5f15cf8b031e0694c86fc8d3fef608d8d19aa325ac05418258a9dea9477afdc1_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5f15cf8b031e0694c86fc8d3fef608d8d19aa325ac05418258a9dea9477afdc1_NeikiAnalytics.exe
Size

333KB
MD5

c7b06db6c443bd80e38f45e62d5065d0
SHA1

c45901ad3cbe114b38dd4b9d2dda2ef51416399a
SHA256

5f15cf8b031e0694c86fc8d3fef608d8d19aa325ac05418258a9dea9477afdc1
SHA512

f1a72aee36b7d4d29764b2a7bb9742127e842e803293f811edb127454175405ec75229d2d570823b31aca1fe530101331414814da8de0385cedd46c6c11b7633
SSDEEP

6144:ehDQHfALr0aWPEUbCbLzsMa203cN/pO0aQesARC6AJ0X:ehDQHfALr0tPEUbCbLzxWIpO0aQe8N0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f15cf8b031e0694c86fc8d3fef608d8d19aa325ac05418258a9dea9477afdc1_NeikiAnalytics.exe

Files

5f15cf8b031e0694c86fc8d3fef608d8d19aa325ac05418258a9dea9477afdc1_NeikiAnalytics.exe
.dll regsvr32 windows:5 windows x86 arch:x86

7dbb32189a1c229a336aa6f035520ba5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17

gdiplus

GdipCreateBitmapFromStream
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipAlloc

dicore

?getOfficePreference@CLBClientSettings@@QAEHPB_W0@Z
?getName@CLBLibrary@@QAEPB_WXZ
?getPath@CLBLibrary@@QAEPB_WXZ
?getDisplayName@CLBLibrary@@QAEPB_WXZ
?addDocument@CLBLibrary@@QAEHPB_W0AAPAVCLBObject@@KAAVDReturn@@@Z
?getDocumentInfo@CLBLibrary@@QAEHPB_WAAPAVCLBObject@@KAAVDReturn@@@Z
??6WinStream@@QAEAAV0@PB_W@Z
??6WinStream@@QAEAAV0@I@Z
?endl@@YAAAVWinStream@@AAV1@@Z
?dout@@3VWinStream@@A
??6WinStream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?getLocalAttachmentFilename@CLBDocument@@QAEHPB_WPA_WK@Z
?updateAttachment@CLBDocument@@QAEHPB_W0AAPAVCLBObject@@AAVDReturn@@@Z
?addAttachment@CLBDocument@@QAEHPB_W0AAPAVCLBObject@@AAVDReturn@@@Z
?getAttachment@CLBDocument@@QAEHPB_W0AAJAAVDReturn@@@Z
?getAttachmentInfo@CLBDocument@@QAEHPB_WAAPAVCLBObject@@AAVDReturn@@@Z
?getLocalFilename@CLBDocument@@QAEHPA_WK@Z
?lockDocument@CLBDocument@@QAEHAAVDReturn@@@Z
?isSubmittedDraft@CLBDocument@@QAEHXZ
?allowAttachments@CLBDocument@@QAEHXZ
?isPage@CLBDocument@@QAEHXZ
?isLockedByMe@CLBDocument@@QAEHXZ
?isLocked@CLBDocument@@QAEHXZ
?getLastModified@CLBDocument@@QAEJXZ
?getPath@CLBDocument@@QAEPB_WXZ
?getLibraryRef@CLBDocument@@QAEPAVCLBLibrary@@XZ
?getName@CLBLibItemContext@@QAEPB_WXZ
?getDocumentTypeRef@CLBLibItemContext@@QAEPAVCLBObject@@XZ
?getAttachmentRef@CLBLibItemContext@@QAEPAVCLBObject@@XZ
?getDocumentRef@CLBLibItemContext@@QAEPAVCLBDocument@@XZ
?getFolderRef@CLBLibItemContext@@QAEPAVCLBObject@@XZ
?getLibraryRef@CLBLibItemContext@@QAEPAVCLBLibrary@@XZ
?create@CLBLibItemContext@@SAPAV1@PAVCLBDocument@@PAVCLBObject@@@Z
?CLBCreateMailMsgForAttachment@@YAHPAUHWND__@@PAVCLBDocument@@PB_W@Z
?hex@@YAAAVWinStream@@AAV1@@Z
?setProperty@CLBObject@@QAEXPB_W0@Z
?setName@CLBObject@@QAEXPB_W@Z
?getPropertyAsBoolean@CLBObject@@QAEHPB_W@Z
?getPropertyAsLong@CLBObject@@QAEJPB_WH@Z
?getProperty@CLBObject@@QAEPB_WPB_W@Z
?getName@CLBObject@@QAEPB_WXZ
?create@CLBObject@@SAPAV1@PB_WPAVCMapStringToString@@@Z
?CLBCreateDirsForFilename@@YAHPB_W@Z
?dec@@YAAAVWinStream@@AAV1@@Z
?reset@DReturn@@QAEXXZ
?setProperty@DReturn@@QAEXPB_W0@Z
?getProperty@DReturn@@QAEPB_WPB_W@Z
?getMessage@DReturn@@QAEPB_WXZ
??1DReturn@@QAE@XZ
??0DReturn@@QAE@XZ
?CLBCreateMailMsg@@YAHPAUHWND__@@PAVCLBLibrary@@PB_WPAVCLBObject@@@Z
?CLBDetailsMsgBox@@YAHPAUHWND__@@PB_W11I@Z
?dout3@@3VWinStream@@A
??6WinStream@@QAEAAV0@PBD@Z
??6WinStream@@QAEAAV0@H@Z
??6WinStream@@QAEAAV0@J@Z
??6WinStream@@QAEAAV0@K@Z
?GetHWND@WProgressBar@@QAEPAUHWND__@@XZ
?Start@WProgressBar@@QAEXPAUHWND__@@PB_WKK@Z
?HasCancelled@WProgressBar@@QAEHXZ
?IncrementProgress@WProgressBar@@QAEHXZ
?SetProgressMsg@WProgressBar@@QAEHPB_W@Z
??1WProgressBar@@QAE@XZ
??0WProgressBar@@QAE@XZ
?clearCookies@CLBServer@@QAEXXZ
?isMe@CLBServer@@QAEHPB_W@Z
?getUUserId@CLBServer@@QAEPB_WXZ
?create@CLBServer@@SAPAV1@PB_W@Z
?CLBParseLinkFile@@YAHPB_W0AAPAVCLBObject@@@Z
?getRelativePath@CLBLibrary@@QAEKPB_WPA_WK@Z
?deleteLocalFile@CLBLibrary@@QAEHPB_W@Z
?getLocalFilename@CLBLibrary@@QAEHPB_WPA_WK@Z
?getDocumentURL@CLBLibrary@@QAEHPB_WAAPAVCLBObject@@AAVDReturn@@@Z
?getDocumentType@CLBLibrary@@QAEHPB_WAAPAVCLBObject@@AAVDReturn@@@Z
?rejectDocument@CLBLibrary@@QAEHPB_W0AAVDReturn@@@Z
?approveDocument@CLBLibrary@@QAEHPB_W0AAVDReturn@@@Z
?cancelDocument@CLBLibrary@@QAEHPB_WAAHAAVDReturn@@@Z
?lockDocument@CLBLibrary@@QAEHPB_WAAVDReturn@@@Z
?getDocumentInfoById@CLBLibrary@@QAEHPB_WAAPAVCLBDocument@@KAAVDReturn@@@Z
?getDocumentInfo@CLBLibrary@@QAEHPB_WAAPAVCLBDocument@@AAVDReturn@@@Z
?getDocumentInfo@CLBLibrary@@QAEHPB_WAAPAVCLBDocument@@KAAVDReturn@@@Z
?updateDocument@CLBLibrary@@QAEHPB_W0AAJKAAVDReturn@@@Z
?checkinDocument@CLBLibrary@@QAEHPB_WAAVDReturn@@@Z
?checkoutDocument@CLBLibrary@@QAEHPB_WPAVCLBObject@@AAVDReturn@@@Z
?getDraft@CLBLibrary@@QAEHPB_W0AAVDReturn@@@Z
?getDocument@CLBLibrary@@QAEHPB_WPAVCLBObject@@AAVDReturn@@@Z
?isMyPFS@CLBLibrary@@QAEHXZ
?isPFS@CLBLibrary@@QAEHXZ
?getServerRef@CLBLibrary@@QAEPAVCLBServer@@XZ
?create@CLBLibrary@@SAPAV1@PAVCLBServer@@PB_W@Z
?CLBLaunchHelp@@YAHPAUHWND__@@@Z
?launchAboutDialog@CLBMonitor@@QAEHXZ
?getPendingAttachments@CLBMonitor@@QAEHPAVCLBDocument@@PA_WI@Z
?hasPendingAttachments@CLBMonitor@@QAEHPAVCLBDocument@@AAI1@Z
?setBOT@CLBMonitor@@QAEJPB_WK@Z
?getBOT@CLBMonitor@@QAEKPB_W@Z
?resolveSingleError@CLBMonitor@@QAEJPAUHWND__@@PB_W@Z
?resumeFileWatch@CLBMonitor@@QAEJPB_WK@Z
?suspendFileWatch@CLBMonitor@@QAEJPB_W@Z
?removePublishPending@CLBMonitor@@QAEXPB_WK@Z
?getFileState@CLBMonitor@@QAEHPB_W@Z
?getInstance@CLBMonitor@@SAAAV1@XZ
?resolvePreferenceValue@CLBClientSettings@@QAEPB_WPB_W0AAH@Z
?getInstance@CLBClientSettings@@SAAAV1@XZ
?CLBMessageBox@@YAHPAUHWND__@@PB_WIAAVDReturn@@@Z
?CLBMessageBox@@YAHPAUHWND__@@PB_W1I@Z
?getURL@CLBServer@@QAEPB_WXZ
?isAttachment@CLBLibrary@@SAHPB_W@Z
?getLocalDir@CLBLibrary@@QAEPB_WXZ
?resolveFromLocalFile@CLBLibrary@@SAPAV1@PB_W@Z
?release@DList@@QAEHXZ
??6WinStream@@QAEAAV0@F@Z
?setProperty@CLBObject@@QAEXPB_WJ@Z
?CLBPutEmailPrefs@@YAHHAAPAVCLBLibrary@@PB_WKK1@Z
?CLBGetEmailPrefs@@YAHHAAPAVCLBLibrary@@PA_WKAAK211@Z
?CLBResolveLocalFileInfo@@YAHPB_WAAHAAK2@Z
?isVersionAtLeast@CLBServer@@QAEHPB_W@Z
?getInstallURL@CLBServer@@QAEHAAPAVCLBObject@@AAVDReturn@@@Z
?createLaunchLink@CLBLibrary@@QAEKPB_WPA_WK@Z
?createLinkFile@CLBLibrary@@QAEHPB_W00PAVCLBObject@@AAVDReturn@@@Z
?getFolderURL@CLBLibrary@@QAEHPB_WAAPAVCLBObject@@AAVDReturn@@@Z
?getFolderInfo@CLBLibrary@@QAEHPB_WAAPAVCLBObject@@AAVDReturn@@@Z

