30cf32c6a168876e1089260512aca01a8cba588ba933bb472e72f11a89561223_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

30cf32c6a168876e1089260512aca01a8cba588ba933bb472e72f11a89561223_NeikiAnalytics.exe
Size

367KB
MD5

31f19ca44e48217fd0a50e7ec7a4f8a0
SHA1

9aa8cfb66c653d21a51c35a43ef4277b9beaa188
SHA256

30cf32c6a168876e1089260512aca01a8cba588ba933bb472e72f11a89561223
SHA512

dd07167cac049f1edd659f35881f1e429547587fc4a080107256a28d64d827da21709f908b69893a408d7a8fde62e14148879c54afe2e60b8dd5e54d01a768b5
SSDEEP

6144:JX39TRXc/mHc7cJibzNdRIFD6e6IeYH9WEOm9bG6ssAuP8vp+:NCx7cJiHfq6I3H7yk9P8Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30cf32c6a168876e1089260512aca01a8cba588ba933bb472e72f11a89561223_NeikiAnalytics.exe

Files

30cf32c6a168876e1089260512aca01a8cba588ba933bb472e72f11a89561223_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

043ec571730b08dfb2468fd28a1f319b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\QQPhotoDraw_New\trunk\BinEx\TestSpeed.pdb

Imports

kernel32

WaitForSingleObject
Sleep
CreateEventW
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSection
DeleteCriticalSection
GetLocalTime
CreateTimerQueueTimer
DeleteTimerQueueTimer
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
ReleaseMutex
GetModuleFileNameW
CreateMutexW
GlobalAlloc
GetLastError
FindNextFileW
FindFirstFileW
GetFileAttributesExW
CompareFileTime
DeleteFileW
GetCurrentThreadId
OutputDebugStringW
InterlockedDecrement
CloseHandle
ReleaseSemaphore
CreateSemaphoreW
CreateThread
GetProcessHeap
HeapFree
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

shell32

ShellExecuteW

oleaut32

SysAllocString
VariantClear
SysFreeString

msvcr80

_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strrchr
wcsstr
swprintf_s
setlocale
wcstombs
printf
mbstowcs
__RTDynamicCast
atoi
_vsnprintf_s
realloc
_wfopen
fseek
_waccess
ftell
fread
fwrite
_wremove
malloc
free
memmove_s
_purecall
memset
_CxxThrowException
__CxxFrameHandler3
__iob_func
atol
fclose
atof
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
sprintf_s
memcpy

msvcp80

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBGHH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0strstreambuf@std@@QAE@H@Z
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
??1strstreambuf@std@@UAE@XZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

ws2_32

inet_addr
socket
__WSAFDIsSet
ioctlsocket
inet_ntoa
WSAGetLastError
htons
shutdown
WSAStartup
connect
gethostname
WSACleanup
closesocket
getsockname
send
select
gethostbyname
ntohs
ntohl
htonl
recv

iphlpapi

GetNetworkParams

winmm

timeGetTime

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

043ec571730b08dfb2468fd28a1f319b

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

oleaut32

msvcr80

msvcp80

ws2_32

iphlpapi

winmm

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 76KB - Virtual size: 76KB