48966ffc4f31f8fdbe52e48fdaa7d5bbb131de7a720186a81e7f42270293a6ff_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

48966ffc4f31f8fdbe52e48fdaa7d5bbb131de7a720186a81e7f42270293a6ff_NeikiAnalytics.exe
Size

1.7MB
MD5

54d42d330fe784981f7d5a4e0e9802f0
SHA1

d2b662bf02b273b20ba91787812dc1be899c26d3
SHA256

48966ffc4f31f8fdbe52e48fdaa7d5bbb131de7a720186a81e7f42270293a6ff
SHA512

1164861970bd9a68dccc7a080d9adc070c505664526fe235e550ddc1ae43711d6e5d85fe2a87cf28e84302917909222d33d141ab069748f478ac608d648cc011
SSDEEP

12288:iRZMFw3+ovyOFB9YRipRMpOuDXOT4cUslcyiJsas4UTkkP8HbIas9rgS9w:iRZqw3jbDYRiDMXijlcyiJsVThP8U3u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48966ffc4f31f8fdbe52e48fdaa7d5bbb131de7a720186a81e7f42270293a6ff_NeikiAnalytics.exe

Files

48966ffc4f31f8fdbe52e48fdaa7d5bbb131de7a720186a81e7f42270293a6ff_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

b4b6b192f1ed0b45e63dbc11cb513042

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lxt_all\EasySet\output\EasySet.pdb

Imports

wxbase28u_vc_custom

??0wxStringBase@@QAE@ABV0@@Z
?wxRemoveFile@@YA_NABVwxString@@@Z
??4wxString@@QAEAAV0@PB_W@Z
??YwxString@@QAEAAV0@ABV0@@Z
??AwxString@@QAEAA_WH@Z
??YwxString@@QAEAAV0@_W@Z
?wxEmptyString@@3PB_WB
??H@YA?AVwxString@@ABV0@PB_W@Z
?at@wxStringBase@@QAEAA_WI@Z
??0wxString@@QAE@PB_W@Z
??0wxString@@QAE@ABV0@@Z
??H@YA?AVwxString@@ABV0@0@Z
?Cmp@wxString@@QBEHPB_W@Z
??1wxStringTokenizer@@UAE@XZ
?GetNextToken@wxStringTokenizer@@QAE?AVwxString@@XZ
?HasMoreTokens@wxStringTokenizer@@QBE_NXZ
??0wxStringTokenizer@@QAE@ABVwxString@@0W4wxStringTokenizerMode@@@Z
?Mid@wxString@@QBE?AV1@II@Z
?CmpNoCase@wxString@@QBEHPB_W@Z
??1wxString@@QAE@XZ
??YwxString@@QAEAAV0@PB_W@Z
??4wxString@@QAEAAV0@ABV0@@Z
?compare@wxStringBase@@QBEHPB_W@Z
?CmpNoCase@wxString@@QBEHABV1@@Z
?Trim@wxString@@QAEAAV1@_N@Z
?Find@wxString@@QBEH_W_N@Z
?insert@wxString@@QAEAAV1@II_W@Z
?IsNumber@wxString@@QBE_NXZ
?Left@wxString@@QBE?AV1@I@Z
?Right@wxString@@QBE?AV1@I@Z
?wxConvUTF8@@3AAVwxMBConvUTF8@@A
??0wxString@@QAE@PB_WABVwxMBConv@@I@Z
?compare@wxStringBase@@QBEHABV1@@Z
??1wxCharBuffer@@QAE@XZ
?wxConvLibc@@3AAVwxMBConv@@A
?mb_str@wxString@@QBE?BVwxCharBuffer@@ABVwxMBConv@@@Z
?Replace@wxString@@QAEIPB_W0_N@Z
?ToLong@wxString@@QBE_NPAJH@Z
?Find@wxString@@QBEHPB_W@Z
?MakeUpper@wxString@@QAEAAV1@XZ
?wxEntryStart@@YA_NAAHPAPA_W@Z
?GetPath@wxFileName@@QBE?AVwxString@@HW4wxPathFormat@@@Z
??1wxFileName@@QAE@XZ
??0wxFileName@@QAE@ABVwxString@@W4wxPathFormat@@@Z
?npos@wxStringBase@@2IB
?find@wxStringBase@@QBEIPB_WII@Z
?Cmp@wxString@@QBEHABV1@@Z
?c_str@wxStringBase@@QBEPB_WXZ
?Format@wxString@@SA?AV1@PB_WZZ

