9235ae70e2f3d442ff0ed4defa988f3091914cd520d038cf41be0be249106edf_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9235ae70e2f3d442ff0ed4defa988f3091914cd520d038cf41be0be249106edf_NeikiAnalytics.exe
Size

744KB
MD5

b98b35d430e966882f4cda1cd3da44e0
SHA1

036e44610284d51650319e72fabd3b6db66c171c
SHA256

9235ae70e2f3d442ff0ed4defa988f3091914cd520d038cf41be0be249106edf
SHA512

afd852c228d63a57c279ac7306087aaa3d8742f62fdabdaa5f1c52954ee33151952e7b0dd708a2a960814fc390750586ea774d9eee2bad87fd858c9d6e3cce62
SSDEEP

12288:dR6ky5UzAG5zp2bjWn7JSIUXcWLWbl+NdYtU3oLzIbDMMMMMvxmjC:f6ky5UzAGhp2bjWnbwLWBlU3o3+MMMMX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9235ae70e2f3d442ff0ed4defa988f3091914cd520d038cf41be0be249106edf_NeikiAnalytics.exe

Files

9235ae70e2f3d442ff0ed4defa988f3091914cd520d038cf41be0be249106edf_NeikiAnalytics.exe
.exe windows:1 windows x86 arch:x86

72a795de33adc802085e53d7fbc7a0c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegQueryValueA

c60ascx

ASCII

c60dosx

DOS

c60netx

NetCloseCallBackWindow
NetDebugTrace

c60runx

AttachThreadToClarion
Cla$ADDqueue
Cla$ADDqueuekey
Cla$BLOB_GET_PROPERTY
Cla$BLOB_YIELD
Cla$CLEAR
Cla$ClearDec
Cla$CLEARqueue
Cla$clearstr
Cla$ClearType
Cla$CLOCK
Cla$CLOSEwindow
Cla$code
Cla$COMMAND
Cla$COMMIT
Cla$comparestr
Cla$CREATE
Cla$DecAdd
Cla$DecCompareN
Cla$DecDistinct
Cla$DecDistinctR
Cla$DecDivide
Cla$DecDivideR
Cla$DecMul
Cla$DecSub
Cla$DInt
Cla$DISPLAY
Cla$DISPOSEqueue
Cla$DPopDec
Cla$DPopLong
Cla$DPopReal
Cla$DPopUlong
Cla$DPushConstant
Cla$DPushDec
Cla$DPushLong
Cla$DPushULong
Cla$DStack2Stack
Cla$duplicate
Cla$EndEventLoop
Cla$ERRORCODE
Cla$Evaluate
Cla$EVENT
Cla$FIELD
Cla$FILEERRORCODE
Cla$FILEERRORMSG
Cla$FileExists
Cla$FILE_ADDf
Cla$FILE_CLEAR
Cla$FILE_CLOSE
Cla$FILE_CREATE
CLA$FILE_DESTROY
Cla$FILE_GETfk
Cla$FILE_GET_PROPERTY
Cla$FILE_NEXT
Cla$FILE_NULL
Cla$FILE_OPEN
Cla$FILE_RECORDSf
Cla$FILE_SEND
Cla$FILE_SETf
Cla$FILE_SETk
Cla$FILE_SETkk
Cla$FILE_SET_PROPERTY
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GETINI
Cla$GetPropS
Cla$GETqueuekey
Cla$GETqueueptr
Cla$HALT
Cla$HIDE
Cla$init
Cla$KEYCODE
Cla$loaddec
Cla$Locale
Cla$LOGOUT
Cla$Mem2Ufo
Cla$MessageBox
Cla$MOUSEX
Cla$MOUSEY
Cla$NewMemB
Cla$NEWqueue
Cla$NOTIFICATION
Cla$NOTIFY
Cla$OPENwindow
Cla$paopen
Cla$PopCString
Cla$PopReal
Cla$PopString
Cla$PopTemp
Cla$POST
Cla$PushCString
Cla$PushLong
Cla$PushPictDec
Cla$PushPictLong
Cla$PushReal
Cla$PushString
Cla$PushTemp
Cla$PushUfo
Cla$PUTqueue
Cla$pwopen
Cla$RANDOM
Cla$Real2Ufo
Cla$realdistinct
Cla$RECORDSqueue
Cla$rterr
Cla$RUN
Cla$SELECT
Cla$SETCLIPBOARD
Cla$SETPOSITION
Cla$SetPropF
Cla$SetPropS
Cla$SetPropV
Cla$SHORTPATH
Cla$SORTqueuekey
Cla$Stack2DStack
Cla$StackCLIP
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackCompareR
Cla$StackConcat
Cla$StackConcatR
Cla$StackDEFORMAT
Cla$StackErrstr
Cla$StackFORMAT2
Cla$StackHeap
Cla$StackINLIST
Cla$StackINSTRING
Cla$StackLEFT
Cla$StackLen
Cla$StackLOWER
Cla$StackNUMERIC
Cla$STACKpop
Cla$StackRotate
Cla$StackSUB
Cla$StackUPPER
Cla$StackVAL
Cla$START
Cla$StartEventLoop
Cla$StashBP
Cla$STOP
Cla$storebtdate
Cla$storebttime
Cla$storecstr
Cla$storedec
Cla$storestr
Cla$String2Ref
Cla$THREAD
Cla$THREAD_FILE
Cla$TODAY
Cla$Ufo2Real
THR$GetInstance
VIEWDRIVER
Wsl$CloseDown
_exit
_free
_longjmp
_malloc
_setjmp
__sysinit
__sysstart

c60tpsx

TOPSPEED

kernel32

CloseHandle
CreateFileA
CreateMutexA
ExitProcess
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetLastError
GetModuleFileNameA
GetVersionExA
GetWindowsDirectoryA
OutputDebugStringA
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
SleepEx
VirtualQuery

osclient

BTRANSAKSJONER@F
CSTARTBONGWITHNOSECONDSCREEN@F
OSCLIENT:INIT@F10ERRORCLASS8INICLASS
OSCLIENT:KILL@F
WANSATTINNLOGGET@F
WCOLLECTATSTORE@F
WDATOOGKL@F
WHOVEDMENY@F
WINITPROGRAM@FUc
WKASSE@F
WKUNDESKJERM@F
WLOGINN@F
WSTARTUPINFO@F
WSTEMPLEINNUT@F
WTIMEBOK@F
WTIMEBOKANSATTVIS@F
WVAREFORBRUK@F
WVERKTOY@F

oskonfigurasjon

OSKONFIGURASJON:INIT@F10ERRORCLASS8INICLASS
OSKONFIGURASJON:KILL@F

oskunde

BKUNDESOK@F
OSKUNDE:INIT@F10ERRORCLASS8INICLASS
OSKUNDE:KILL@F

osstdlib

$ACCESS:ANSATTTYPE
$ACCESS:BESOK
$ACCESS:KUNDE
$ACCESS:LISENS
$ACCESS:LOG
$ACCESS:OS_LOCALSITECONFIG
$ACCESS:POS
$ACCESS:REF:FIXITCONFIG
$ACCESS:REF:LISENS
$ACCESS:REF:OS_CHAINLIVESTATUS
$ACCESS:REF:POST
$ACCESS:REF:SKIN
$ACCESS:REF:SYSTEM
$ACCESS:SALG
$ACCESS:SKIN
$ACCESS:VARE
$ACCESS:VARELAGER
$ACCESS:VARE_STREKKODE
$ALDERSGRUPPE
$ANSATT
$AppNameDesc
$BEHANDLING
$BESOK
$BKT
$DUMMYSKIN
$ELECTRONICJOURNAL
$FILES
$FIXITCONFIG
$GLO:ALLOWTRANSLATION
$GLO:ANSATTINNLOGGETTHREAD
$GLO:APPFRAMETHREAD
$GLO:CleanCloseDownMainThread
$GLO:COLLECTATSTORETHREAD
$GLO:COMMANDPARAMGROUP
$GLO:CURRENTANSATTIDINNLOGGET
$GLO:CURRENTTHREAD
$GLO:DATADIR
$GLO:DATOOGKLTHREAD
$GLO:DELTAX
$GLO:DELTAY
$GLO:DUMMYSKINFILENAME
$GLO:IMPORTFILENAME
$GLO:KASSETHREAD
$GLO:KUNDESKJERMTHREAD
$GLO:KUNDESOKTHREAD
$GLO:LOGINTHREAD
$GLO:MAINMENUTHREAD
$GLO:SELECTEDLANGUAGE
$GLO:SKINFILENAME
$GLO:STARTUPWINDOWTHREAD
$GLO:STEMPLEINNUTTHREAD
$GLO:TIMEBOKANSATTTHREAD
$GLO:TIMEBOKTHREAD
$GLO:TRANSAKSJONERTHREAD
$GLO:VAREFORBRUKTHREAD
$GLO:VERKTOYTHREAD
$GLOBALREQUEST
$GLOBALRESPONSE
$IMPORTFILE
$KTX
$KUNDE
$KUNDEKATEGORI
$KUNDEKATEGORIMEDLEM
$LAGERENDRING
$LAGERLOGG
$LISENS
$LOG
$MERKE
$ODINDEBUG
$OS_CHAINLIVESTATUS
$OS_LOCALSITECONFIG
$POS
$RABATT
$RELATE:ALDERSGRUPPE
$RELATE:ANSATT
$RELATE:ANSATTBEHANDLINGUNNTAK
$RELATE:ANSATTTYPE
$RELATE:ANSATTTYPEBEHANDLING
$RELATE:BBSLOG
$RELATE:BEHANDLING
$RELATE:BESOK
$RELATE:BILAG
$RELATE:BILAGTYPERPAABILAG
$RELATE:BKT
$RELATE:DM
$RELATE:DMUTVALG
