9cb94539e0ee1c1e781bd1b51ec509b3ead4e774e56b516e6904cb13e88c2ef6_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9cb94539e0ee1c1e781bd1b51ec509b3ead4e774e56b516e6904cb13e88c2ef6_NeikiAnalytics.exe
Size

82KB
MD5

48e2ca77c8e1869ec2dd4c1a67c29630
SHA1

b235214351a20294d8613aaaba9357ef3dfa3987
SHA256

9cb94539e0ee1c1e781bd1b51ec509b3ead4e774e56b516e6904cb13e88c2ef6
SHA512

1bddf1e6e6f25f1d88c980de9474a745066bf752f1ec4ccc95077406e6f9797dc9b65f8f3c1664dc9b0c76e7c3305f4dcdef5abaf575e1c24726fb7f61c3ecfe
SSDEEP

1536:RVH5JAdFcl+kSHGTsW0rxv+cmctJRlmjXHEHaMHqxXPy:R5zAdA0Nv+CfRlmjXHEHaMHqxXPy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cb94539e0ee1c1e781bd1b51ec509b3ead4e774e56b516e6904cb13e88c2ef6_NeikiAnalytics.exe

Files

9cb94539e0ee1c1e781bd1b51ec509b3ead4e774e56b516e6904cb13e88c2ef6_NeikiAnalytics.exe
.dll windows:1 windows x86 arch:x86

97aab4c158c94894d431016cfe80c2ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

sflib

AddToPath
CreateListviewColumns
DayOfWeek
DeleteDir
EnsurePathExists
MakeTimecode
RTrim
SplitTimecode
SystimeToTimecode
TimecodeToSystime
_sfMsgBox
sf_strcatn

sfdb

@cSFDB@1$bctr$qv
@cSFDB@1$bdtr$qv
@cSFDB@1AddExtra$qv
@cSFDB@1AddExtraSpaces$qi
@cSFDB@1AddFund$qv
@cSFDB@1AddFundSpaces$qi
@cSFDB@1AddPrice$qv
@cSFDB@1AddPriceSpaces$qi
@cSFDB@1AddShare$qv
@cSFDB@1Close$qv
@cSFDB@1CountShares$qv
@cSFDB@1DeleteExtra$qv
@cSFDB@1DeleteFund$qv
@cSFDB@1DeletePrice$qv
@cSFDB@1DeleteShare$qv
@cSFDB@1FindExtra$qiul
@cSFDB@1FindFund$qiul
@cSFDB@1FindPrice$qiul
@cSFDB@1FindShareID$qii
@cSFDB@1FindShareName$qipc
@cSFDB@1Open$qi
@cSFDB@1RenameShare$qv
@cSFDB@1UpdateShare$qv
@cSFDBInfo@1$bctr$qv
@cSFDBInfo@1$bdtr$qv
@cSFDBInfo@1Find$qi
@cSFDBInfo@1GetConfig$qpct1t1i
@cSFDBParam@1$bctr$qv
@cSFDBParam@1$bdtr$qv
@cSFDBParam@1Close$qv
@cSFDBParam@1DeleteParam$qv
@cSFDBParam@1DeleteShare$qv
@cSFDBParam@1FindParam$qii
@cSFDBParam@1FindShareID$qii
@cSFDBParam@1Open$qi
@cSFDBParam@1SetParam$qiipuli
@cSFDBSector@1$bctr$qv
@cSFDBSector@1$bdtr$qv
@cSFDBSector@1Add$qipc
@cSFDBSector@1Find$qii
@cSFDBSector@1Open$qi

sf4.exe

sfHelpTopic

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
DeleteFileA
DisableThreadLibraryCalls
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetDateFormatA
GetLastError
GetLocalTime
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTimeFormatA
GetVersion
GetWindowsDirectoryA
GlobalAlloc
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
MoveFileA
MulDiv
ReadFile
SetEvent
SetFilePointer
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpynA
lstrlenA

comctl32

CreatePropertySheetPageA
InitCommonControls
PropertySheetA

gdi32

GetStockObject
SetBkColor
SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

user32

CheckDlgButton
EnableMenuItem
EnableWindow
FindWindowA
GetDlgItem
GetParent
GetSysColor
GetSystemMenu
GetWindowLongA
IsDlgButtonChecked
KillTimer
LoadIconA
LoadStringA
MessageBeep
PostMessageA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetTimer
SetWindowLongA
wsprintfA

cw3230mt

@$bdele$qpv
@$bdla$qpv
@$bnew$qui
@$bnwa$qui
@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
@strchr$qpci
@strrchr$qpci
__ErrorMessage
__ExceptionHandler
___debuggerDisableTerminateCallback
__beginthreadNT
__chartype
__flushall
__free_heaps
__ftol
__startupd
_abort
_atof
_atol
_fclose
_fgets
_filelength
_fopen
_fprintf
_free
_fseek
_ftell
_malloc
_memcpy
_memset
_sprintf
_sscanf
_strcat
_strcpy
_strcspn
_stricmp
_strlen
_strncpy
_strtok
_vfprintf

Exports

Exports

__DebuggerHookData
sfModuleAPI
sfModuleVersion
sfModuleVersionEx
sfUpdateDatabase

Sections

.text
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97aab4c158c94894d431016cfe80c2ff

Headers

File Characteristics

Imports

sflib

sfdb

sf4.exe

advapi32

kernel32

comctl32

gdi32

shell32

user32

cw3230mt

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 44KB

.data Size: 7KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 23KB - Virtual size: 24KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 41KB - Virtual size: 44KB

.data
Size: 7KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 23KB - Virtual size: 24KB

.reloc
Size: 3KB - Virtual size: 4KB