028efd17fa81263fcaab787291ef0874c2150ec1ac2b8d68dd3dac437c568d3f_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

028efd17fa81263fcaab787291ef0874c2150ec1ac2b8d68dd3dac437c568d3f_NeikiAnalytics.exe
Size

2.8MB
MD5

ec421117eb875d02d82400c2b6088d40
SHA1

79a96b27817c89e706f59e9358f9af3727ccb08c
SHA256

028efd17fa81263fcaab787291ef0874c2150ec1ac2b8d68dd3dac437c568d3f
SHA512

fb9d084b101fc8816f52cc90fce98c1c34fce2c2c7cf69fe62916a56cb3677b373940ac418d130f5dce29c090327527e803a6a5fede250094a55883262c1b83a
SSDEEP

24576:t18Us87E52PulM2qZ/cJyIHSLV2/2015y/UFx0iu5/n6/LRCY3B:KUEEWlhyS2015UF6/99

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
028efd17fa81263fcaab787291ef0874c2150ec1ac2b8d68dd3dac437c568d3f_NeikiAnalytics.exe

Files

028efd17fa81263fcaab787291ef0874c2150ec1ac2b8d68dd3dac437c568d3f_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

7b47c06107407cd13069186d2e950689

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateProcessA
Sleep
GetExitCodeProcess
GetFileAttributesA
ExitProcess
GetCurrentProcessId
CloseHandle
MoveFileExA
DeleteFileA
GetFileType
WriteFile
SetFilePointer
ReadFile
GetStdHandle
CreateFileA
GetCurrentProcess
FormatMessageA
VirtualFree
VirtualAlloc
GetModuleHandleA
GetDriveTypeA
GetCurrentDirectoryA
OpenFile
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
SetCurrentDirectoryA
lstrlenA
LocalAlloc
InterlockedDecrement
LocalFree
GetPrivateProfileIntA
GetPrivateProfileStringA
QueryPerformanceFrequency
QueryPerformanceCounter
SleepEx
DeviceIoControl
SetThreadPriority
GetCurrentThread
SetLastError
GetVersionExA
GetVolumeInformationA
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
ReleaseMutex
SetHandleInformation
SetErrorMode
GetLastError
GetProcessTimes
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
GetTickCount
SetEvent
CreateEventA
ResetEvent
WaitForSingleObject
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA

user32

DialogBoxIndirectParamA
CreateDialogIndirectParamA
wsprintfA
GetSystemMetrics
GetForegroundWindow
GetClientRect
SetWindowTextA
SetFocus
GetFocus
EndDialog
SetDlgItemTextA
ReleaseCapture
GetWindowLongA
SendMessageA
GetWindowRect
EnableWindow
ShowWindow
ScreenToClient
MoveWindow
GetParent
GetActiveWindow
MessageBoxA
GetDlgItemTextA
MessageBeep
GetDlgItem

msvcrt

strstr
_iob
vfprintf
exit
_isctype
__mb_cur_max
_pctype
strtok
sprintf
strcmp
atoi
abort
realloc
free
malloc
_errno
getenv
??3@YAXPAX@Z
_sys_nerr
_sys_errlist
sscanf
localtime
abs
calloc
_setjmp3
strrchr
__p__environ
fprintf
__p__iob
tolower
longjmp
memcmp
qsort
_findclose
_stat
_onexit
_putenv
??2@YAPAXI@Z
fclose
__set_app_type
atol
_fstat
_adjust_fdiv
__setusermatherr
vsprintf
mktime
_initterm
__getmainargs
__p___initenv
_XcptFilter
ftell
fread
_unlink
_access
fwrite
fputc
putc
_mkdir
fgetc
ungetc
_findfirst
strcat
clearerr
_exit
toupper
__p___mb_cur_max
__p__pctype
_CxxThrowException
strftime
remove
_splitpath
_findnext
strtol
_beginthread
_endthread
strchr
fgets
fopen
fflush
printf
strncmp
_assert
_control87
getchar
_except_handler3
__dllonexit
rand
_controlfp
strlen
_CIacos
srand
strcpy
__p__commode
__p__fmode
fseek
__CxxFrameHandler
_snprintf
memmove
fputs
putchar
_purecall
_commit
wcscmp
strncat
_ftol
_getpid
wcslen
_getcwd
_mktemp
_close
_read
_sopen
_locking
_lseek
_write
??1type_info@@UAE@XZ
?terminate@@YAXXZ
time
memset
memcpy
strncpy
_ftime

advapi32

RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegEnumKeyExA
CreateServiceA
StartServiceA
OpenServiceA
OpenSCManagerA
CloseServiceHandle

comdlg32

GetOpenFileNameA

comctl32

ord17

wsock32

gethostname

netapi32

Netbios

dformd

for_write_seq_lis
for_write_seq_lis_xmit
_FIsqrt
for_write_seq_fmt
for_write_seq_fmt_xmit
for_stop_core

mfc42

ord1271
ord1200

ole32

CoUninitialize
CoInitialize
OleRun
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocString
VariantClear
SysAllocStringLen
SafeArrayRedim
SafeArrayCreate
GetErrorInfo
SysStringLen
SysFreeString
SysAllocStringByteLen

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

pwrpc32

clnt_spcreateerror
clnt_create
xdr_u_long
clnt_sperror
rpc_createerr
xdr_string
xdr_bytes
xdr_u_int
xdr_void
xdr_int

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_TEXT_HA
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b47c06107407cd13069186d2e950689

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

comdlg32

comctl32

wsock32

netapi32

dformd

mfc42

ole32

oleaut32

msvcp60

pwrpc32

rpcrt4

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 1.3MB - Virtual size: 1.5MB

_TEXT_HA Size: 68KB - Virtual size: 66KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 1.3MB - Virtual size: 1.5MB

_TEXT_HA
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 8KB - Virtual size: 5KB