Static task
static1
Behavioral task
behavioral1
Sample
3140e31e3274efa2028dae6818f6c7e2d632952031bf84b1a5b5002de9103569_NeikiAnalytics.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
3140e31e3274efa2028dae6818f6c7e2d632952031bf84b1a5b5002de9103569_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
3140e31e3274efa2028dae6818f6c7e2d632952031bf84b1a5b5002de9103569_NeikiAnalytics.exe
-
Size
1.3MB
-
MD5
a5d2864c08ca876c26301736795139f0
-
SHA1
8eb02985e321ad1c668949e61436b59ee4edf4b3
-
SHA256
3140e31e3274efa2028dae6818f6c7e2d632952031bf84b1a5b5002de9103569
-
SHA512
48b7021b49dc83ee0f683a16dbc53b34d1c760986219b9a9175c888b244c69bff55d557b4df3594bf7eba08b67b87c1036db420af973b9d1f0313c5cdd5a5ec5
-
SSDEEP
12288:nclLOM3ijf7BVNmgfUQr4N9O2xaor9GAba5GBwT6d/izXzHmTm18GQPl/C:nKOMQf7BVN9j4jsjGk6dsXbOm18Gela
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3140e31e3274efa2028dae6818f6c7e2d632952031bf84b1a5b5002de9103569_NeikiAnalytics.exe
Files
-
3140e31e3274efa2028dae6818f6c7e2d632952031bf84b1a5b5002de9103569_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
35a7b27d0bd90cb94b8b67f29a70bc03
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
rpcrt4
RpcStringFreeA
UuidCreate
UuidToStringA
kernel32
MultiByteToWideChar
GetLastError
GetVersion
GetEnvironmentVariableA
GetModuleFileNameA
GetCurrentDirectoryA
CreateDirectoryA
SetLastError
CompareFileTime
GetFileAttributesExA
MoveFileExA
MoveFileA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
LocalFree
FormatMessageA
WaitForSingleObject
GetExitCodeProcess
ReadFile
Sleep
CreateProcessA
GetStartupInfoA
CloseHandle
CreatePipe
GetVersionExA
GetCurrentProcess
GetStdHandle
GetFileInformationByHandle
CreateFileA
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetShortPathNameA
GetFullPathNameA
ReleaseSemaphore
WriteFile
GetSystemTimeAsFileTime
GetModuleHandleA
TerminateProcess
OpenProcess
GetHandleInformation
SetCurrentDirectoryA
SetEvent
ResumeThread
ResetEvent
WaitForMultipleObjects
CreateThread
CreateEventA
CreateSemaphoreA
GetCurrentProcessId
GetTempPathA
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
DuplicateHandle
user32
LoadIconA
MessageBoxA
DispatchMessageA
PeekMessageA
GetSystemMetrics
SetCursor
LoadCursorA
GetKeyState
GetWindowTextA
GetDlgItem
SetWindowLongA
CreateWindowExA
ScreenToClient
ShowWindow
SetWindowTextA
InvalidateRect
EndDialog
CopyRect
DrawEdge
SendMessageA
EnableWindow
CreatePopupMenu
GetCapture
SetCapture
ClipCursor
ReleaseCapture
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
AppendMenuA
SetFocus
DrawIcon
advapi32
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetMalloc
ole32
CoInitialize
CoCreateInstance
mfc71
ord5233
ord5235
ord5124
ord334
ord593
ord3255
ord4081
ord385
ord5563
ord5529
ord3997
ord3056
ord2021
ord3088
ord630
ord907
ord330
ord589
ord3761
ord2271
ord4108
ord3990
ord6144
ord5976
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord4123
ord5059
ord5833
ord1728
ord347
ord1279
ord2264
ord5731
ord1966
ord602
ord620
ord4541
ord3683
ord764
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord757
ord762
ord2020
ord5119
ord1054
ord3641
ord5182
ord4212
ord4735
ord4890
ord4580
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4486
ord4262
ord3182
ord578
ord605
ord784
ord310
ord354
ord1892
ord2095
ord1591
ord5915
ord1402
ord4240
ord5214
ord2991
ord3317
ord572
ord741
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord1792
ord1794
ord6236
ord1084
ord2371
ord1903
ord2086
ord1545
ord4232
ord3164
ord587
ord1063
ord266
ord2657
ord5807
ord265
ord1793
ord4749
ord709
ord501
ord760
ord5403
ord2468
ord6065
ord6280
ord6282
ord5613
ord4104
ord297
ord1489
ord299
ord2933
ord1482
ord2899
ord1123
ord781
ord5491
ord911
ord2164
ord4109
ord865
ord6067
ord4035
ord6090
ord3684
ord3337
ord304
ord6120
ord3339
ord2322
ord3210
ord1934
ord3204
ord1207
ord4001
ord4100
ord2094
ord3244
ord1955
ord1283
ord4125
ord2372
ord1397
ord6266
ord1933
ord1484
ord1570
ord4237
ord3229
ord657
ord1554
ord3195
msvcr71
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
?terminate@@YAXXZ
_controlfp
_XcptFilter
_exit
_c_exit
_onexit
_setmbcp
__dllonexit
memset
calloc
_fdopen
ftell
fputc
fwrite
strcspn
strchr
printf
_unlink
_findfirst
_findnext
_findclose
localtime
strftime
_chdir
_getcwd
_rmdir
_mkdir
_isatty
realloc
exit
tolower
_fstat
_open_osfhandle
_stricmp
strncat
_snprintf
strstr
signal
_purecall
isalpha
fread
atof
sscanf
isspace
strncpy
toupper
strerror
_errno
abort
time
fopen
fclose
_iob
fprintf
atoi
getenv
strncmp
memmove
_access
sprintf
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_except_handler3
free
malloc
_write
_close
_chmod
_fileno
_read
_stat
_open
_putenv
_strdup
??1type_info@@UAE@XZ
msvcp71
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@Vconst_iterator@01@0@Z
?_Register@facet@locale@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
Sections
.text Size: 1000KB - Virtual size: 1000KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 312KB - Virtual size: 310KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE