7e7a871fda1a59dc6b4063bd44539e5b9f93a5a3a78d12d906bf2b31e5687aca_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7e7a871fda1a59dc6b4063bd44539e5b9f93a5a3a78d12d906bf2b31e5687aca_NeikiAnalytics.exe
Size

2.9MB
MD5

b9617cc81a7742a00f651ada2f7d9b30
SHA1

cf1554b529b2a28f4bdf8014139c1ad8ea432003
SHA256

7e7a871fda1a59dc6b4063bd44539e5b9f93a5a3a78d12d906bf2b31e5687aca
SHA512

33223652630f1dc58979947dda769a1634aeab993e5d6e41b9cff42f03c3e179b0cb8030838eaaf8b2924fb2ecc3e7cec4f889523c6884bd06aa69510cdd19f1
SSDEEP

49152:hT2Qn6nBekk9hHNy57FcfM3Z5zXi8mV6++hQytv3vfd1zFK+rvWIKDWWo5/2IhG+:hGBekk9h+c0AKyytPuro+bl/Zz9XxLVk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e7a871fda1a59dc6b4063bd44539e5b9f93a5a3a78d12d906bf2b31e5687aca_NeikiAnalytics.exe

Files

7e7a871fda1a59dc6b4063bd44539e5b9f93a5a3a78d12d906bf2b31e5687aca_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

5f1d680f6e906e2ad60c4f85dbc3d0fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\0\A TRAITER\_T4CR\client2024\t4cr\Release\t4c.pdb

Imports

winmm

waveOutRestart
timeGetTime
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
mciSendStringA
timeGetDevCaps
timeBeginPeriod
waveOutPause
waveOutClose
waveOutOpen

kernel32

CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
SuspendThread
DeleteFileA
GetTempPathA
GetLastError
FormatMessageA
SetEvent
CreateEventA
TerminateThread
GetLocalTime
GetTickCount
CreateDirectoryA
CreateFileA
OutputDebugStringA
GetModuleFileNameA
_lopen
_lread
_lclose
_llseek
FindClose
FindFirstFileA
WritePrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDiskFreeSpaceA
TerminateProcess
GetExitCodeProcess
OpenProcess
GlobalUnlock
CopyFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
DebugBreak
lstrlenA
DecodePointer
InitializeCriticalSectionEx
MultiByteToWideChar
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIo
WriteConsoleW
SetEndOfFile
CreateFileW
HeapSize
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FlushFileBuffers
GetFileSizeEx
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetModuleHandleA
VirtualProtect
ExitProcess
GlobalFree
GlobalHandle
GlobalLock
GlobalAlloc
CreateThread
Sleep
CreatePipe
WriteFile
ReadFile
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetProcAddress
RtlUnwind
RaiseException
OutputDebugStringW
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
EncodePointer
GetLocaleInfoEx
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetThreadPriority

user32

IsClipboardFormatAvailable
TranslateAcceleratorA
GetSystemMetrics
UpdateWindow
UnhookWindowsHookEx
PostMessageA
GetClientRect
ClientToScreen
OffsetRect
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
SendMessageA
WaitMessage
DefWindowProcA
RegisterClassA
CreateWindowExA
ShowWindow
BeginPaint
EndPaint
InvalidateRect
SetWindowTextA
SetWindowPos
DialogBoxParamA
EndDialog
SetDlgItemTextA
ShowCursor
GetClipboardData
SetClipboardData
PeekMessageA
GetWindowTextA
GetWindowRect
AdjustWindowRectEx
SetCursor
GetWindowLongA
EnumWindows
OpenClipboard
LoadCursorA
GetKeyState
EmptyClipboard
LoadIconA
GetCursorPos
GetMonitorInfoA
MonitorFromWindow
CloseClipboard

gdi32

GetObjectA
GetDIBits
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkColor
GetStockObject
TextOutA
SetTextColor
SetBkMode
SelectObject
GetTextExtentPoint32A
EnumFontsA
DeleteObject
CreateFontIndirectA
RemoveFontResourceExA
AddFontResourceExA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

ddraw

DirectDrawCreateEx

dinput

DirectInputCreateA

ws2_32

WSASendTo
WSASocketW
WSAWaitForMultipleEvents
WSARecvFrom
WSACleanup
WSACloseEvent
WSACreateEvent
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
setsockopt
gethostbyname
WSAStartup
WSAGetLastError
WSAGetOverlappedResult
WSAResetEvent