$RELATE:FAKTURA
$RELATE:FAKTURALINJE
$RELATE:FILES
$RELATE:FIXITCONFIG
$RELATE:FRAVAERSKODER
$RELATE:GAVEKORT
$RELATE:GAVEKORTENDRING
$RELATE:KAMPANJE
$RELATE:KAMPANJEANSATT
$RELATE:KAMPANJEINNHOLD
$RELATE:KAMPANJESALG
$RELATE:KAMPANJESITE
$RELATE:KORRIGERTSALG
$RELATE:KREDITT
$RELATE:KREDITTBETALING
$RELATE:KTX
$RELATE:KUNDE
$RELATE:KUNDEKATEGORI
$RELATE:KUNDEKATEGORIMEDLEM
$RELATE:LAGERENDRING
$RELATE:LAGERLOGG
$RELATE:LISENS
$RELATE:LOG
$RELATE:LONNSBEREGNING
$RELATE:LONNSGRUNNLAG
$RELATE:LONNSKODE
$RELATE:LONNSPERIODE
$RELATE:MERKE
$RELATE:OPPGJOR
$RELATE:OS_CHAINLIVESTATUS
$RELATE:OS_LOCALSITECONFIG
$RELATE:POS
$RELATE:PRODUKTSERIE
$RELATE:RABATT
$RELATE:SALG
$RELATE:SKIN
$RELATE:SQLRESULTS
$RELATE:STATALDER
$RELATE:STATFORBRUK
$RELATE:STATOMS
$RELATE:STATSALG
$RELATE:STATTID
$RELATE:TIMEBOKBESOK
$RELATE:TIMEBOKSALG
$RELATE:VARE
$RELATE:VAREFORBRUKREGEL
$RELATE:VARELAGER
$RELATE:VARE_STREKKODE
$RELATE:VKT
$REPGLO:SITE
$SALG
$SKIN
$SQLRESULTS
$STATISTIKK
$ThisMessageBox
$VARE
$VCRREQUEST
$VERSJONSKONTROLL
$VKT
ADDITEM@F13WINDOWMANAGER12TOOLBARCLASS
ALDERSGRUPPE$ALD:RECORD
ANSATT$ANS:RECORD
ANSATT$TYPE$ANS:RECORD
ANSATTTYPE$ATY:RECORD
ANSATTTYPE$TYPE$ATY:RECORD
ASK@F13WINDOWMANAGER
BEHANDLING$BEH:RECORD
BESOK$BES:RECORD
BKT$BKT:RECORD
CAUTOMATICLOGOFF@F
CCLOSETERMINAL@FRsc
CCLOSEWAITWINDOW@F
CFINDSITE@F
CHANGEACTION@F13WINDOWMANAGER
CINITKASSAPUNKTINFO@FUc
CONSTRUCT@F10ERRORCLASS
CONSTRUCT@F16ERRORSTATUSCLASS
CONSTRUCT@F8INICLASS
CVERIFYBOMUSPOINTCONFIGURATION@F
DELETEACTION@F13WINDOWMANAGER
DESTRUCT@F16ERRORSTATUSCLASS
FILES$FIL:RECORD
FIXITCONFIG$FCO:RECORD
IMPORTFILE$IMP:RECORD
INIT@F10ERRORCLASS16ERRORSTATUSCLASS
INIT@F13WINDOWMANAGER
INIT@F8INICLASSsbll
INSERTACTION@F13WINDOWMANAGER
KILL@F13WINDOWMANAGER
KILL@F8INICLASS
KTX$KTX:RECORD
KUNDE$KUN:PK_KUNDE
KUNDE$KUN:RECORD
KUNDE$TYPE$KUN:RECORD
KUNDEKATEGORI$KKT:RECORD
KUNDEKATEGORIMEDLEM$KKM:RECORD
LAGERENDRING$LAG:RECORD
LAGERENDRING$TYPE$LAG:RECORD
LAGERLOGG$LLG:RECORD
LISENS$LIS:RECORD
LISENS$TYPE$LIS:RECORD
LOG$LOG:RECORD
LOG$TYPE$LOG:RECORD
MERKE$MER:RECORD
OPEN@F13WINDOWMANAGER
OPEN@F13WINDOWMANAGERBwBw
OSSTDLIB:INIT@F10ERRORCLASS8INICLASS
OSSTDLIB:KILL@F
OS_LOCALSITECONFIG$OS_LSC:RECORD
OS_LOCALSITECONFIG$TYPE$OS_LSC:RECORD
