a8229fa5cb8799ac4713bed5b018e76f8a800a7dc5f8feece1b0cef1679e45cf_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a8229fa5cb8799ac4713bed5b018e76f8a800a7dc5f8feece1b0cef1679e45cf_NeikiAnalytics.exe
Size

591KB
MD5

e5468a3141bb80ed91a7571333aa9b20
SHA1

61b4011799c0a766a2a7ace0adb830470c01a091
SHA256

a8229fa5cb8799ac4713bed5b018e76f8a800a7dc5f8feece1b0cef1679e45cf
SHA512

a3bdaa18a71d719aa3dc1d39108c2d990756a7aab43e52f523a8249bab40ed48b11f304fd8726400a812c423802101cf0484e979c2d1459de0ebda47903b5593
SSDEEP

12288:xT7F9pRz2oLWwiMVUDmf0vJS+Zw6xmziKpK5gqHfC0Z9M:xT7F9pR1L/UDmfISCLxn9gqHq0Z9M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8229fa5cb8799ac4713bed5b018e76f8a800a7dc5f8feece1b0cef1679e45cf_NeikiAnalytics.exe

Files

a8229fa5cb8799ac4713bed5b018e76f8a800a7dc5f8feece1b0cef1679e45cf_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

d2669c64510aca96627aba886a852ad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\WstAuthClient\pdb\Debug\engineGM234\Wst234SKFEngine.pdb

Imports

wsteay12

ord3393
ord4129
ord4297
ord2889
ord2659
ord2764
ord2522
ord4130
ord2494
ord2483
ord2992
ord3605
ord292
ord293
ord4508
ord4409
ord2937
ord2505
ord198
ord2528
ord4478
ord4497
ord2813
ord247
ord966
ord2611
ord3837
ord3395
ord359
ord3519
ord120
ord3450
ord3385
ord2075
ord2023
ord28
ord195
ord197
ord2415
ord2416
ord2412
ord2841
ord2848
ord95
ord3619
ord78
ord423
ord52
ord66
ord1912
ord602
ord605
ord607
ord608
ord366
ord363
ord316
ord600
ord281
ord283
ord641
ord3891
ord2826
ord2980
ord654
ord357
ord4259
ord3717
ord3455
ord1882
ord57
ord3823
ord87
ord109
ord89
ord67
ord4233
ord1086
ord1085
ord1207
ord4304
ord4257
ord3563
ord2693
ord3010
ord2929
ord2831
ord3682
ord4376
ord4470
ord4210
ord3928
ord3951
ord3388
ord3379
ord3608
ord3242
ord86
ord4295
ord3607
ord3627
ord3661
ord150
ord222
ord2701
ord151
ord129
ord3706
ord3480
ord2953
ord3733
ord3663
ord364
ord365
ord3711
ord3749
ord3512
ord2877
ord111
ord4356
ord3927
ord2242
ord2243
ord118
ord165
ord2924
ord125
ord3635
ord166
ord2241
ord110
ord279
ord3422
ord3575
ord3587
ord3695
ord17
ord3472
ord252
ord188
ord362
ord4213
ord11
ord16
ord181
ord2623
ord3168
ord2655
ord3050
ord2914
ord3090
ord3180
ord2512
ord2878

wstlog

WstWriteLog

sputils

GetSkfEngineConfInfo
?wait@CWaiter@@QAEHKK@Z
GetLogDirPath
GetCfgDirPath
?wake@CWaiter@@QAEXXZ
GetLibraryDirPath

certutils

ord29
ord13
ord38
ord36
ord28
ord11

kernel32

FlushFileBuffers
SetStdHandle
GetLocaleInfoW
InterlockedExchange
HeapQueryInformation
HeapSize
HeapReAlloc
SetConsoleCtrlHandler
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
VirtualQuery
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
WriteFile
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
LCMapStringW
TlsAlloc
FatalAppExitA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
HeapValidate
GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
lstrlenA
RaiseException
MultiByteToWideChar
IsDebuggerPresent
WideCharToMultiByte
GetCommandLineA
GetCurrentThreadId
RtlUnwind
DecodePointer
EncodePointer
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
CloseHandle
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
TlsGetValue
CreateFileW
SetEndOfFile

sm13algrithm

SM4_X_CBC_EN_MODE
SM2_ECDSA_Verification
SM3_Final
SM3_algrithm_userid_hash
SM3_Update
SM3_Init
SM2_ECES_Encryption
SM2_Get_Paramter
SM2_ECC_InitParameter
SM2_ECC_GenerateKeyPair
SM4_X_ECB_EN_MODE
SM4_X_ECB_DE_MODE
SM4_X_CBC_DE_MODE
SM4_KEY_INIT

Exports

Exports

bind_engine
v_check

Sections

.textbss
Size: - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2669c64510aca96627aba886a852ad2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsteay12

wstlog

sputils

certutils

kernel32

sm13algrithm

Exports

Exports

Sections

.textbss Size: - Virtual size: 214KB

.text Size: 456KB - Virtual size: 455KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 7KB - Virtual size: 18KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 20KB

.textbss
Size: - Virtual size: 214KB

.text
Size: 456KB - Virtual size: 455KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 7KB - Virtual size: 18KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 20KB