6e6191b04b45d3e438f1e4854d40609567aa1f8eacae233d793ca88bf2805179_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6e6191b04b45d3e438f1e4854d40609567aa1f8eacae233d793ca88bf2805179_NeikiAnalytics.exe
Size

688KB
MD5

f1076b9779309b0218e2d49f40c8dfc0
SHA1

0e6957632756a72f60be182ed88d5c2351f7538d
SHA256

6e6191b04b45d3e438f1e4854d40609567aa1f8eacae233d793ca88bf2805179
SHA512

964aef768a0e1fa701045cafb72d1d045687aaf1308418514651d36953a231696cef71c44fdbc356d3bece1ac7acb40b72ac962bf4f5d74122918c60a2b14143
SSDEEP

12288:TLgTGo4DJh6CWMipDH6C/6tWE/Lldw5SEAirYkL3Z161T5igxf55:oJ4l8hMa6C/6tVlqHL33Yf55

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e6191b04b45d3e438f1e4854d40609567aa1f8eacae233d793ca88bf2805179_NeikiAnalytics.exe

Files

6e6191b04b45d3e438f1e4854d40609567aa1f8eacae233d793ca88bf2805179_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

e75aec36bdf6777fc8bbd40dcb6645ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

__mb_cur_max
wcslen
_unlink
_strupr
_spawnlp
_close
_lfind
_chdir
_strnicmp
strcpy
strlen
_time32
_ctime32
strchr
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
fseek
_setmode
setvbuf
fgets
strncpy
memset
??_U@YAPAXI@Z
atol
strtol
vfprintf
_getpid
_CIpow
_isctype
_finite
_itoa
_stricmp
??0exception@std@@QAE@XZ
strncpy_s
fwrite
_fseeki64
_ftelli64
fread
getc
??0exception@std@@QAE@ABV01@@Z
strncmp
memcpy
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
memmove
atoi
realloc
rand
_pipe
__iob_func
_fileno
_dup
_dup2
malloc
_purecall
free
_CIcos
_CIsin
_CIlog
_CItan
_CIatan
atof
floor
_strdup
_mkdir
_findfirst64i32
_CIsqrt
??2@YAPAXI@Z
??3@YAXPAX@Z
_CxxThrowException
setlocale
sscanf
sprintf
fopen
fprintf
fclose
__CxxFrameHandler3
strstr
_findclose
_chdrive
_getdrive
strncat
_makepath
_access
localeconv
_difftime64
_time64
_localtime64
_splitpath
_controlfp
_getcwd
strrchr
_errno
strerror
_pctype
_strlwr
mbstowcs
_CIexp
_CIatan2
fgetc
toupper
calloc
vsprintf
abort
freopen
_CIfmod
ceil
qsort
bsearch
feof
wcstombs
strtok

zwcad.exe

zcedGetAppName
zcdbEntGetX
zcedTrans
zds_done_positioned_dialog
zds_unload_dialog
zcedSSAdd
zcedRetNil
zcedZrxLoaded
?zcedRestoreStatusBar@@YAXXZ
?zcedSetStatusBarProgressMeter@@YAHPB_WHH@Z
?zcedSetStatusBarProgressMeterPos@@YAHH@Z
zdsw_zcadMainWnd
zds_start_dialog
zcedFindFile
zcdbTblNext
zcdbTblSearch
zcedGetArgs
zds_term_dialog
zcedGetFunCode
zcedRetVoid
zcedMenuCmd
zcedIsMenuGroupLoaded
zcedSSName
zcedSSLength
zcedSSFree
zcdbEntGet
zcdbInters
zcedGrDraw
zcedUsrBrk
zcdbEntDel
zcedInvoke
zcedAlert
zcedPrompt
zcedZrxLoad
zcedZrxUnload
zcedRetStr
zcedDefun
zcedUndef
zcedCommand
zcedGetVar
zcedSetVar
zcedEntSel
zcedSSGet
zds_get_tile
zds_set_tile
zds_client_data_tile
zds_action_tile
zds_mode_tile
zds_load_dialog
zds_new_positioned_dialog
zcedGetPoint
zcedGetCorner