dsound

ord1

Exports

Exports

??0?$TemplateList@PAE@@QAE@XZ
??0?$TemplateList@UFXType@@@@QAE@XZ
??0?$TemplateList@UHandlerDesc@@@@QAE@XZ
??0?$TemplateList@U_BAG_ITEM@@@@QAE@XZ
??0?$TemplateList@U_USER_PROFESSION@@@@QAE@XZ
??0?$TemplateList@U_USER_SKILL@@@@QAE@XZ
??0?$TemplateList@VFontList@@@@QAE@XZ
??0?$TemplateList@VSysMsg@@@@QAE@XZ
??0?$TemplateList@VTFCObject@@@@QAE@XZ
??0Random@t4csvr@@AAE@AAV01@@Z
??0Random@t4csvr@@QAE@XZ
??1?$TemplateList@PAE@@QAE@XZ
??1?$TemplateList@UFXType@@@@QAE@XZ
??1?$TemplateList@UHandlerDesc@@@@QAE@XZ
??1?$TemplateList@U_BAG_ITEM@@@@QAE@XZ
??1?$TemplateList@U_USER_PROFESSION@@@@QAE@XZ
??1?$TemplateList@U_USER_SKILL@@@@QAE@XZ
??1?$TemplateList@VFontList@@@@QAE@XZ
??1?$TemplateList@VSysMsg@@@@QAE@XZ
??1?$TemplateList@VTFCObject@@@@QAE@XZ
??4?$TemplateList@PAE@@QAEAAV0@ABV0@@Z
??4?$TemplateList@UFXType@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@UHandlerDesc@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_BAG_ITEM@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_FORMULE_INFO@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_FORMULE_REQ@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_PROFESSION_NAME@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_USER_PROFESSION@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@U_USER_SKILL@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@VFontList@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@VSysMsg@@@@QAEAAV0@ABV0@@Z
??4?$TemplateList@VTFCObject@@@@QAEAAV0@ABV0@@Z
??4ListException@@QAEAAV0@$$QAV0@@Z
??4ListException@@QAEAAV0@ABV0@@Z
??4Random@t4csvr@@AAEAAV01@AAV01@@Z
??RRandom@t4csvr@@QAEHAAVdice@1@@Z
??RRandom@t4csvr@@QAEHHH@Z
??RRandom@t4csvr@@QAEH_KHH@Z
?AddToHead@?$TemplateList@U_BAG_ITEM@@@@QAEXPAU_BAG_ITEM@@@Z
?AddToTail@?$TemplateList@UFXType@@@@QAEXPAUFXType@@@Z
?AddToTail@?$TemplateList@UHandlerDesc@@@@QAEXPAUHandlerDesc@@@Z
?AddToTail@?$TemplateList@U_BAG_ITEM@@@@QAEXPAU_BAG_ITEM@@@Z
?AddToTail@?$TemplateList@U_USER_SKILL@@@@QAEXPAU_USER_SKILL@@@Z
?AddToTail@?$TemplateList@VFontList@@@@QAEXPAVFontList@@@Z
?AddToTail@?$TemplateList@VSysMsg@@@@QAEXPAVSysMsg@@@Z
?AddToTail@?$TemplateList@VTFCObject@@@@QAEXPAVTFCObject@@@Z
?DeleteObject@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?DeleteObject@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?DeleteObject@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?DeleteObject@?$TemplateList@VSysMsg@@@@QAEXXZ
?DestroyList@?$TemplateList@VSysMsg@@@@QAEXXZ
?GetNbObjects@?$TemplateList@UHandlerDesc@@@@QAEHXZ
?GetNbObjects@?$TemplateList@VSysMsg@@@@QAEHXZ
?GetObjectA@?$TemplateList@UFXType@@@@QAEPAUFXType@@XZ
?GetObjectA@?$TemplateList@UHandlerDesc@@@@QAEPAUHandlerDesc@@XZ
?GetObjectA@?$TemplateList@U_BAG_ITEM@@@@QAEPAU_BAG_ITEM@@XZ
?GetObjectA@?$TemplateList@U_USER_SKILL@@@@QAEPAU_USER_SKILL@@XZ
?GetObjectA@?$TemplateList@VFontList@@@@QAEPAVFontList@@XZ
?GetObjectA@?$TemplateList@VSysMsg@@@@QAEPAVSysMsg@@XZ
?GetObjectA@?$TemplateList@VTFCObject@@@@QAEPAVTFCObject@@XZ
?GetSeed@Random@t4csvr@@SA_KXZ
?LastValue@Random@t4csvr@@0HA
?Lock@?$TemplateList@UFXType@@@@QAEXPAD@Z
?Lock@?$TemplateList@UHandlerDesc@@@@QAEXPAD@Z
