88f0c5c8245a8779eb6c7b3516cef8bf24a0f04a4ee51139fcb5f0a07dbbd849_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

88f0c5c8245a8779eb6c7b3516cef8bf24a0f04a4ee51139fcb5f0a07dbbd849_NeikiAnalytics.exe
Size

248KB
MD5

52467480705c0acfbe1b245f5af1ae50
SHA1

314fa1b60186d8a6973e0d8da42ace00d431d606
SHA256

88f0c5c8245a8779eb6c7b3516cef8bf24a0f04a4ee51139fcb5f0a07dbbd849
SHA512

7241097cd615096ed34ce19541157b59cb0f29209567aee22b6d821148bea8e6e35b220afaf2f8e858151f0b3b304a6452324f0f63b57e09f9e91a4da8e9f9f4
SSDEEP

6144:vLFhgfi90IvLOq2/NmiXVhgDWPDlWwYn6A53dPOOfkaNVTGr6aBubme:vLFhgq900ybNmiXVhgIen6AIfe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88f0c5c8245a8779eb6c7b3516cef8bf24a0f04a4ee51139fcb5f0a07dbbd849_NeikiAnalytics.exe

Files

88f0c5c8245a8779eb6c7b3516cef8bf24a0f04a4ee51139fcb5f0a07dbbd849_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

8c56429dce60c136d9ed5e25a8ccceaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
GetModuleHandleW
GetProcAddress
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalLock
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
HeapAlloc
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
lstrlenW
MultiByteToWideChar
LeaveCriticalSection
TerminateProcess
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
EnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedPushEntrySList
HeapFree
GetProcessHeap

user32

SetFocus
GetClassInfoExW
LoadCursorW
DrawTextW
DestroyWindow
InvalidateRect
DefWindowProcW
RegisterClassExW
SetWindowLongW
GetWindowLongW
ShowWindow
SetWindowPos
SetWindowRgn
CharNextW
IsWindow
GetKeyState
GetParent
GetFocus
IsChild
UnregisterClassA
UnionRect
PtInRect
CreateWindowExW
CallWindowProcW
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect

gdi32

LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
Rectangle
GetDeviceCaps

ole32

CoCreateGuid
WriteClassStm
OleSaveToStream
CoCreateInstance
ReadClassStm
CoTaskMemAlloc
CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CoTaskMemFree

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SysAllocString
SysAllocStringLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysFreeString
SysStringLen

ekciu

?EkcTypeInfoName@@YAPBDABVtype_info@@@Z
?deleteRef@?$VEkcRefCount@VEkcMutex@@@@UAE_NXZ
??4?$VEkcRefCount@VEkcMutex@@@@UAEAAV0@ABV0@@Z
??1EkcError@@UAE@XZ
?addRef@?$VEkcRefCount@VEkcMutex@@@@UAEXXZ
??0?$EkcRefCount@VEkcMutex@@@@QAE@XZ
??1?$EkcRefCount@VEkcMutex@@@@QAE@XZ
??0EkcError@@QAE@ABV0@@Z
?deleteRef@?$EkcRefCount@VEkcMutex@@@@QAE_NXZ
?addRef@?$EkcRefCount@VEkcMutex@@@@QAEXXZ