wxbase28u_xml_vc_custom

?GetContent@wxXmlNode@@QBE?AVwxString@@XZ
?GetName@wxXmlNode@@QBE?AVwxString@@XZ
??0wxXmlDocument@@QAE@XZ
??1wxXmlDocument@@UAE@XZ
?Load@wxXmlDocument@@UAE_NABVwxString@@0H@Z
?GetAttribute@wxXmlNode@@QBE?AVwxString@@ABV2@0@Z
?GetPropVal@wxXmlNode@@QBE?AVwxString@@ABV2@0@Z
?AddChild@wxXmlNode@@UAEXPAV1@@Z
?AddAttribute@wxXmlNode@@QAEXABVwxString@@0@Z
?InsertChild@wxXmlNode@@UAE_NPAV1@0@Z
?RemoveChild@wxXmlNode@@UAE_NPAV1@@Z
?AddProperty@wxXmlNode@@UAEXPAVwxXmlProperty@@@Z
?AddProperty@wxXmlNode@@UAEXABVwxString@@0@Z
?DeleteProperty@wxXmlNode@@UAE_NABVwxString@@@Z
??_7wxXmlNode@@6B@
?SetName@wxXmlNode@@QAEXABVwxString@@@Z
?SetRoot@wxXmlDocument@@QAEXPAVwxXmlNode@@@Z
?Save@wxXmlDocument@@UBE_NABVwxString@@H@Z
??1wxXmlNode@@UAE@XZ
?GetNodeContent@wxXmlNode@@QBE?AVwxString@@XZ

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdiplusStartup
GdipFree
GdipCloneImage
GdipCreateBitmapFromScan0
GdipAlloc
GdipSaveImageToFile
GdipLoadImageFromFile
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipCreateFromHDC
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipImageRotateFlip
GdipCloneBitmapAreaI
GdipCreateBitmapFromStreamICM
GdipFillRectangleI
GdipDeleteGraphics
GdipCloneBrush
GdipDrawImageRectI
GdipCreateHatchBrush
GdipDisposeImage
GdipDeleteBrush
GdipGetImageWidth

lua51

lua_isnumber
lua_pushlstring
lua_getfield
lua_pcall
luaL_loadfile
lua_close
luaL_openlibs
luaL_newstate
lua_tonumber

nldatastream

nlds_enum_usb_device
nlds_write
nlds_update_firmware_file
nlds_open_usb
nlds_change_serial_settings
nlds_detect_serial_settings
nlds_is_open
nlds_open_com
nlds_clean
nlds_destory
nlds_close
nlds_read_until
nlds_create
nlds_get_kernel_info
nlds_enum_serial_ports

nlscodemid

InitBCDll
SetBCBaseParam
SetBCEachParam
GenBarCode
GetImagePtr
GetBCLastError
FreeMemory

