4046568b4a0aa7c37779d06ebcee9be94753b8fac144bd981f0f4e0a496a7747_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4046568b4a0aa7c37779d06ebcee9be94753b8fac144bd981f0f4e0a496a7747_NeikiAnalytics.exe
Size

1.8MB
MD5

7f0921934fdea22f4413716599804790
SHA1

75051b889457f47a809183469e9dcdcc1ce38e42
SHA256

4046568b4a0aa7c37779d06ebcee9be94753b8fac144bd981f0f4e0a496a7747
SHA512

d045a6051eb7f314e7e5921f05153f9e6a0f838b6b6c59781cda679b159bd370159705285ff2da3e624d71e41e7c4bf18179bf35c03e3282cc99b8bd963e5195
SSDEEP

24576:25Tk1F62fjKR4Pq4rsUi+bM6F3V8Qna8fDl5Tk1F62fjKR4Pq4rsUi+bM6F3V8Qt:mM4y+WMzQa8DHM4y+WMzQa8D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4046568b4a0aa7c37779d06ebcee9be94753b8fac144bd981f0f4e0a496a7747_NeikiAnalytics.exe

Files

4046568b4a0aa7c37779d06ebcee9be94753b8fac144bd981f0f4e0a496a7747_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

2aac1851ec73b4d78695096fbc4030dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Avtech\Work\### 16CH AVC Server ###\Avc_dll_src\Avcpb_sf\Avcpb_sf\Release\AVCPB_SF.pdb

Imports

ws2_32

WSAGetLastError
select
connect
inet_addr
htons
__WSAFDIsSet
ioctlsocket
recv
WSAStartup
gethostbyname
closesocket
ntohs
send
ntohl
socket

avc_ap_jpeg

_ijlRead@8
_ijlFree@4
_ijlInit@4

avc_ap_mpeg4

??1CMPEG4Ipp5Dec@@QAE@XZ
?Create@CMPEG4Ipp5Dec@@SAHPAPAX@Z
?Delete@CMPEG4Ipp5Dec@@SAHPAPAX@Z
?AVC_Decoder@CMPEG4Ipp5Dec@@QAEHW4_MP4_COLOR_SPACE@@PAEK1PAG2E@Z

avc_ap_rtsp

?closeRTSP@CRtsp@@QAEHXZ
??1CRtsp@@QAE@XZ

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
CloseHandle
CreateSemaphoreA
WaitForMultipleObjects
SetEvent
ResetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
ReleaseSemaphore
CreateEventA
ReadFile
SetFilePointer
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
TerminateThread
GetDiskFreeSpaceExA
DeleteFileA
WideCharToMultiByte
GetOverlappedResult
GetLastError
WriteFile
MultiByteToWideChar
RaiseException
lstrlenA
GetTickCount
OutputDebugStringA
GetFileSize
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
SetEndOfFile
CreateThread
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA

user32

wsprintfA
MessageBoxA

advapi32

RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries
StringFromGUID2
CoUninitialize

msvcr71

memcpy
floor
_wtoi
_purecall
_time64
gmtime
??_V@YAXPAX@Z
memset
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strtok
_vscprintf
_mbsupr
_adjust_fdiv
__CppXcptFilter
exit
_initterm
_onexit
??0exception@@QAE@ABV0@@Z
_strdup
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
pow
_ftol
log
_mbschr
_mbsstr
_mbsinc
__CxxFrameHandler
_mbscmp
??3@YAXPAX@Z
_CxxThrowException
free
malloc
??2@YAPAXI@Z
_mktime64
_localtime64
??_U@YAPAXI@Z
sprintf
strrchr
sscanf
memmove
_strnicmp
_beginthreadex
strftime
atoi
_strupr
strstr
_except_handler3
vsprintf
ceil

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

??4CMPEG4Ipp5Dec@@QAEAAV0@ABV0@@Z
??4CRtsp@@QAEAAV0@ABV0@@Z
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 732KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2aac1851ec73b4d78695096fbc4030dd

Headers

File Characteristics

PDB Paths

Imports

ws2_32

avc_ap_jpeg

avc_ap_mpeg4

avc_ap_rtsp

kernel32

user32

advapi32

ole32

msvcr71

msvcp71

Exports

Exports

Sections

.text Size: 732KB - Virtual size: 730KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 104KB - Virtual size: 106KB

.rsrc Size: 4KB - Virtual size: 824B

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 732KB - Virtual size: 730KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 104KB - Virtual size: 106KB

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 24KB - Virtual size: 20KB