imatransformlayeriu

ord7706
ord7755
ord5761
ord4303
ord3929
ord8104
ord6526
ord7920
ord8108
ord9841
ord10001
ord8171
ord10003
ord9756
ord8313
ord9677
ord5760
ord6493
ord9587
ord3170
ord7632
ord7834
ord9766
ord9822
ord8589
ord6421
ord9832
ord6423
ord7335
ord1474
ord7382
ord9755
ord6603
ord6616
ord6608
ord7615
ord9763
ord1371
ord9785
ord7844
ord7821
ord6688
ord9228
ord8775
ord7799
ord6500
ord4543
ord6543
ord3813
ord6081
ord5
ord104
ord1813
ord1919
ord8734
ord8738
ord7398
ord6487
ord6524
ord7493
ord7496
ord6420
ord1416
ord9775
ord7792
ord9759
ord8640
ord2154
ord1281
ord5979
ord1280
ord2162
ord1302
ord3159
ord3139
ord2156
ord4566
ord1890
ord1784
ord17
ord6683
ord1372
ord2182
ord1370
ord2974
ord1979
ord1873
ord284
ord9258
ord5844
ord5843
ord5745
ord4551
ord6508
ord7807
ord8783
ord9236
ord6696
ord7829
ord7852
ord9793
ord4547
ord6504
ord7803
ord8779
ord9232
ord6692
ord4030
ord2198
ord9789
ord2220
ord2282
ord2281
ord8994
ord7794
ord1475
ord1661
ord1659
ord7991
ord5743
ord9287
ord9290
ord5773
ord5772
ord5776
ord5775
ord7643
ord7718
ord10171
ord10173
ord6967
ord8288
ord7671
ord7673
ord7597
ord9603
ord6432
ord8762
ord8765
ord8193
ord7682
ord7515
ord7818
ord8389
ord9307
ord8372
ord7768
ord7661
ord7663
ord8638
ord8637
ord8299
ord10131
ord10130
ord10132
ord6488
ord7494
ord9574
ord7347
ord6525
ord8169
ord8735
ord7993
ord7399
ord7787
ord6950
ord7405
ord8773
ord9605
ord6080
ord8739
ord6553
ord7623
ord7497
ord7941
ord8799
ord7565
ord8905
ord7563
ord4022
ord6578
ord283
ord3801
ord9741
ord7646
ord7721
ord1680
ord8232
ord1303
ord5752
ord5751
ord638
ord1662
ord1660
ord8761
ord2167
ord1991
ord9981
ord7612
ord9988
ord8790
ord9825
ord2712
ord1305
ord2257
ord285
ord2711
ord1778
ord9942
ord10004
ord1576
ord6531
ord305
ord301
ord4029
ord9680
ord9758
ord304
ord1880
ord1986
ord5842
ord7591
ord3922
ord302
ord1879
ord4028
ord6947
ord5845
ord8564
ord4684
ord1985
ord2280
ord10212
ord10178
ord1667
ord2285
ord7863
ord3923
ord1886
ord7825
ord2149
ord6925
ord1780
ord4
ord9990
ord9984
ord8641
ord9647
ord9989
ord8635
ord8636
ord3814
ord2258
ord1856
ord2255
ord7784
ord7848
ord3704
ord1580
ord6549
ord8300
ord8768
ord8752
ord7577
ord7578
ord1591
ord1571
ord8901
ord7741
ord2269
ord1962
ord232
ord4553
ord6510
ord7809
ord8785
ord9238
ord6698
ord7831
ord7854
ord9795
ord8977
ord233
ord6978
ord9816
ord1575
ord4005
ord550
ord6147
ord8260
ord8262
ord6149
ord7992
ord9604
ord9573
ord8772
ord8168
ord6949
ord7404
ord7622
ord6552
ord7786
ord7346