POS$POS:RECORD
POS$TYPE$POS:RECORD
PRIMEFIELDS@F13WINDOWMANAGER
PRIMEUPDATE@F13WINDOWMANAGER
RABATT$RAB:RECORD
RESET@F13WINDOWMANAGERUc
RESTOREFIELD@F13WINDOWMANAGERl
RUN@F13WINDOWMANAGER
RUN@F13WINDOWMANAGERUsUc
SALG$SAL:RECORD
SAVEONCHANGEACTION@F13WINDOWMANAGER
SAVEONINSERTACTION@F13WINDOWMANAGER
SETALERTS@F13WINDOWMANAGER
SETPROCEDURENAME@F10ERRORCLASSOsb
SETRESPONSE@F13WINDOWMANAGERUc
SKIN$SKI:FILENAMEKEY
SKIN$SKI:RECORD
SKIN$TYPE$SKI:RECORD
SQLRESULTS$SQL:RECORD
SQLRESULTS$TYPE$SQL:RECORD
TAKEACCEPTED@F13WINDOWMANAGER
TAKECLOSEEVENT@F13WINDOWMANAGER
TAKECOMPLETED@F13WINDOWMANAGER
TAKEDISABLEBUTTON@F13WINDOWMANAGERlUc
TAKEEVENT@F13WINDOWMANAGER
TAKEFIELDEVENT@F13WINDOWMANAGER
TAKENEWSELECTION@F13WINDOWMANAGER
TAKENOTIFY@F13WINDOWMANAGERlll
TAKEREJECTED@F13WINDOWMANAGER
TAKESELECTED@F13WINDOWMANAGER
TAKEWINDOWEVENT@F13WINDOWMANAGER
TYPE$TOOLBARCLASS
UPDATE@F13WINDOWMANAGER
VARE$VAR:RECORD
VARELAGER$TYPE$VLA:RECORD
VARELAGER$VLA:RECORD
VARE_STREKKODE$TYPE$V_S:RECORD
VARE_STREKKODE$V_S:RECORD
VKT$VKT:RECORD
VMT$ERRORCLASS
VMT$ERRORSTATUSCLASS
VMT$INICLASS
VMT$TOOLBARCLASS
WUPGRADEFIXITVERSION@FRUcRUc

s6tpsx

ds_CloseTables
ds_SetDefaultFont
ds_SetPath

shell32

ShellExecuteA

user32

CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos

we60x

ds_DeleteFile
ds_FormatHex
ds_GetFileDirEntry
ds_GetFileVersionInfo
ds_GetWinVersion
ds_LoadDLLProc
ds_String2File
ds_VisibleOnDesktop
ds_WinError

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 6KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72a795de33adc802085e53d7fbc7a0c6

Headers

File Characteristics

Imports

advapi32

c60ascx

c60dosx

c60netx

c60runx

c60tpsx

kernel32

osclient

oskonfigurasjon

oskunde

osstdlib

s6tpsx

shell32

user32

we60x

Sections

.text Size: 150KB - Virtual size: 150KB

.data Size: 47KB - Virtual size: 109KB

.cwtls Size: 6KB - Virtual size: 62KB

.idata Size: 15KB - Virtual size: 14KB

.rsrc Size: 502KB - Virtual size: 501KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 150KB - Virtual size: 150KB

.data
Size: 47KB - Virtual size: 109KB

.cwtls
Size: 6KB - Virtual size: 62KB

.idata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 502KB - Virtual size: 501KB

.reloc
Size: 22KB - Virtual size: 22KB