a8fa68d4d60dfd87ab0ceb200f3d038b3e012e9322ca1483ffaa1acdcf285887_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a8fa68d4d60dfd87ab0ceb200f3d038b3e012e9322ca1483ffaa1acdcf285887_NeikiAnalytics.exe
Size

256KB
MD5

bbc78447de05dc1a9efe33aeabbd8200
SHA1

f1c2b95d75caaede7d5219bf722e3966c1eeac7c
SHA256

a8fa68d4d60dfd87ab0ceb200f3d038b3e012e9322ca1483ffaa1acdcf285887
SHA512

ddf1080615d626450539ea97a857f5e7ea03e3337981cbd6e00570e4950ff54241e1ea9718b7bd6606447241e29586c943f81f001a2b8c0aa040412065102344
SSDEEP

3072:KgsJMmL1kperaTi7189sOUSSG0p3azT++UeXTxBIvTashozKTTRXgtNqCpXKDvBa:hsJHkAmTixG7UgNBIesh1/RQ+dBVOMs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8fa68d4d60dfd87ab0ceb200f3d038b3e012e9322ca1483ffaa1acdcf285887_NeikiAnalytics.exe

Files

a8fa68d4d60dfd87ab0ceb200f3d038b3e012e9322ca1483ffaa1acdcf285887_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

5645bcdd1966e4ac88316776a9b06349

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\dvr\4.2\dvr\v3.4\apps\bin\Release\backupwz.pdb

Imports

locale

?GetRes@CLocale@@QAEHH@Z
?GetFont@CLocale@@QAEPAUHFONT__@@H@Z
?LoadStringA@CLocale@@QAEPADPAD0@Z
?LoadStringA@CLocale@@QAEPADPADH00@Z
??1CLocale@@QAE@XZ
??0CLocale@@QAE@PAD@Z

dvr3k

Mount_DFS
Unmount_DFS
Enum_DFS
StartExeFileBackup
GetBackupSize
DeletePlayer
CreatePlayer
StartBackupEx

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

dfs3

DFS_Close
DFS_Open
DFS_EnumFileSystem

cdburn

?GetPath@CCDBurn@@QAEPADH@Z
?Close@CCDBurn@@QAEHXZ
?RecordCD@CCDBurn@@QAEHXZ
??1CCDBurn@@QAE@XZ
??0CCDBurn@@QAE@XZ
?AttachCallback@CCDBurn@@QAEHP6AHIKK@Z@Z
?SetCDDevice@CCDBurn@@QAEHH@Z
?GetWritableSize@CCDBurn@@QAEKXZ
?Isburn@CCDBurn@@QAEHXZ
?SelectJolietFormat@CCDBurn@@QAEHXZ
?Erase@CCDBurn@@QAEHH@Z
?Eject@CCDBurn@@QAEHH@Z
?GetCDDeviceLetter@CCDBurn@@QAEXPAD@Z
?AddData@CCDBurn@@QAEHPAD@Z
?GetDisplayName@CCDBurn@@QAEXHPAD00@Z
?EnumCDDevice@CCDBurn@@QAEHXZ
?GetMediaType@CCDBurn@@QAEHHPAH0@Z
?GetDevicePnPID@CCDBurn@@QAEPADH@Z
?Open@CCDBurn@@QAEHXZ

ws2_32

closesocket
WSAEventSelect
WSAEnumNetworkEvents
recv
send
WSACloseEvent
socket
htons
connect
setsockopt
WSAStartup
WSACleanup
WSACreateEvent
gethostbyname
WSAGetLastError
inet_ntoa
htonl
ntohl
shutdown

tctrl

KEYPAD_CreateButton
KEYPAD_Create

kernel32

GetLocaleInfoA
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
SetStdHandle
SetEndOfFile
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
OutputDebugStringA
LoadLibraryW
SetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
SetEnvironmentVariableA
LoadLibraryA
lstrcpyA
GetSystemTime
ResumeThread
CreateThread
GetLocalTime
Sleep
GetDiskFreeSpaceExA
GetModuleFileNameA
GetVersionExA
_lclose
_lcreat
_lopen
OpenFile
lstrcatA
lstrlenA
_lread
_llseek
_lwrite
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WaitForSingleObject
CreateDirectoryA
lstrcmpiA
WinExec
GetDriveTypeA
GetTempPathA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualQuery
InterlockedExchange
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
ReadFile
DeleteFileA
FlushFileBuffers
RemoveDirectoryA
WriteFile
SetFilePointer
CreateFileA
GetFileType
GetCommandLineA
GetStartupInfoA
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
HeapAlloc
HeapFree
GetFileAttributesA
GetFullPathNameA
GetCurrentDirectoryA
RaiseException
ExitProcess
RtlUnwind
GetVersion

user32

DefWindowProcA
SetForegroundWindow
PostQuitMessage
DestroyWindow
IsWindow
LoadCursorA
GetDlgItemInt
LoadIconA
SetDlgItemInt
CheckRadioButton
SendNotifyMessageA
IsDlgButtonChecked
CheckDlgButton
GetWindowLongA
CreateWindowExA
ScreenToClient
SetTimer
PeekMessageA
TranslateMessage
DispatchMessageA
CallWindowProcA
SetRect
GetClientRect
GetDC
ReleaseDC
KillTimer
GetDesktopWindow
OffsetRect
LoadBitmapA
SetWindowLongA
GetWindowRect
GetSystemMetrics
MoveWindow
EndDialog
DialogBoxParamA
ShowWindow
GetWindowTextA
SetWindowTextA
wsprintfA
FindWindowA
PostMessageA
SetDlgItemTextA
EnableWindow
GetParent
SendDlgItemMessageA
GetDlgItem
SendMessageA
GetDlgItemTextA
MessageBoxA
RegisterClassA
SetFocus

gdi32

GetStockObject
CreateCompatibleDC
GetObjectA
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5645bcdd1966e4ac88316776a9b06349

Headers

File Characteristics

PDB Paths

Imports

locale

dvr3k

msvfw32

dfs3

cdburn

ws2_32

tctrl

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 36KB

.rsrc Size: 72KB - Virtual size: 69KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 36KB

.rsrc
Size: 72KB - Virtual size: 69KB