39eca3886c44a8893669e44dbf3d62f7d3ff99329bcc3dd262bcd11c9d663184_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

39eca3886c44a8893669e44dbf3d62f7d3ff99329bcc3dd262bcd11c9d663184_NeikiAnalytics.exe
Size

645KB
MD5

9200414499bc1cede2940f49bf9ca020
SHA1

cd8abbcca840d1ff393d972d3c3f08ce20e281dd
SHA256

39eca3886c44a8893669e44dbf3d62f7d3ff99329bcc3dd262bcd11c9d663184
SHA512

9fb864977ef716e1c9975f45a742c7eb96c30eb77ae8b6818dc670684c6faccc3fc56361de4ad7c4ddfbf9447a7188c4afc391a80e0b0404741edba46235ef8d
SSDEEP

12288:BiPxClFWw1RQIZVEXTm9aLCpQYde3tPVRgWccKV:sxClFWw1RQIZVEoA3tPVR/LKV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39eca3886c44a8893669e44dbf3d62f7d3ff99329bcc3dd262bcd11c9d663184_NeikiAnalytics.exe

Files

39eca3886c44a8893669e44dbf3d62f7d3ff99329bcc3dd262bcd11c9d663184_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

ed745d994f665c3bcfcbf793640c7b33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\bdmantivirus\BDMAVEng.pdb

Imports

ws2_32

WSACleanup
WSAStartup

winmm

timeGetTime

bdlogicutils

?GetBDConfigListenerMgr@BDLogicUtils@@YAPAVIBDConfigListenerMgr@1@PAX@Z
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

bdmbase

?executereader@sqlite3_command@BDMDatabase@@QAE?AVsqlite3_reader@2@XZ
??1sqlite3_reader@BDMDatabase@@QAE@XZ
?read@sqlite3_reader@BDMDatabase@@QAE_NXZ
?getstring16@sqlite3_reader@BDMDatabase@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?getint@sqlite3_reader@BDMDatabase@@QAEHH@Z
??0sqlite3_transaction@BDMDatabase@@QAE@AAVsqlite3_connection@1@_N@Z
_BDMMd5ToStringA@8
?bind@sqlite3_command@BDMDatabase@@QAEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?bind@sqlite3_command@BDMDatabase@@QAEXHH@Z
?init@md5_engine@@QAEXXZ
?commit@sqlite3_transaction@BDMDatabase@@QAEXXZ
??0sqlite3_connection@BDMDatabase@@QAE@XZ
??1sqlite3_connection@BDMDatabase@@QAE@XZ
?open@sqlite3_connection@BDMDatabase@@QAEXPB_W@Z
?executenonquery@sqlite3_connection@BDMDatabase@@QAEXPBD@Z
?executenonquery@sqlite3_connection@BDMDatabase@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
_BDMGetFileMD5_2@8
BDMGetProcessName
?SafeLoadLibrary@BDMSafeLoadLibrary@@YGPAUHINSTANCE__@@PB_WH@Z
?update@md5_engine@@QAEXPBXI@Z
?executenonquery@sqlite3_command@BDMDatabase@@QAEXXZ
?final@md5_engine@@QAEXPAX@Z
??1sqlite3_command@BDMDatabase@@QAE@XZ
??0sqlite3_command@BDMDatabase@@QAE@AAVsqlite3_connection@1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?close@sqlite3_connection@BDMDatabase@@QAEXXZ
??1sqlite3_transaction@BDMDatabase@@QAE@XZ
?BDMTSCreateDir@BDMMisc@@YAHPB_W@Z

bdmframework

??1Owner@CCriticalSection@utils@@QAE@XZ
?g_pluginLink@@3PAUtagPLUGINLINK@@A
??0CCriticalSection@utils@@QAE@XZ
??0Owner@CCriticalSection@utils@@QAE@AAV12@@Z

kernel32

InterlockedCompareExchange
WriteFile
ReadFile
DisconnectNamedPipe
SetNamedPipeHandleState
CreateFileA
HeapAlloc
Sleep
TlsAlloc
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
SetLastError
CreateWaitableTimerW
GetCurrentProcessId
WideCharToMultiByte
GetVersionExW
CreateNamedPipeA
ConnectNamedPipe
FreeLibrary
lstrlenW
GetModuleFileNameW
CreateSemaphoreW
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
SetThreadPriority
InterlockedExchangeAdd
CancelIo
ResetEvent
GetOverlappedResult
CreateFileW
GetPriorityClass
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
GetProcessTimes
GetSystemTimes
InitializeCriticalSection
ExpandEnvironmentStringsW
PostQueuedCompletionStatus
SetWaitableTimer
TlsFree
GetCurrentThreadId
CreateIoCompletionPort
SleepEx
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedExchange
GetProcessHeap
HeapFree
TlsSetValue
GetCurrentThread
CloseHandle
SetEvent
InterlockedIncrement
ReleaseSemaphore
CreateEventA
WaitForSingleObject
CreateEventW
InterlockedDecrement
GetProcAddress
MultiByteToWideChar
GetSystemTimeAsFileTime
OpenEventA
ResumeThread
GetTickCount
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
TlsGetValue
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateSemaphoreA

advapi32

RegCloseKey
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??1_Lockit@std@@QAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??1locale@std@@QAE@XZ
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Register@facet@locale@std@@QAEXXZ
?tolower@?$ctype@_W@std@@QBE_W_W@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0locale@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Bid@locale@std@@QAEIXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

shlwapi

PathFileExistsW
PathRemoveFileSpecW

msvcr80

_gmtime64
strerror
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__iob_func
fprintf
fflush
_snprintf
_wcsicmp
towlower
rand
_wcsnicmp
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
wcschr
free
malloc
vsprintf_s
wcsncpy_s
memcpy_s
swprintf_s
wcsstr
_beginthreadex
memcpy
memmove_s
?before@type_info@@QBEHABV1@@Z
??8type_info@@QBE_NABV0@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
memset
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
_purecall
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBDH@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_snwprintf

shell32

SHCreateDirectoryExW

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CreateBDMAVEngine
CreateFileMonEngine
DllCanUnloadNow
DllGetClassCount
DllGetClassInfo
DllGetClassObject

Sections

.text
Size: 444KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed745d994f665c3bcfcbf793640c7b33

Headers

File Characteristics

PDB Paths

Imports

ws2_32

winmm

bdlogicutils

bdmbase

bdmframework

kernel32

advapi32

msvcp80

shlwapi

msvcr80

shell32

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 441KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 28KB - Virtual size: 29KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 444KB - Virtual size: 441KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 28KB - Virtual size: 29KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 47KB