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

zint

ZBarcode_Encode
ZBarcode_Print
ZBarcode_Delete
ZBarcode_Create

mfc80u

ord5616
ord4437
ord3345
ord3561
ord544
ord732
ord3666
ord4300
ord5984
ord4585
ord3901
ord789
ord495
ord795
ord462
ord461
ord1616
ord5406
ord1287
ord496
ord421
ord655
ord5280
ord1434
ord1146
ord2150
ord2798
ord5101
ord993
ord5657
ord5283
ord3219
ord1198
ord4198
ord764
ord1782
ord931
ord1883
ord927
ord3306
ord929
ord5829
ord384
ord925
ord265
ord629
ord920
ord5229
ord3155
ord5083
ord5231
ord2897
ord5956
ord5319
ord1591
ord5633
ord4276
ord4716
ord774
ord2011
ord6284
ord3397
ord5558
ord266
ord2361
ord326
ord1430
ord293
ord591
ord2260
ord1270
ord577
ord3157
ord2077
ord736
ord3082
ord6133
ord1536
ord6721
ord5803
ord4226
ord5911
ord385
ord4256
ord4179
ord1393
ord630
ord4480
ord6271
ord1476
ord5210
ord2012
ord3943
ord5067
ord2638
ord1899
ord3158
ord3703
ord5148
ord899
ord2985
ord3713
ord4238
ord4255
ord1118
ord3712
ord1392
ord2527
ord3940
ord896
ord2640
ord1608
ord6063
ord557
ord2534
ord1611
ord3189
ord6086
ord745
ord1058
ord2856
ord5908
ord5965
ord2311
ord2708
ord6720
ord4301
ord280
ord1271
ord2829
ord2444
ord2725
ord1542
ord2531
ord1661
ord5196
ord1662
ord1178
ord1590
ord4884
ord1646
ord5178
ord587
ord1647
ord2086
ord5710
ord1955
ord283
ord1582
ord5171
ord4234
ord1353
ord760
ord4961
ord572
ord3339
ord6232
ord530
ord6275
ord3311
ord722
ord3796
ord620
ord5711
ord1176
ord6273
ord4119
ord1513
ord2163
ord347
ord2169
ord602
ord2399
ord2381
ord2379
ord2397
ord1922
ord5712
ord1925
ord2409
ord1474
ord4347
ord2386
ord4092
ord2402
ord762
ord2080
ord2407
ord1538
ord776
ord2460
ord2390
ord4228
ord2392
ord741
ord3204
ord2394
ord1637
ord2388
ord1182
ord1579
ord2404
ord3165
ord1785
ord2384
ord4078
ord5485
ord1472
ord2893
ord2155
ord3756
ord1894
ord2651
ord6161
ord3873
ord2083
ord5869
ord4232
ord5862
ord2952
ord3224
ord2860
ord658
ord3869
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord5971
ord4535
ord3677
ord566
ord757
ord3327
ord4475
ord2832
ord3824
ord5562
ord1049
ord5209
ord1096
ord5226
ord1121
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord2159
ord501
ord709
ord4206
ord2365
ord4101
ord2261
ord1299
ord2167
ord6700
ord282
ord1079
ord1479
ord4026
ord3198
ord556
ord3752
ord744
ord5091
ord4729
ord6059
ord6306
ord3435
ord354
ord605
ord3635
ord4574
ord5199
ord2255
ord4314
ord5727
ord5609
ord2076
ord3156
ord4010
ord6115
ord6089
ord2366
ord2489
ord715
ord1634
ord1572
ord3286
ord6002
ord3990
ord3296
ord5637
ord563
ord753
ord1959
ord3331
ord1156
ord330
ord6251
ord589
ord6001
ord1920
ord3678
ord1006
ord3281
ord3755
ord370
ord618
ord6282
ord1172
ord5316
ord5708
ord5999
ord2066
ord6293
ord5327
ord3249
ord1906
ord3050
ord2468
ord5398
ord290
ord5524
ord2282
ord3298
ord5987
ord730
ord287
ord4100
ord3630
ord6219
ord6116
ord4728
ord4205
ord4904
ord4459
ord4619
ord4578
ord4458
ord4488
ord4966
ord3453
ord900
ord5981
ord3342
ord4558
ord5053
ord5618
ord5982
ord5867
ord2876
ord6037
ord599
ord3680
ord3172
ord1541
ord1545
ord2254
ord6033
ord1939
ord898
ord1443
ord317
ord584
ord1425
ord383
ord4098
ord894
ord3992
ord3993
ord2907
ord5442
ord5791
ord5414
ord2362
ord3424
ord416
ord651
ord772
ord1555
ord6751
ord6749
ord3841
ord5440
ord3753
ord1871
ord657
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord860
ord328
ord588
ord5707
ord4775
ord2739
ord5998
ord5436
ord3570
ord3483
ord3645
ord2788
ord2867
ord4388
ord6061
ord5636
ord4109
ord502
ord4117
ord3995
ord4945
ord1719
ord3984
ord5972
ord1957
ord3395
ord2276
ord5638
ord3417
ord3983
ord3590
ord531
ord723
ord5455
ord1155
ord6053
ord2648
ord1000
ord777
ord5705
ord1154
ord1027
ord1202
ord2250
ord2297
ord288
ord284
ord6166
ord6172
ord2364
ord1921
ord5742
ord1562
ord4112
ord3289
ord5643
ord3885
ord5715
ord5917
ord5397
ord5410
ord5584
ord5519
ord5723
ord4155
ord6050
ord5884
ord5604
ord6056
ord5607
ord2521
ord3433
ord2225
ord2340
ord1115
ord3448
ord1192
ord1416
ord567
ord758
ord5630
ord1571
ord2035
ord4784
ord508
ord6058
ord2025
ord510
ord713

msvcr80

fread
strstr
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wtoi
__wargv
__argc
_beginthreadex
swprintf_s
_recalloc
calloc
_wsplitpath
sprintf_s
setlocale
wcstombs
malloc
wcsrchr
sscanf
wcsstr
_localtime64_s
_wtol
_mktime64
_endthreadex
_wmkdir
swscanf
memmove_s
wcsncpy
wcschr
wcsspn
memmove
wcspbrk
wcstok
_purecall
ceil
wcstod
wcstoul
wcsncat
wcstok_s
wcsncmp
_snwprintf
atoi
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
rewind
free
ftell
fseek
exit
__iob_func
fputs
fopen
_resetstkoflw
strcpy_s
memcpy_s
mbstowcs
__CxxFrameHandler3
_CxxThrowException
memset
memcpy

