07374aecd61dbf2b2368305583600877892fccbbb5b6a6aad3d96ba1a8cf012f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

07374aecd61dbf2b2368305583600877892fccbbb5b6a6aad3d96ba1a8cf012f_NeikiAnalytics.exe
Size

2.8MB
MD5

728aaac8f036db7697c595e039e2d310
SHA1

2cb7ea992ddc2bd7e9219bf4ae58c459a2f8d4fb
SHA256

07374aecd61dbf2b2368305583600877892fccbbb5b6a6aad3d96ba1a8cf012f
SHA512

0ee6a08dbc73d242e7687eaaa0333373aee110ba255772bbd8b27b39d80a1281e79ebf632e1f1d1a7efcf91ffdfea672679e92a5d5a5ce32015be181a44f88bb
SSDEEP

12288:hu2qA9D8kLrPdy9kxJwDaR+FZx2/3UkUfYEE3ihCU4444Q4444S4444i9+7jU158:hTr9D80P09kxufLzUoz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07374aecd61dbf2b2368305583600877892fccbbb5b6a6aad3d96ba1a8cf012f_NeikiAnalytics.exe

Files

07374aecd61dbf2b2368305583600877892fccbbb5b6a6aad3d96ba1a8cf012f_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

0abe6a1985333358bb01893221f85445

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\ims\Installation\IMS\Release\Dispatch.pdb

Imports

mfc100

ord13299
ord7073
ord13301
ord11421
ord11420
ord2163
ord4724
ord13767
ord11726
ord7510
ord7584
ord761
ord1201
ord4249
ord6528
ord9811
ord6790
ord6634
ord6636
ord1941
ord1991
ord2006
ord731
ord1181
ord5774
ord869
ord1267
ord7133
ord3661
ord11217
ord11215
ord7247
ord6070
ord374
ord943
ord11916
ord2183
ord11924
ord3421
ord10219
ord4646
ord12230
ord12423
ord4571
ord6131
ord12694
ord6054
ord4340
ord1900
ord11940
ord7927
ord7491
ord11445
ord10167
ord9718
ord10538
ord6135
ord6132
ord6133
ord12695
ord9445
ord9831
ord12500
ord310
ord11060
ord4654
ord3390
ord9560
ord11154
ord12005
ord9283
ord7358
ord4773
ord4626
ord5108
ord8440
ord5096
ord4904
ord4623
ord11103
ord2846
ord2944
ord2945
ord3484
ord2338
ord5253
ord12482
ord10672
ord6128
ord13300
ord7074
ord13302
ord2661
ord3984
ord13980
ord3991
ord4401
ord4368
ord4364
ord4398
ord4419
ord4377
ord4406
ord4415
ord4385
ord4389
ord4393
ord4381
ord4410
ord4373
ord1514
ord1507
ord1509
ord1503
ord1496
ord11188
ord11190
ord12644
ord2847
ord8351
ord9994
ord6217
ord8070
ord13289
ord10883
ord3393
ord11025
ord8235
ord13973
ord13972
ord14045
ord14062
ord14058
ord14060
ord14061
ord13482
ord2417
ord7349
ord2878
ord2881
ord12535
ord5534
ord8811
ord5446
ord3534
ord10304
ord10336
ord8279
ord10391
ord9174
ord8486
ord9564
ord9567
ord9565
ord8074
ord8086
ord13483
ord9085
ord10609
ord9298
ord9299
ord9323
ord9752
ord8071
ord9312
ord9351
ord10487
ord9423
ord9322
ord9383
ord9384
ord9385
ord10152
ord10153
ord9370
ord10199
ord10194
ord10189
ord10329
ord9100
ord8583
ord9042
ord10145
ord9326
ord9726
ord9375
ord9376
ord7444
ord11623
ord4427
ord9472
ord9470
ord10855
ord6958
ord4569
ord10963
ord2504
ord2882
ord12421
ord10177
ord10014
ord2950
ord11714
ord9304
ord9420
ord8022
ord1598
ord11539
ord2253
ord3477
ord6033
ord5279
ord5118
ord11411
ord8450
ord13279
ord5216
ord13278
ord6547
ord6796
ord1993
ord764
ord1203
ord3223
ord8305
ord9284
ord5119
ord8347
ord11148
ord13290
ord3395
ord2416
ord12531
ord5532
ord2752
ord2973
ord2974
ord3620
ord9499
ord10360
ord10007
ord8137
ord11067
ord10394
ord9998
ord9398
ord9067
ord266
ord265
ord12095
ord1004
ord457
ord2769
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord4622
ord4903
ord5095
ord8439
ord4881
ord5098
ord4625
ord4774
ord4606
ord5443
ord6897
ord6898
ord6888
ord4772
ord7357
ord9281
ord8304
ord6018
ord2009
ord13246
ord1997
ord13518
ord322
ord4077
ord7140
ord1288
ord888
ord1294
ord12128
ord2184
ord5837
ord3439
ord4283
ord1982
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord8248
ord7144
ord5830
ord1929
ord2061
ord12091
ord1316
ord316
ord916
ord339
ord300
ord3839
ord13480
ord8110
ord13485
ord1313
ord901
ord906
ord2090
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord1940
ord1867
ord323
ord1297
ord1886
ord1885
ord14059
ord1296

msvcr100

__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException

kernel32

GetModuleHandleA
LoadLibraryA
GetLastError
DeactivateActCtx
IsProcessorFeaturePresent
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
LocalAlloc
LocalFree
ActivateActCtx
SetLastError

user32

IntersectRect
OffsetRect
EnableWindow
LoadBitmapW
GetDC
ShowScrollBar
GetSystemMetrics
PtInRect
CopyRect
LoadIconW

gdi32

StretchBlt
GetTextExtentPoint32A
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtCreatePen
CreateFontA
GetObjectA

msimg32

GradientFill

oleaut32

LoadRegTypeLi

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0abe6a1985333358bb01893221f85445

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100

msvcr100

kernel32

user32

gdi32

msimg32

oleaut32

msvcp100

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 14KB - Virtual size: 14KB