imxsupportu

?DumpGraph@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@PA_W@Z
?DisconnectInput@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@J@Z
?GetImxGuid@CImxTransformBase@@SA?AU_GUID@@PAUIUnknown@@@Z
?LookupControlPtr@@YAPAUIUnknown@@PA_W@Z
?ImxRegisterCatids@@YAJABU_GUID@@@Z
?ImxRemoveCategory@@YAJABU_GUID@@@Z
?ImxReportErrorIfNotSet@@YAJPB_WKABU_GUID@@1J0PAUHINSTANCE__@@@Z
?ChangeControlGuid@@YAXPAUIUnknown@@U_GUID@@@Z
?GetNewSourceID@@YA?AU_GUID@@PAUIMX_GUID_ARRAY@@0U1@@Z
?CorrectConnections@@YAJPAUIUnknown@@@Z
?ConvertUnit@@YAIW4ImxSpatialUnit@@@Z
?ConvertUnit@@YA?AW4ImxSpatialUnit@@I@Z
?GetMetaDataUsage@CImxTransformBase@@SAJV?$EkcSmartPtr@VImaTransform@@@@PA_W@Z
?GetMetaData@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@PA_WPAUtagVARIANT@@@Z
?ClearMetaDataRegistry@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@@Z
?LoadMetaDataRegistryFile@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@PA_WW4CIA_MMA_DUPLICATE_ENTRY_MODE@@@Z
?LookupControlName@@YAPA_WPAUIUnknown@@@Z
?GetVertResolution@CImxTransformBase@@SAJV?$EkcSmartPtr@VImaTransform@@@@JJ@Z
?GetHorzResolution@CImxTransformBase@@SAJV?$EkcSmartPtr@VImaTransform@@@@JJ@Z
?GetNumResolutions@CImxTransformBase@@SAJV?$EkcSmartPtr@VImaTransform@@@@J@Z
??1CImxTransformBase@@UAE@XZ
?ImxReportError@@YAJPB_WKABU_GUID@@1J0PAUHINSTANCE__@@@Z
?LookupControlPtr@@YAPAUIUnknown@@U_GUID@@@Z
?ImxClearSystemErrorInfo@@YAXXZ
?AddXform@@YAXPAUIUnknown@@@Z
?RemoveXform@@YAXPAUIUnknown@@@Z
?ImxIsValidAddress@@YA_NPBXIH@Z
?ChangeControlName@@YAXPAUIUnknown@@PA_W@Z
?CreateMessage@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAVEkcError@@@Z
?StatusOK@CImxTransformBase@@SAFV?$EkcSmartPtr@VImaTransform@@@@@Z
?get_Label@CImxTransformBase@@SAPA_WV?$EkcSmartPtr@VImaTransform@@@@@Z
?put_Label@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@PA_W@Z
?ConnectInput@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@JPAUIUnknown@@J@Z
?get_Caching@CImxTransformBase@@SAFV?$EkcSmartPtr@VImaTransform@@@@@Z
?put_Caching@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@F@Z
?SetCaching@CImxTransformBase@@SAXV?$EkcSmartPtr@VImaTransform@@@@JF@Z
?GetCaching@CImxTransformBase@@SAFV?$EkcSmartPtr@VImaTransform@@@@J@Z
?GetColorSpace@CImxTransformBase@@SA?AW4ImxColorSpace@@V?$EkcSmartPtr@VImaTransform@@@@J@Z
?GetUnit@CImxTransformBase@@SA?AW4ImxSpatialUnit@@V?$EkcSmartPtr@VImaTransform@@@@J@Z
?GetWidth@CImxTransformBase@@SANV?$EkcSmartPtr@VImaTransform@@@@J@Z
?GetHeight@CImxTransformBase@@SANV?$EkcSmartPtr@VImaTransform@@@@J@Z

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1_Container_base12@std@@QAE@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_BADOFF@std@@3_JB
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?is@?$ctype@D@std@@QBE_NFD@Z

msvcr100

__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
__RTtypeid
??8type_info@@QBE_NABV0@@Z
_purecall
wcsncpy_s
strncmp
_recalloc
memset
wcslen
??_V@YAXPAX@Z
swprintf_s
memcpy_s
free
_vswprintf
memcmp
__RTDynamicCast
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
memmove
memcpy
strlen
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ

atl100

ord30
ord44
ord58
ord32
ord27
ord26
ord31
ord64
ord23
ord61
ord68
ord56
ord49
ord15
ord43

Exports

Exports

??0CImxTransformBase@@QAE@ABV0@@Z
??4CImxTransformBase@@QAEAAV0@ABV0@@Z
??_7CImxTransformBase@@6B@
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c56429dce60c136d9ed5e25a8ccceaa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

ekciu

imatransformlayeriu

imxsupportu

msvcp100

msvcr100

atl100

Exports

Exports

Sections

.text Size: 135KB - Virtual size: 134KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 135KB - Virtual size: 134KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 24KB - Virtual size: 24KB