zwdatabase

ord9134
ord9131
ord9132
ord9133
ord9127
ord9124
ord9129
ord9126
ord9135
ord8472
ord1234
ord243
ord222
ord3938
ord232
ord153
ord149
ord27
ord5430
ord347
ord12
ord48
ord226
ord8973
ord348
ord166
ord225
ord1082
ord941
ord839
ord523
ord397
ord155
ord389
ord407
ord59
ord28
ord945
ord1188
ord721
ord670
ord973
ord650
ord1000
ord1091
ord1085
ord1086
ord1088
ord1089
ord1093
ord1102
ord355
ord784
ord1206
ord1050
ord341
ord321
ord917
ord913
ord1217
ord415
ord1197
ord370
ord406
ord558
ord646
ord848
ord791
ord1090
ord795
ord794
ord1157
ord912
ord838
ord793
ord615
ord614
ord414
ord529
ord587
ord7002
ord5985
ord5986
ord5987
ord955
ord957
ord1037
ord1007
ord1006
ord982
ord981
ord984
ord983
ord7308
ord7307
ord4395
ord7312
ord986
ord1045
ord987
ord3014
ord2956
ord6464
ord3839
ord7497
ord4213
ord2622
ord3189
ord4705
ord8043
ord4332
ord5606
ord4709
ord629
ord630
ord601
ord664
ord1158
ord1087
ord617
ord618
ord616
ord600
ord796
ord627
ord797
ord677
ord676
ord1144
ord9307
ord638
ord933
ord589
ord1092
ord390
ord4914
ord528
ord649
ord7922
ord4292
ord537
ord542
ord8333
ord534
ord540
ord8517
ord8518
ord8519
ord8520
ord3917
ord8521
ord2
ord6296
ord5058
ord26
ord29
ord5729
ord5728
ord5727
ord4909
ord4908
ord5831
ord4796
ord221
ord1713
ord74
ord75
ord158
ord1020
ord150
ord156
ord1538
ord325
ord6501
ord967
ord290
ord6453
ord428
ord425
ord478
ord6019
ord4538
ord837
ord241
ord1775
ord3933
ord1254
ord429
ord426
ord586
ord551
ord368
ord890
ord1183
ord1178
ord546
ord891
ord1179
ord889
ord1812
ord1332
ord5247
ord5350
ord4693
ord4235
ord4191
ord4471
ord4203
ord4543
ord4259
ord4260
ord4612
ord4613
ord4099
ord4448
ord4568
ord4426
ord4434
ord4644
ord4661
ord4660
ord5916

mfc100

ord1929
ord408
ord1948
ord2050
ord266

kernel32

VirtualProtectEx
DeviceIoControl
ResetEvent
SetEvent
FlushViewOfFile
GetTempPathA
OpenFileMappingA
CreateEventA
ReleaseMutex
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcmpA
GetVersion
GetFileSize
GlobalAlloc
GlobalFree
WideCharToMultiByte
GetVersionExA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
GetStdHandle
AllocConsole
CreateFileA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
lstrlenA
LocalAlloc
LocalFree
CreateMutexA
FindClose
FindNextFileA
FindFirstFileA
FileTimeToSystemTime
GetFileAttributesExA
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
GetLastError

user32

FindWindowA
GetActiveWindow
MessageBoxA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegCreateKeyExA
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

ws2_32

closesocket
getsockname
bind
WSAGetLastError
recv
sendto
gethostname

zwgeometry

?normalize@ZcGeVector3d@@QAEAAV1@ABVZcGeTol@@@Z
?perpVector@ZcGeVector3d@@QBE?AV1@XZ
??0ZcGePoint3d@@QAE@XZ
?isZeroLength@ZcGeVector3d@@QBEHABVZcGeTol@@@Z
?gTol@ZcGeContext@@2VZcGeTol@@A
?distanceTo@ZcGePoint2d@@QBENABV1@@Z
??0ZcGePoint2d@@QAE@XZ
??1ZcGeLineSeg2d@@QAE@XZ
??1ZcGeEntity2d@@QAE@XZ
?closestPointTo@ZcGeCurve2d@@QBE?AVZcGePoint2d@@ABV2@ABVZcGeTol@@@Z
?distanceTo@ZcGeCurve2d@@QBENABVZcGePoint2d@@ABVZcGeTol@@@Z
??0ZcGeLineSeg2d@@QAE@ABVZcGePoint2d@@0@Z
?intersectWith@ZcGeLinearEnt2d@@QBEHABV1@AAVZcGePoint2d@@ABVZcGeTol@@@Z

Exports

Exports

zcrxEntryPoint
zcrxGetApiVersion

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e75aec36bdf6777fc8bbd40dcb6645ab

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

zwcad.exe

zwdatabase

mfc100

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

ws2_32

zwgeometry

Exports

Exports

Sections

.text Size: 438KB - Virtual size: 437KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 24KB - Virtual size: 84KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 95KB - Virtual size: 94KB

.text
Size: 438KB - Virtual size: 437KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 24KB - Virtual size: 84KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 95KB - Virtual size: 94KB