30a73c25328f8ce2e7d5bf01b9f7227a446b8744968291b3c27e263585dcc150_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

30a73c25328f8ce2e7d5bf01b9f7227a446b8744968291b3c27e263585dcc150_NeikiAnalytics.exe
Size

1.6MB
MD5

487fa38726cfdb6b4eaa2ea5bc7189e0
SHA1

0802d477879495a20e2adc6c1bc897e02a231533
SHA256

30a73c25328f8ce2e7d5bf01b9f7227a446b8744968291b3c27e263585dcc150
SHA512

cd97900a3e65622468e882a76b967276805590019cd8613ca046aa846307aad2ced8869f24883926fe2b7feeda183f6eb533b888c8ee22a9d24a6a0b5c23d635
SSDEEP

49152:akWnAbr8lMaVtBqEtdZDZF1Dmg27RnWGj:UlZ9qEjD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30a73c25328f8ce2e7d5bf01b9f7227a446b8744968291b3c27e263585dcc150_NeikiAnalytics.exe

Files

30a73c25328f8ce2e7d5bf01b9f7227a446b8744968291b3c27e263585dcc150_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

d5fe083ff9c8426a3dd3348dc5e23762

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\ArcGIS\bin\AdjustFrameCamera.pdb

Imports

kernel32

DeleteFileW
MoveFileW
FindFirstFileW
CreateThread
SetEvent
WaitForSingleObject
GetModuleFileNameW
OpenEventW
GetSystemDefaultLangID
CreateDirectoryW
CopyFileW
FindClose
FindNextFileW
CreateEventW
ResetEvent
UnmapViewOfFile
GetModuleHandleA
CopyFileA
CreateFileA
DeleteFileA
GetProcAddress
CreateFileMappingA
FindResourceExW
WaitForMultipleObjects
GetSystemInfo
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetModuleHandleW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CloseHandle
FindResourceW
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
MapViewOfFile
RaiseException
IsDebuggerPresent

user32

SendMessageA
MessageBoxA
MessageBoxW

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?uncaught_exceptions@std@@YAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

vcruntime140

memchr
__std_exception_copy
__std_exception_destroy
wcsrchr
strchr
wcsstr
memmove
__std_terminate
__CxxFrameHandler3
_purecall
memset
__vcrt_InitializeCriticalSectionEx
memcpy
_CxxThrowException
wcschr
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
realloc
free
calloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_exit
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_wide_environment
_invalid_parameter_noinfo
_controlfp_s
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
_errno
_configure_wide_argv
terminate
_crt_atexit
_set_app_type
_seh_filter_exe
_cexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

wmemcpy_s
_strdup
wcscpy_s
iswspace
wcsnlen

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfscanf
fgets
fseek
ftell
feof
fgetws
__stdio_common_vfprintf
fopen
__stdio_common_vsprintf_s
fwrite
__stdio_common_vsprintf
fread
_set_fmode
fclose
_wfopen
__acrt_iob_func
__stdio_common_vsscanf
__p__commode
__stdio_common_vfwprintf

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-convert-l1-1-0

_gcvt
_wtof
atof
_wtoi
atoi

api-ms-win-crt-filesystem-l1-1-0

_rmdir
_mkdir
_access
_splitpath
_waccess

api-ms-win-crt-multibyte-l1-1-0

_mbscmp
_ismbcspace
_mbsrchr
_mbsnbcpy
_mbsstr
_mbsinc

api-ms-win-crt-math-l1-1-0

_CIatan2
_finite
modf
_libm_sse2_cos_precise
_dtest
_libm_sse2_acos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_except1
_libm_sse2_atan_precise
_libm_sse2_asin_precise
__setusermatherr

api-ms-win-crt-conio-l1-1-0

__conio_common_vcprintf

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

Sections

.text
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5fe083ff9c8426a3dd3348dc5e23762

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 882KB - Virtual size: 881KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 588KB - Virtual size: 592KB

.text
Size: 882KB - Virtual size: 881KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 588KB - Virtual size: 592KB