?Lock@?$TemplateList@U_BAG_ITEM@@@@QAEXPAD@Z
?Lock@?$TemplateList@U_USER_SKILL@@@@QAEXPAD@Z
?Lock@?$TemplateList@VSysMsg@@@@QAEXPAD@Z
?QueryNext@?$TemplateList@PAE@@QAEHXZ
?QueryNext@?$TemplateList@UFXType@@@@QAEHXZ
?QueryNext@?$TemplateList@UHandlerDesc@@@@QAEHXZ
?QueryNext@?$TemplateList@U_BAG_ITEM@@@@QAEHXZ
?QueryNext@?$TemplateList@U_USER_PROFESSION@@@@QAEHXZ
?QueryNext@?$TemplateList@U_USER_SKILL@@@@QAEHXZ
?QueryNext@?$TemplateList@VFontList@@@@QAEHXZ
?QueryNext@?$TemplateList@VSysMsg@@@@QAEHXZ
?QueryNext@?$TemplateList@VTFCObject@@@@QAEHXZ
?QueryPrevious@?$TemplateList@VSysMsg@@@@QAEHXZ
?QueryPrevious@?$TemplateList@VTFCObject@@@@QAEHXZ
?Randomize@Random@t4csvr@@CA_JHHH@Z
?RemoveObject@?$TemplateList@PAE@@QAEXXZ
?RemoveObject@?$TemplateList@UFXType@@@@QAEXXZ
?RemoveObject@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?RemoveObject@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?RemoveObject@?$TemplateList@U_USER_PROFESSION@@@@QAEXXZ
?RemoveObject@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?RemoveObject@?$TemplateList@VFontList@@@@QAEXXZ
?RemoveObject@?$TemplateList@VSysMsg@@@@QAEXXZ
?RemoveObject@?$TemplateList@VTFCObject@@@@QAEXXZ
?Seed@Random@t4csvr@@0_KA
?SetQueryState@?$TemplateList@UHandlerDesc@@@@QAEXW4ListStatus@@@Z
?SetQueryState@?$TemplateList@U_BAG_ITEM@@@@QAEXW4ListStatus@@@Z
?SetQueryState@?$TemplateList@VFontList@@@@QAEXW4ListStatus@@@Z
?SetQueryState@?$TemplateList@VTFCObject@@@@QAEXW4ListStatus@@@Z
?SetSeed@Random@t4csvr@@SAX_K@Z
?ToHead@?$TemplateList@PAE@@QAEXXZ
?ToHead@?$TemplateList@UFXType@@@@QAEXXZ
?ToHead@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?ToHead@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?ToHead@?$TemplateList@U_USER_PROFESSION@@@@QAEXXZ
?ToHead@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?ToHead@?$TemplateList@VFontList@@@@QAEXXZ
?ToHead@?$TemplateList@VSysMsg@@@@QAEXXZ
?ToHead@?$TemplateList@VTFCObject@@@@QAEXXZ
?ToTail@?$TemplateList@UFXType@@@@QAEXXZ
?ToTail@?$TemplateList@UHandlerDesc@@@@QAEXXZ
?ToTail@?$TemplateList@U_BAG_ITEM@@@@QAEXXZ
?ToTail@?$TemplateList@U_USER_SKILL@@@@QAEXXZ
?ToTail@?$TemplateList@VFontList@@@@QAEXXZ
?ToTail@?$TemplateList@VSysMsg@@@@QAEXXZ
?ToTail@?$TemplateList@VTFCObject@@@@QAEXXZ
?Unlock@?$TemplateList@UFXType@@@@QAEXPAD@Z
?Unlock@?$TemplateList@UHandlerDesc@@@@QAEXPAD@Z
?Unlock@?$TemplateList@U_BAG_ITEM@@@@QAEXPAD@Z
?Unlock@?$TemplateList@U_USER_SKILL@@@@QAEXPAD@Z
?Unlock@?$TemplateList@VSysMsg@@@@QAEXPAD@Z
?roll@Random@t4csvr@@QAEHAAVdice@2@@Z
?testvs@Random@t4csvr@@SAHHH@Z

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fptable
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f1d680f6e906e2ad60c4f85dbc3d0fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

shell32

ole32

ddraw

dinput

ws2_32

dsound

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 390KB - Virtual size: 390KB

.data Size: 42KB - Virtual size: 2.5MB

.fptable Size: 512B - Virtual size: 128B

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 390KB - Virtual size: 390KB

.data
Size: 42KB - Virtual size: 2.5MB

.fptable
Size: 512B - Virtual size: 128B

.rsrc
Size: 17KB - Virtual size: 17KB