8e9527455c8c8fb96312548c2f49fd85a01f69f07c0ede12797fcdd54468def6_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8e9527455c8c8fb96312548c2f49fd85a01f69f07c0ede12797fcdd54468def6_NeikiAnalytics.exe
Size

1.3MB
MD5

85425c9c1d127c71b5cacf25ab8ed0b0
SHA1

47eea0df22b5fe0bb99b09d36d3173fd2f362842
SHA256

8e9527455c8c8fb96312548c2f49fd85a01f69f07c0ede12797fcdd54468def6
SHA512

2c95350438d3486013a29e2c49b578863af8e507e734107f18c9d32cd2d2ddc94963dd9fc22cbbad8c26d46fbbf6bb550c6d60dcbac90fb85efa37d2b4030795
SSDEEP

12288:qSfhIzsCwysb21axwLKrjXa8a+A4YjDjt2q8BQoM2sfXth5vC7bli:qrzsCwygx5vKhTryQoM2aJC7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e9527455c8c8fb96312548c2f49fd85a01f69f07c0ede12797fcdd54468def6_NeikiAnalytics.exe

Files

8e9527455c8c8fb96312548c2f49fd85a01f69f07c0ede12797fcdd54468def6_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

2c6650cb9775e023079d74f9aaf6285b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dk\模块更新\NT\DataChartPage\DataChartPage_v2.1.0.20\Debug\DataChartPage.pdb

Imports

mfc90ud

ord4559
ord2849
ord7604
ord2033
ord8783
ord4661
ord2330
ord933
ord2565
ord1410
ord8488
ord6816
ord3890
ord6565
ord9110
ord4008
ord6305
ord5861
ord5948
ord2710
ord6093
ord1133
ord961
ord286
ord3462
ord292
ord963
ord8083
ord849
ord1186
ord4426
ord866
ord7646
ord2282
ord571
ord3378
ord6080
ord1561
ord9237
ord8111
ord6270
ord6271
ord1476
ord915
ord2126
ord5054
ord3143
ord7456
ord673
ord2174
ord291
ord4477
ord9152
ord2166
ord935
ord714
ord8827
ord335
ord408
ord4899
ord4515
ord940
ord5893
ord544
ord5440
ord5894
ord1860
ord696
ord7569
ord6407
ord7029
ord7203
ord2863
ord2411
ord2410
ord2251
ord2250
ord4659
ord8780
ord2339
ord2336
ord5987
ord2032
ord6446
ord7538
ord2701
ord7420
ord9365
ord6377
ord7593
ord3245
ord1900
ord5197
ord7015
ord6487
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3555
ord3561
ord3559
ord3557
ord3574
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord4348
ord6712
ord6466
ord3033
ord1769
ord406
ord365
ord302
ord1453
ord753
ord728
ord701
ord5281
ord5449
ord5487
ord690
ord5530
ord5779
ord930
ord950
ord6164
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord2861
ord8169
ord5747
ord1665
ord952
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord2713
ord5998
ord5342
ord425
ord942
ord1408
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord1389
ord7462
ord9297
ord7868
ord5781
ord2716
ord4474
ord7626
ord7628
ord3337
ord5991
ord6804
ord7638
ord7603
ord8152
ord3804
ord4122
ord4320
ord6518
ord4097
ord4323
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6707
ord6465
ord3140
ord1857
ord9385
ord8287
ord8225
ord943
ord8054

msvcr90d

??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter
_time64
srand
rand
_CrtDbgReportW
strlen
_wtof
_wtoi
memmove_s
_snprintf_s
_errno
_CrtDbgReport
free
strcpy
wcscpy
_vsnprintf_s
memset
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
__CxxFrameHandler3
wcslen
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CRT_RTC_INITW
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ

kernel32

InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
GetTickCount
TerminateThread
WaitForSingleObject
GetLocalTime
CreateDirectoryW
GetProcAddress
LoadLibraryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleFileNameW
Sleep
lstrlenW
WideCharToMultiByte
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
RaiseException
DebugBreak
MultiByteToWideChar
lstrlenA
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary

user32

MoveWindow
PeekMessageW
GetSystemMetrics
MessageBoxA

shell32

ord171

shlwapi

PathIsDirectoryW
PathFileExistsW

ole32

OleInitialize

oleaut32

SysFreeString

msvcp90d

?_Orphan_all@_Container_base_secure@std@@QBEXXZ
??0_Container_base_secure@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Container_base_secure@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Exports

Exports

InitDialog

Sections

.textbss
Size: - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c6650cb9775e023079d74f9aaf6285b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90ud

msvcr90d

kernel32

user32

shell32

shlwapi

ole32

oleaut32

msvcp90d

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 566KB

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 13KB - Virtual size: 15KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 47KB - Virtual size: 47KB

.textbss
Size: - Virtual size: 566KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 13KB - Virtual size: 15KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 47KB - Virtual size: 47KB