exe

Files

23b89751bd6d72e20c2c1387b5e2d49f2f74d9da94f403650fb111a90dba2936_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

c9bcaa0b692e844d958e682df047ceb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MapViewOfFile
CreateEventA
OpenFileMappingA
DeleteCriticalSection
SetEvent
UnmapViewOfFile
WaitForSingleObject
InitializeCriticalSection
SetLastError
FormatMessageW
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
SetErrorMode
CloseHandle
TlsAlloc
TlsGetValue
ReleaseSRWLockExclusive
TlsSetValue
TlsFree
GetLastError
CreateMutexA
AcquireSRWLockExclusive
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTime
SystemTimeToFileTime
FindClose
FindFirstFileW
FindNextFileW
GetCurrentProcessId
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent

assimcore

?mp_new_cond_block@@YAPEAU__cond_str@@XZ
?as_utf8_fopen@@YAPEAU_iobuf@@PEBD0@Z
?mp_cond_signal@@YAXPEAU__cond_str@@@Z
?mp_getclockfrequency@@YANXZ
?file_delete@@YAHPEBD@Z
?mp_get_mutex@@YAHPEAU__mutex_str@@@Z
??0date@@QEAA@XZ
?mp_release_mutex@@YAHPEAU__mutex_str@@@Z
?mp_delete_mutex@@YAXPEAU__mutex_str@@@Z
?mp_new_mutex@@YAPEAU__mutex_str@@HI@Z
?mp_getclock@@YANXZ
?file_exists@@YAHPEBD@Z
msgerror
?as_XXH64_update@@YAHPEAUXXH64_state_s@@PEBX_K@Z
?as_XXH64_reset@@YAHPEAUXXH64_state_s@@_K@Z
?as_XXH64_freeState@@YAHPEAUXXH64_state_s@@@Z
?file_size@@YA_JPEBD@Z
?as_md5_finish@@YAXPEAUmd5_state_s@@QEAE@Z
?as_computername@@YA_NPEAD_K@Z
?as_XXH64_digest@@YA_KPEBUXXH64_state_s@@@Z
?as_XXH64_compareState@@YAHPEAUXXH64_state_s@@PEBU1@@Z
?as_SHA1Input@@YAXPEAUSHA1Context@@PEBEI@Z
?as_md5_init@@YAXPEAUmd5_state_s@@@Z
mp_join_thread
?file_get_mod_date_str@@YA_NPEBDPEADHH@Z
?as_SHA1Reset@@YAXPEAUSHA1Context@@@Z
?as_XXH64_createState@@YAPEAUXXH64_state_s@@XZ
mp_start_thread
?file_ensure_directory@@YAPEADPEBD0PEAD@Z
?as_SHA1Result@@YAHPEAUSHA1Context@@@Z
?mp_schedule_low@@YAXXZ
?as_XXH64_copyState@@YAXPEAUXXH64_state_s@@PEBU1@@Z
?file_copy@@YAHPEBD0_NAEA_KPEAVfReadBuffer@@PEAVfWriteBuffer@@P6AXPEAXPEAE_K@Z51@Z
?file_copy@@YAHPEBDPEAPEBD_NAEA_KPEAVfReadBuffer@@PEAPEAVfWriteBuffer@@P6AXPEAXPEAE_K@Z62@Z
?as_md5_append@@YAXPEAUmd5_state_s@@PEBEH@Z
?file_move@@YAHPEBD0_N@Z
?flist_findfiles@@YAPEAUdir_list@@PEBD0_NI@Z
?flist_delete@@YAXPEAUdir_list@@@Z
?LastErrorString@as_http_socket@@QEAAPEBDXZ
?GetStatusCode@as_http_socket@@QEAAHXZ
?GetHttpData@as_http_socket@@QEAAPEADPEBDW4as_http_request_type@@0H0PEA_K@Z
??1as_http_socket@@QEAA@XZ
??0as_http_socket@@QEAA@XZ
?as_pgettext@@YAPEBDPEBD0@Z
?file_get_modified_ts@@YA_KPEBD@Z
?as_closedown@@YAXXZ
?as_fast_initialize@@YA_NPEBD_N@Z
?file_backup@@YAHPEBDH@Z
?mp_timedwait@@YAH_J@Z
?mp_delete_cond_block@@YAXPEAU__cond_str@@@Z
?mp_cond_wait@@YAXPEAU__cond_str@@PEAU__mutex_str@@@Z

assimservices

??BTStamp@@QEBA_KXZ
?set@TStamp@@QEAA_NPEBD@Z
??0TStamp@@QEAA@XZ

libxml2

xmlHasProp
xmlSaveFormatFile
xmlDocGetRootElement
xmlDocDumpMemory
xmlNewChild
xmlUnlinkNode
xmlParseDoc
xmlRemoveProp
xmlSetProp
xmlTextWriterWriteFormatString
xmlTextWriterWriteString
xmlParseFile
xmlTextWriterStartDocument
xmlTextWriterStartElement
xmlNewTextWriterFilename
xmlFree
xmlTextWriterSetIndentString
xmlTextWriterWriteFormatAttribute
xmlFreeTextWriter
xmlTextWriterWriteAttribute
xmlGetProp
xmlTextWriterSetIndent
xmlFreeDoc
xmlCheckVersion
xmlTextWriterEndElement
xmlTextWriterEndDocument

ws2_32

send
WSACloseEvent
WSACreateEvent
ioctlsocket
freeaddrinfo
WSAEnumNetworkEvents
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAEventSelect
WSAStartup
WSAIoctl
WSAResetEvent
WSASetLastError
socket
WSAWaitForMultipleEvents
closesocket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError

crypt32

CertGetCertificateContextProperty
CertCloseStore
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__std_terminate
strchr
memset
__std_exception_copy
__std_exception_destroy
strrchr
_purecall
__current_exception
_CxxThrowException
memcpy
__C_specific_handler
wcsstr
memchr
memcmp
strstr
memmove

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc
_callnewh
_set_new_mode

api-ms-win-crt-string-l1-1-0

strcmp
strpbrk
isalnum
strspn
strncmp
_strdup
tolower
toupper
strncpy
_stricmp
isspace
isdigit
_strnicmp
strcspn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
_wfopen
fopen
fclose
setvbuf
_setmode
_fileno
_fseeki64
ferror
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vsprintf
_close
fgets
_open
fflush
fputc
fread
ftell
feof
fputs
fseek
fwrite
_set_fmode
__p__commode

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_localtime64
_time64
_gmtime64_s

api-ms-win-crt-convert-l1-1-0

wcstombs
atoi
strtol
strtod
strtoll
strtoul

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_errno
_c_exit
_beginthreadex
_cexit
_exit
raise
_invalid_parameter_noinfo_noreturn
__p___argv
signal
strerror_s
_initialize_onexit_table
__p___argc
_seh_filter_exe
__sys_errlist
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
__sys_nerr

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_stat64
_access
_unlink

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
pow
floor

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDecrypt

libmicrohttpd

MHD_stop_daemon

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9bcaa0b692e844d958e682df047ceb4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

assimcore

assimservices

libxml2

ws2_32

crypt32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

advapi32

libmicrohttpd

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 642KB - Virtual size: 642KB

.data Size: 23KB - Virtual size: 46KB

.pdata Size: 81KB - Virtual size: 81KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 642KB - Virtual size: 642KB

.data
Size: 23KB - Virtual size: 46KB

.pdata
Size: 81KB - Virtual size: 81KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB