4536c35fa44ab647d6c283ff0fd46817bd4eee7aa39ca8238b84fc18ba12b430_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4536c35fa44ab647d6c283ff0fd46817bd4eee7aa39ca8238b84fc18ba12b430_NeikiAnalytics.exe
Size

276KB
MD5

64d100e437efb409f45170627b3bed20
SHA1

c5d64e9fc45ae2fd61d5d8ed1538226f4c485fa1
SHA256

4536c35fa44ab647d6c283ff0fd46817bd4eee7aa39ca8238b84fc18ba12b430
SHA512

b8a18ff0eb75bd20bad57a30629a9304f735cae03eb290cdf6ff4d899be33f34e5bc457a284ab17e65a416e17870b8bb5453e1970de305ffce264120c62a57c9
SSDEEP

3072:CG/mHzbDyJUXYutrGTU3sVGvRv2joJG4vzPq7MXIMtmGU9iNOP07JgAEPgu:CGd2XYcqT+sVGpA5yLexMtm+NO4EP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4536c35fa44ab647d6c283ff0fd46817bd4eee7aa39ca8238b84fc18ba12b430_NeikiAnalytics.exe

Files

4536c35fa44ab647d6c283ff0fd46817bd4eee7aa39ca8238b84fc18ba12b430_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

5abcfab86942cf584e80336a42052595

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\_pgms\SAAC\playercomm\Debug\playercomm.pdb

Imports

mfc80d

ord3292
ord3304
ord3281
ord3297
ord3302
ord3285
ord3287
ord3289
ord3283
ord3299
ord3279
ord1189
ord1185
ord1187
ord1183
ord1178
ord7056
ord7058
ord8200
ord2164
ord5969
ord6463
ord4783
ord1813
ord3005
ord7007
ord5864
ord8672
ord6849
ord2519
ord6952
ord5930
ord1927
ord5507
ord2187
ord2190
ord8123
ord9163
ord2111
ord2112
ord2255
ord2256
ord2657
ord6286
ord6646
ord6476
ord5892
ord6983
ord714
ord2645
ord5641
ord1423
ord7997
ord1652
ord3274
ord5660
ord4785
ord6720
ord6490
ord832
ord2736
ord3477
ord7668
ord4654
ord573
ord5510
ord1569
ord1565
ord1563
ord303
ord1157
ord1153
ord3200
ord3350
ord4077
ord7554
ord1070
ord5594
ord2041
ord8472
ord305
ord9142
ord929
ord2529
ord3124
ord1154
ord1213
ord646
ord898
ord3359
ord4724
ord267
ord1986
ord3834
ord3142
ord742
ord3132
ord5341
ord1363
ord422
ord1447
ord2034
ord893
ord7734
ord5766
ord7520
ord1589
ord3276
ord3294
ord3013
ord3003
ord2075
ord8676
ord5288
ord8674
ord4663
ord6738
ord1875
ord6976
ord2591
ord2233
ord2232
ord2163
ord7004
ord4007
ord6187
ord5949
ord2795
ord1680
ord4495
ord386
ord5053
ord1165
ord5319
ord1492
ord1403
ord8233
ord316
ord674
ord926
ord1095
ord310
ord888
ord908
ord5663
ord5621
ord8675
ord1442
ord5287
ord8673
ord6017
ord2700
ord2655
ord7576
ord5295
ord1346
ord6881
ord8607
ord7282
ord5321
ord2533
ord4122
ord7040
ord7042
ord3091
ord5511
ord6274
ord7052
ord7017
ord7559
ord3516
ord3811
ord3980
ord5998
ord3788
ord3983
ord3519
ord3692
ord3511
ord5159
ord5160
ord5150
ord3690
ord5514
ord6182
ord5948
ord2902
ord1768
ord7691
ord4646
ord662
ord6245
ord5095
ord5477
ord901

msvcr80d

sscanf
strtol
_setmbcp
memmove_s
strtok
memcmp
_localtime64_s
_gmtime64_s
strcat
sprintf
strcpy
_difftime64
_localtime64
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
strlen
_recalloc
calloc
_mkdir
strcmp
free
malloc
wcscpy_s
wcslen
_CrtDbgReportW
_resetstkoflw
memset
memcpy
atoi
__CxxFrameHandler3
_invalid_parameter
_invoke_watson
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
_CRT_RTC_INITW
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_configthreadlocale
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
_ismbblead
_acmdln
_CrtSetCheckCount
_initterm
_initterm_e
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_wcsicmp
_mktime64
_time64
strcpy_s
wcsncpy_s
_vsnprintf
_snprintf_s
_errno
_CrtDbgReport
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
__setusermatherr

kernel32

FormatMessageA
LocalFree
GetLastError
lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetEnvironmentVariableW
GetPrivateProfileIntA
Sleep
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
GetModuleFileNameA
GetModuleHandleA
GetLocalTime
GetCurrentDirectoryA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedCompareExchange
GetStartupInfoA
RaiseException
DebugBreak
IsDebuggerPresent
GetProcAddress
LoadLibraryA
CloseHandle
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
InitializeCriticalSection
GetComputerNameA
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
MulDiv
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetFileSize
CreateFileA
TerminateProcess
FindFirstFileA
FindClose

user32

CharLowerW
CharLowerA
CharUpperW
CharUpperA
SubtractRect
UnionRect
IntersectRect
GetSystemMetrics
InflateRect
EqualRect
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
CopyRect
OffsetRect

comdlg32

GetOpenFileNameA

shell32

SHFileOperationA

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

ws2_32

recv
WSAGetLastError
gethostname
accept
listen
closesocket
bind
htons
WSACleanup
socket
select
ioctlsocket
setsockopt
connect
inet_addr
WSAStartup
inet_ntoa
gethostbyname
send

msvcp80d

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?max_size@?$allocator@D@std@@QBEIXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
??0_Container_base@std@@QAE@XZ
??0?$allocator@D@std@@QAE@ABV01@@Z
?_Orphan_all@_Container_base@std@@QBEXXZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??1_Container_base@std@@QAE@XZ
??0?$allocator@D@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_Has_debug_it@01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5abcfab86942cf584e80336a42052595

Headers

File Characteristics

PDB Paths

Imports

mfc80d

msvcr80d

kernel32

user32

comdlg32

shell32

comctl32

oleaut32

ws2_32

msvcp80d

version

advapi32

Sections

.textbss Size: - Virtual size: 75KB

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 16KB - Virtual size: 13KB

.rsrc Size: 32KB - Virtual size: 29KB

.textbss
Size: - Virtual size: 75KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 32KB - Virtual size: 29KB