714a83562c7e4db389e05ef02a72e8fea47b514d04c2efde3b2997af5b332bc1_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

714a83562c7e4db389e05ef02a72e8fea47b514d04c2efde3b2997af5b332bc1_NeikiAnalytics.exe
Size

14KB
MD5

6e9e3fb678f3554e09fe2d73d985d920
SHA1

f7ce46120392880eea79beda6629801e48079055
SHA256

714a83562c7e4db389e05ef02a72e8fea47b514d04c2efde3b2997af5b332bc1
SHA512

e8ae019d2305141e4f8ef761086ab5cf605d57373ca7e484d9aa7945627f429acf3c9f4a52587bb88f3afe6f8a9111af7d7b52c4f9093269931475ba8169a536
SSDEEP

384:09TYrwOsyr2/Nh2aaOYtB4z+W72bp/AtIB:09T3Os3NBz+42NYOB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
714a83562c7e4db389e05ef02a72e8fea47b514d04c2efde3b2997af5b332bc1_NeikiAnalytics.exe

Files

714a83562c7e4db389e05ef02a72e8fea47b514d04c2efde3b2997af5b332bc1_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

f491031f3031f18d648f0c94bc4bbe53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ob510lc

??1ObFunctionData@@UAE@XZ
?AddFnc@ObRTDI@@SAXPAVObFunctionData@@HKPBD1W4ObFncTypeSys@@W4ObFncLanguageSys@@111W4ObSystemType@@PAX@Z
?AddVar@ObRTDI@@SAXPAVObFunctionData@@HKPBD1W4eVarClass@1@1G@Z
?AddFncVar@ObRTDI@@SAXPAVObFunctionData@@PAVObVariable@@HHG@Z
?AddVarFld@ObRTDI@@SAXPAVObVariable@@PAVObRTType@@HHW4eFldUsage@1@G@Z
?AddFld@ObRTDI@@SAXPAVObFunctionData@@HKPBD1W4FldType@@W4FldPCType@@W4FldAS400Type@@W4FldSQLType@@GGGG@Z
?strGetText@ObLongFld@@UAE?AVCString@@XZ
?strGetMaskedText@ObCharFld@@UAE?AVCString@@PBD@Z
?fSetStateFromAS400@ObCharFld@@UAEHPBDIHHD@Z
?strGetAS400StateDefault@ObCharFld@@UAEPADPADAAHGHHD@Z
?PutText@ObCharFld@@UAEXPBD@Z
?strGetText@ObCharFld@@UAE?AVCString@@XZ
?Init@ObString@@AAEXHJH@Z
?PutText@ObLongFld@@UAEXPBD@Z
?strGetAS400StateDefault@ObLongFld@@UAEPADPADAAHGHHD@Z
?fSetStateFromAS400@ObLongFld@@UAEHPBDIHHD@Z
?strGetMaskedText@ObLongFld@@UAE?AVCString@@PBD@Z
?DeleteRTDIVarFldMapArray@ObVariable@@QAEXXZ
??0ObCharFld@@QAE@JHHGPBD000G@Z
??0ObFunctionData@@QAE@QAVObFncParameter@@QAVObLocalVariable@@PBD22II@Z
?IsValid@ObFunctionData@@SAHQAV1@IIPBDI@Z
?Entry@ObFunctionData@@QAEHXZ
??0ObFncDataHandler@@QAE@QAVObFunctionData@@@Z
??4ObCharFld@@QAEABV0@ABV0@@Z
?Call@ObCallMgr@@SAXQAVObFunctionData@@QAVObParamVariable@@1HPBD2@Z
??4ObLongFld@@QAEABV0@ABV0@@Z
??0ObCharFld@@QAE@PBDG@Z
?SetEmpty@ObLongFld@@QAEXXZ
??1ObFncDataHandler@@QAE@XZ

mfc42

ord1168
ord823
ord825
ord800
ord540
ord1182

msvcrt

free
_initterm
malloc
_adjust_fdiv
_purecall
memset

Exports

Exports

BWWBVSTP
ObGetVersionInfo
ObIsPlexFunction

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f491031f3031f18d648f0c94bc4bbe53

Headers

File Characteristics

Imports

ob510lc

mfc42

msvcrt

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 540B

.reloc Size: 1024B - Virtual size: 924B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 540B

.reloc
Size: 1024B - Virtual size: 924B