15589c2f3a6e0455e45a388bd615db36c050acc4aecb6d4449cd5ba3a3367639_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

15589c2f3a6e0455e45a388bd615db36c050acc4aecb6d4449cd5ba3a3367639_NeikiAnalytics.exe
Size

473KB
MD5

7c57d43890206d3a90c174b067e4c1d0
SHA1

1786863f058dae13071ebfb02b599d7e63e657d4
SHA256

15589c2f3a6e0455e45a388bd615db36c050acc4aecb6d4449cd5ba3a3367639
SHA512

7ef145776cb6e98cde57d8355d93a1d2802a73da24d4ba005a708028196060ef2fea7f3d8f0d5776614756a8b342835b76349719f9a2ba7b4f5ec5149818fa8e
SSDEEP

6144:UXoNx1Qozll102aYSwlZQmQzQ0d8J01wr2CqabBvGBIlfWxdb8:UXoNx+e1F9MfQqabVVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15589c2f3a6e0455e45a388bd615db36c050acc4aecb6d4449cd5ba3a3367639_NeikiAnalytics.exe

Files

15589c2f3a6e0455e45a388bd615db36c050acc4aecb6d4449cd5ba3a3367639_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

92d16908395846e283f32110de387470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\RadarB0130\release_x64\df\dfslay\DFSLay.pdb

Imports

mfc140

ord3137
ord4686
ord6235
ord8862
ord9898
ord7890
ord5211
ord7420
ord7431
ord7430
ord5730
ord5049
ord5213
ord5067
ord5323
ord9001
ord5536
ord5347
ord5064
ord8413
ord2148
ord848
ord12157
ord2503
ord4331
ord1357
ord7973
ord8669
ord10645
ord5560
ord12060
ord12879
ord13521
ord962
ord4940
ord4630
ord1678
ord13997
ord8155
ord13255
ord4157
ord11593
ord5368
ord5371
ord5364
ord6080
ord6286
ord13949
ord2255
ord8374
ord8381
ord12510
ord12391
ord1671
ord4903
ord2207
ord5311
ord6843
ord2188
ord2254
ord2810
ord11604
ord1424
ord14218
ord961
ord5312
ord6288
ord4666
ord2431
ord12214
ord2416
ord12410
ord5310
ord482
ord2264
ord14197
ord12035
ord14144
ord4648
ord1507
ord1485
ord265
ord266
ord2344
ord2342
ord2348
ord3720
ord12189
ord6692
ord1639
ord5656
ord13872
ord2917
ord316
ord305
ord300
ord310
ord1032
ord1504
ord5691
ord7862
ord4463
ord1508
ord4173
ord2790
ord11978
ord1045
ord345
ord12670
ord8417
ord13955
ord4937
ord6483
ord1425
ord2217
ord12878
ord12873
ord2905
ord7715
ord12390
ord1512
ord1511
ord1642
ord1646
ord1645
ord1643
ord13961
ord1506
ord307
ord311
ord1628
ord2302
ord2338
ord13970
ord1700
ord3495
ord3827
ord2320
ord4568
ord4551
ord7856
ord5373
ord1120
ord491
ord1118
ord2796
ord14146
ord11981
ord5657
ord11594
ord488
ord2395
ord8025
ord12547
ord4503
ord4502
ord3719
ord1674
ord1670
ord306
ord1487

kernel32

GetPrivateProfileIntA
GetTickCount
GetVersion
CreatePipe
FormatMessageA
GetNumberFormatA
CreateProcessA
GetPrivateProfileStringA
lstrcpyA
LocalFree
FindClose
GetTempPathA
GetTempFileNameA
RemoveDirectoryA
CreateFileA
FindFirstFileA
FindNextFileA
CopyFileA
GlobalMemoryStatusEx
MoveFileExA
ExpandEnvironmentStringsA
MulDiv
GetComputerNameExA
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
lstrcpynA
CreateEventW
WaitForSingleObjectEx
DeactivateActCtx
OutputDebugStringW
GetFileSize
ReadFile
SetHandleInformation
ResetEvent
IsProcessorFeaturePresent
DecodePointer
FreeLibrary
GetProcAddress
RaiseException
CreateThread
GetCurrentThreadId
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
Sleep
LoadResource
SizeofResource
CloseHandle
lstrcmpiA
CreateEventA
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetCommandLineA
FindResourceA
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
OutputDebugStringA
SetLastError
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
CreateActCtxW
ActivateActCtx
TerminateProcess
FindActCtxSectionStringW
QueryActCtxW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
FileTimeToSystemTime

user32

GetMessageA
PostThreadMessageA
CharNextA
CharNextW
RegisterWindowMessageA
UnregisterClassA
SendMessageA
MessageBoxA
DispatchMessageA

advapi32

RegEnumValueA
RegConnectRegistryA
GetUserNameA
RegQueryValueExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyA

shlwapi

PathAddExtensionA
PathFileExistsA
PathAddBackslashA

ole32

CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoSuspendClassObjects
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoCreateInstanceEx
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize

oleaut32

VarCyMul
VarCySu
SystemTimeToVariantTime
SysAllocStringLen
VarUI1FromI2
VarUI1FromI4
VarUI1FromI8
VarUI1FromR4
VarUI1FromR8
VarUI1FromCy
VarUI1FromUI8
VarI2FromUI1
VarI2FromI4
VarI2FromI8
VarI2FromR4
VarI2FromR8
VarI2FromCy
VarI2FromUI8
VarI4FromUI1
VarI4FromI2
VarI4FromI8
VarI4FromR4
VarI4FromR8
VarI4FromCy
VarI4FromUI8
VarR4FromUI1
VarR4FromI2
VarR4FromI4
VarR4FromI8
VarR4FromR8
VarR4FromCy
VarCyAdd
VarDecMul
VarDecDiv
VarDecFromCy
VarDecFromR8
VarDecFromI2
VarBstrFromCy
VarCyFromDec
VarCyFromR8
VarCyFromI4
VarR8FromCy
VariantTimeToSystemTime
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VariantClear
VarR4FromUI8
VarR8FromUI1
VarR8FromI2
VarR8FromI4
VarR8FromI8
VarR8FromR4
VarR8FromUI8
VarCyFromUI1
VarCyFromI2
VarCyFromI8
VarCyFromR4
VarCyFromUI8
VarUI2FromUI1
VarUI2FromI4
VarUI2FromI8
VarUI2FromR4
VarUI2FromR8
VarUI2FromCy
VarUI2FromUI8
VarUI4FromUI1
VarUI4FromI2
VarUI4FromI8
VarUI4FromR4
VarUI4FromR8
VarUI4FromCy
VarUI4FromUI8

wklconx

?Finaliza@CWKInicializador@@QEAAJXZ
?Inicializa@CWKInicializador@@QEAAJAEBV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@GJ@Z
??0CWKBaseParaRotinas@@QEAA@XZ
??1CWKBaseParaRotinas@@UEAA@XZ
?OnInicializa@CWKBaseParaRotinas@@MEAAJXZ
?GetErro@CWKUltimoErro@@UEAAPEAVCWKDadosDF_Erro@@XZ
?GetErro@CWKUltimoErro@@UEBAPEBVCWKDadosDF_Erro@@XZ
?SetErro@CWKUltimoErro@@UEAAJPEBVCWKDadosDF_Erro@@@Z
?SetErro@CWKUltimoErro@@UEAAJJHJPEBDZZ
?SetErro@CWKUltimoErro@@UEAAJJHJ@Z
?SetErro@CWKUltimoErro@@UEAAJAEBVCWKDadosDF_Erro@@@Z
?OnSetMostrarMensagens@CWKInicializador@@MEAAXXZ
?OnResetBuffer@CWKBaseParaRotinas@@MEAAXXZ
?OnReloadBuffer@CWKInicializador@@MEAAJXZ
?OnFinaliza@CWKBaseParaRotinas@@MEAAJXZ
?OnErroRPC@CWKDadosDF_Erro@@MEAAXXZ
?LimpaErro@CWKUltimoErro@@UEAAXXZ
?GetUltimoHR@CWKUltimoErro@@UEAAJXZ
?GetNumeroServidorUltimoHR@CWKUltimoErro@@UEAAHXZ

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup
inet_ntoa

vcruntime140

strrchr
strchr
strstr
memmove
__std_type_info_destroy_list
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
__std_terminate
__CxxFrameHandler3
__C_specific_handler
memset
memcpy
memcmp
_purecall

api-ms-win-crt-runtime-l1-1-0

exit
_errno
_initterm
_get_narrow_winmain_command_line
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_invalid_parameter_noinfo
_resetstkoflw
_configure_narrow_argv
_set_app_type
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_seh_filter_exe

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
strcat_s
strlen
strcat
isdigit
strncpy
strcmp
wcsncpy_s
strtok_s
strcpy
_strlwr
_stricmp

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy_s
_mbsstr

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

atoi
_gcvt
atof
atol
_itoa
_ltoa
_atoi64
wcstombs
_i64toa
_ui64toa

api-ms-win-crt-time-l1-1-0

_mktime64
_localtime64
clock
_gmtime64_s
_localtime64_s
_time32

api-ms-win-crt-math-l1-1-0

log
__setusermatherr
exp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__p__commode
_set_fmode
__stdio_common_vsprintf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_fullpath

imagehlp

MakeSureDirectoryPathExists

psapi

GetProcessMemoryInfo
GetModuleBaseNameA

gdi32

GetDeviceCaps

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA

api-ms-win-crt-utility-l1-1-0

srand
rand

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92d16908395846e283f32110de387470

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

user32

advapi32

shlwapi

ole32

oleaut32

wklconx

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

imagehlp

psapi

gdi32

shell32

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 278KB - Virtual size: 278KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 6KB - Virtual size: 8KB

.pdata Size: 16KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 44B

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 16KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 44B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 2KB