59e665e297c93baec2fcfc5cc1a1148f8d861e2702d57b6f422d3c1c0c712281_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

59e665e297c93baec2fcfc5cc1a1148f8d861e2702d57b6f422d3c1c0c712281_NeikiAnalytics.exe
Size

324KB
MD5

0f1d6dff5f28aca651a9e9ae5e62a3b0
SHA1

311b9bb5a2f24c846adad5cb20833d986e81c343
SHA256

59e665e297c93baec2fcfc5cc1a1148f8d861e2702d57b6f422d3c1c0c712281
SHA512

77851b318c918dcdd79c7e555a0e4ef81a41c6b026f8b9e96f46c7ebfd58c9994c2b3d5ce5313c421eee00f05eda47b325222f3cb6e5891e7829d8b7d00f4125
SSDEEP

6144:tXt/OLKUpS329hn9UcEkH6K/8SuNLRx0sYxx3hqoti470r81:tXJOLKUm69FEQ6K7kz0VxP5tje81

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59e665e297c93baec2fcfc5cc1a1148f8d861e2702d57b6f422d3c1c0c712281_NeikiAnalytics.exe

Files

59e665e297c93baec2fcfc5cc1a1148f8d861e2702d57b6f422d3c1c0c712281_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

6fc03d798b3d666b1ab5cbfc367a2ea9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libxml2

xmlGetLastError
xmlDocGetRootElement
xmlReadFile
xmlResetLastError
xmlReadMemory
xmlUTF8Strlen
xmlFreeDoc
xmlResetError
xmlUTF8Strsize

libeay32

ord479
ord477
ord341
ord342
ord340

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
lstrlenW
LocalFree
GetLastError
FormatMessageA
FormatMessageW
CloseHandle
CreateFileW
SetFilePointer
SetLastError
ReadFile
WriteFile
SetEndOfFile
GetFileSize
CreateEventA
WaitForMultipleObjectsEx
SetEvent
ResetEvent
CreateMutexA
ReleaseMutex
GetFileAttributesExW
GetSystemTimeAsFileTime

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

msvcp71

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?_Nomemory@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@IAEX_NI@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

msvcr71

towlower
?terminate@@YAXXZ
__security_error_handler
_except_handler3
__CppXcptFilter
_adjust_fdiv
_initterm
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
malloc
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
_purecall
??_V@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memmove
_wstat
setlocale
strerror
_wmkdir
sprintf
tolower
towupper
wcslen
mbtowc
__mb_cur_max
wctomb
_errno
_stati64
_wstati64

Exports

Exports

execute
get_result
initialize

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fc03d798b3d666b1ab5cbfc367a2ea9

Headers

File Characteristics

Imports

libxml2

libeay32

kernel32

advapi32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 237KB - Virtual size: 237KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 2KB - Virtual size: 2KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 237KB - Virtual size: 237KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 2KB - Virtual size: 2KB

.reloc
Size: 26KB - Virtual size: 25KB