0396ec3e7c5a0de47db8b04ce1090d5caca6f24f49f2c5c1df2381b2203afb0b_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0396ec3e7c5a0de47db8b04ce1090d5caca6f24f49f2c5c1df2381b2203afb0b_NeikiAnalytics.exe
Size

2.7MB
MD5

4b1d6f9b3955af8640ee8dbc1135a3c0
SHA1

98c58adaa075ee899bef82cea45404b332ef4612
SHA256

0396ec3e7c5a0de47db8b04ce1090d5caca6f24f49f2c5c1df2381b2203afb0b
SHA512

e74ef0c37b4b4b7553ee7c2e093eabb5d794ec4ef8f2ad3fc17569933f115bb069c0418f4bdde9c532355cf42ae251bdb32fcbf65ec49f93262bbbd71889bb6e
SSDEEP

24576:d0NUZVgQN3tXQqXFM+lNoCuYmU1Nn4VbYjObuo6VmBA+DMg4hHhaA138P:/T/9X5lNoZpTXz6JaAC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0396ec3e7c5a0de47db8b04ce1090d5caca6f24f49f2c5c1df2381b2203afb0b_NeikiAnalytics.exe

Files

0396ec3e7c5a0de47db8b04ce1090d5caca6f24f49f2c5c1df2381b2203afb0b_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

9d3c426e3ee8789065a2e6021bd09bf4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?symParameterConst
?symPrivateConst
?momSOff
?getRFPC
GETENV
SET
?symGetItemConst
UPPER
?domValXEql
?domAssign
SETCURSOR
?symRefItemConst
SPACE
?pushCodeBlock
SETKEY
MEMOREAD
?symPublicConst
SETAPPEVENT
SETMOUSE
XBPFONT
?conSendItem
?conAssignRefWMember
SETAPPWINDOW
ALLTRIM
ACREATE
VAL
?retStackValue
DBCLOSEALL
DBSELECTAREA
_KEYBOARD
_ATPROMPT
_MENUTO
SCROLL
SETPOS
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?retStackItem
__vft19ConNumericIntObject10AtomObject
__vft21ConNumericFloatObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
ARRAY
FILE
?domNot
DBUSEAREA
LEFT
_EARLYBOUNDCODEBLOCK
DBCREATEINDEX
DBSETINDEX
DBGOTOP
?getRFCC
TRIM
?executeLMacro
DBSKIP
EOF
DBAPPEND
?getWCFC
FERASE
?getWFCC
?setCWArea
DBCLOSEAREA
?restWArea
SUBSTR
LEN
?domAdd
?domNEql
?andShortCut
?domAnd
RIGHT
?domEql
?orShortCut
?domOr
CHR
?domValEql
SETCOLOR
DEVPOS
REPLICATE
DEVOUT
RAT
?domGetElem
?domRefElem
SAVESCREEN
DBSEEK
?domValNEql
?domValGCmp
?domSub
DISPBOX
TRANSFORM
LASTKEY
?callStack
INKEY
RESTSCREEN
?domGCmp
?domLECmp
MAXROW
MAXCOL
GET
?executeMacro
VALTYPE
AADD
LTRIM
DEVOUTPICT
RLOCK
DBCOMMIT
INT
SETAPPFOCUS
CONFIRMBOX
MSGBOX
_QUIT
POSTAPPEVENT
ORDSETFOCUS
STRTRAN
?domNegate
?domAddEqu
?getWFPC
?domInc
DBF
NETERR
MLCOUNT
MEMOLINE
STR
DTOS
DBUNLOCK
DAY
FCOUNT
FIELDNAME
?getWCFS
?getRFSS
DTOC
?domDiv
?domValLCmp
RTRIM
?domMul
?conMemberToItem
EVAL
ASIZE
XBPPRINTER
XBPPRESSPACE
?conNNewNil
DBCLEARRELATION
DBSETRELATION
DBGOBOTTOM
ROW
COL
CTOD
RECNO
DBGOTO
DBCOMMITALL
ROUND
?domSubStr
?domLCmp
DBDELETE
DATE
_XSAVESCREEN
_XRESTSCREEN
SELECT
_SYMRELEASE
AFILL
QOUT
MEMOEDIT
?domGECmp
QQOUT
DBSETFILTER
ORDLISTCLEAR
ORDLISTADD
EMPTY
DBCLEARFILTER
_EJECT
?symPublicFalse
AT
ASCAN
ASORT
MIN
ADEL
AINS
?domValLECmp
PCOUNT
FOPEN
FERROR
RUNSHELL
FCLOSE
FSEEK
FREAD
GRAQUERYTEXTBOX
GRASTRINGAT
INDEXORD
ACHOICE
XBPDIALOG
?conNewNil
XBPLISTBOX
APPEVENT
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_82_0
___xpprt1Version
PROCNAME
PROCLINE
?conNewString
?domXEql
NATIONMSG
DISPOUT
?pushDynamicCodeBlock
?conOpNewInt
?conNewCon
DBESETDEFAULT
DBELIST
DBELOAD
DBEINFO
?domValSubStr
?conRelease
DBSTRUCT
FIELDPOS
AEVAL
?domDec
ATAIL
DBCREATE
DBEVAL
DELETED
FIELDGET
FIELDPUT
?setSWArea
ALIAS
DBCOPYSTRUCT
TYPE
?getRCFC
BREAK
ERRORBLOCK
?ehUnsetContext
?ehGetBreakContainer
MAX
?domSubEqu
ACLONE
NEXTAPPEVENT
LASTREC
?floadTos
LASTAPPEVENT
?nomClassLock
?nomClassUnlock
?retObject
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?conNewExtObject
?nomCallInitClass
?conGetSelfClass
?conGetClass
TBROWSE
TBCOLUMN
BOF
?domValGECmp
APPTYPE
APPDESKTOP
XBPCRT
APPNAME
ROOTCRT
WORKSPACELIST
DBRROLLBACK
ALERT
DBEBUILD
DBSESSION
ISFUNCTION
DOSERRORMESSAGE
_BREAK
ERRORLEVEL
PADL
TONE
OUTERR
TIME
VERSION
OS
VAR2CHAR

xppdbgc

__XPPdbgClient

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d3c426e3ee8789065a2e6021bd09bf4

Headers

File Characteristics

Imports

xpprt1

xppdbgc

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.data Size: 235KB - Virtual size: 235KB

.xpp Size: 14KB - Virtual size: 14KB

.idata Size: 6KB - Virtual size: 6KB

.reloc Size: 98KB - Virtual size: 98KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 235KB - Virtual size: 235KB

.xpp
Size: 14KB - Virtual size: 14KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 98KB - Virtual size: 98KB