kernel32

QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
GetSystemDirectoryW
TerminateProcess
UnhandledExceptionFilter
GetWindowsDirectoryW
FreeLibrary
SetUnhandledExceptionFilter
GetCurrentProcess
WriteProcessMemory
VirtualProtect
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GlobalSize
WritePrivateProfileStringW
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
LoadLibraryW
SetLastError
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
lstrlenA
Sleep
lstrlenW
GetModuleFileNameW
ResumeThread
MultiByteToWideChar
GetModuleHandleW
LeaveCriticalSection
InterlockedExchange
GetLocalTime
WideCharToMultiByte
GetTickCount
InterlockedDecrement
EnterCriticalSection
GetPrivateProfileIntW
CreateDirectoryW
CloseHandle
GetPrivateProfileStringW
DeleteFileW
OutputDebugStringW
CreateMutexW
GetLastError
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapFree
GetProcessHeap
GetProcAddress
GetSystemTimeAsFileTime
IsDebuggerPresent
GetVersionExW

user32

GetSystemMetrics
AppendMenuW
GetCursorPos
IsIconic
RedrawWindow
GetParent
SetTimer
KillTimer
UnhookWindowsHookEx
SetDlgItemTextW
SetWindowsHookExW
MessageBoxExW
ScreenToClient
PostMessageW
PtInRect
FillRect
GetCaretPos
GetWindow
ReleaseCapture
SetCapture
GetFocus
InflateRect
IsWindow
IsRectEmpty
GetWindowLongW
GetActiveWindow
GetCapture
ClientToScreen
WindowFromPoint
GetSubMenu
TrackPopupMenuEx
GetSysColor
LoadImageW
DrawFocusRect
LoadIconW
FrameRect
DestroyMenu
DestroyIcon
OffsetRect
GetNextDlgTabItem
SetCursor
DrawStateW
CopyRect
ClipCursor
LoadCursorW
DrawEdge
GetKeyState
OpenClipboard
GetClipboardData
CloseClipboard
MessageBeep
SetRectEmpty
DefWindowProcW
IsClipboardFormatAvailable
LockWindowUpdate
SetWindowLongW
UpdateWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
SetRect
DrawFrameControl
IsChild
GetMessagePos
GetMessageW
DispatchMessageW
GetCursor
MessageBoxW
LoadBitmapW
EnableWindow
SendMessageW
GetSystemMenu
InvalidateRect
DrawIcon
ReleaseDC
GetDC
GetWindowRect
DestroyCursor
GetClientRect
IsWindowVisible

gdi32

DeleteObject
StretchBlt
GetObjectW
SelectObject
SetStretchBltMode
EnumFontsW
CreateFontW
GetStockObject
CreatePen
BeginPath
MoveToEx
LineTo
PtInRegion
EndPath
PathToRegion
FillRgn
BitBlt
GetTextExtentPoint32W
GetTextColor
GetPixel
SetPixel
CreateBitmap
SetBkColor
RoundRect
GetDeviceCaps
CreateSolidBrush
CreatePolygonRgn
CreateFontIndirectW
Rectangle
GetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
CreateRectRgnIndirect
StartDocW
StartPage
EndPage
EndDoc
AbortDoc
GetCurrentObject
CreatePenIndirect
CreateBrushIndirect
PatBlt
LPtoDP
DPtoLP
GetViewportOrgEx
CreateDIBSection
StretchDIBits
CreateCompatibleDC
DeleteDC
Escape
CreateCompatibleBitmap
SetTextColor
SetBrushOrgEx

msimg32

AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW
DragQueryFileW
DragFinish
ShellExecuteW
DragAcceptFiles

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindExtensionW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize

oleaut32

SysAllocStringLen
GetActiveObject
VariantClear
VariantCopy
VariantInit
VarDateFromStr
SysFreeString
SysAllocString

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

winmm

PlaySoundW

Sections

.text
Size: 676KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 884KB - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4b6b192f1ed0b45e63dbc11cb513042

Headers

File Characteristics

PDB Paths

Imports

wxbase28u_vc_custom

wxbase28u_xml_vc_custom

gdiplus

lua51

nldatastream

nlscodemid

version

zint

mfc80u

msvcr80

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

winmm

Sections

.text Size: 676KB - Virtual size: 673KB

.rdata Size: 192KB - Virtual size: 189KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 884KB - Virtual size: 880KB

.text
Size: 676KB - Virtual size: 673KB

.rdata
Size: 192KB - Virtual size: 189KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 884KB - Virtual size: 880KB