dilibdocs

?CLBAddDocumentDlg@@YAHPAUHWND__@@PAUCLBMETADATADLG@@AAPAVCLBDocument@@@Z
?CLBPickFolder@@YAHAAUCLBPICKFOLDERDLG@@AAPAVCLBLibItemContext@@@Z
?CLBMailSaveFilesDlg@@YAHPAUHWND__@@PAUAttachmentItem@@IAAPAVCLBLibrary@@PA_WKAAH4HPB_W@Z
?CLBPickFolderOrDocument@@YAHPAUHWND__@@PB_WAAPAVCLBLibItemContext@@@Z
?CLBAddDocumentWithDlgData@@YAHPAUHWND__@@PAUCLBMETADATADLG@@AAPAVCLBDocument@@@Z
?CLBAddLibrariesDlg@@YAHPAUHWND__@@PB_W1@Z
?CLBDocTypePickerDlg@@YAHPAUHWND__@@PAVCLBLibrary@@PAVCLBServer@@PB_W3KAAPAVCLBObject@@@Z
?CLBNewDocumentDlg@@YAHPAUHWND__@@PB_WPAVCLBLibrary@@PAVCLBObject@@31KAAPAVCLBDocument@@@Z
?CLBVersionDlg@@YAHPAUHWND__@@PAVCLBLibrary@@PB_W@Z
?CLBDocumentPropertiesDlg@@YAHAAUCLBPROPERTIESDLG@@AAPAVCLBObject@@@Z
?CLBPreferencesDlg@@YAHPAUHWND__@@HPAVCLBObject@@@Z
?CLBOpenFromPlaceDlg@@YAHPAUHWND__@@PAPA_WKAAPAVCLBLibItemContext@@AAH3KPB_W@Z
?CLBResolveLibrary@@YAHPAUHWND__@@PB_W1AAPAVCLBLibrary@@@Z
?CLBAddToPlaceDlg@@YAHPAUHWND__@@AAPAVCLBLibItemContext@@PB_W22AAPAVCLBObject@@KPAVCLBLibrary@@@Z
?CLBSetLanguage@@YAHPB_W@Z
?CLBPickServerDlg@@YAHPAUHWND__@@AAPAVCLBServer@@PB_W@Z
?CLBOverwriteMsg@@YAIPAUHWND__@@PB_WPAVCLBObject@@KKH@Z

kernel32

LeaveCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
FindResourceExW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
Sleep
SizeofResource
lstrcpynW
lstrlenW
GlobalUnlock
LockResource
lstrcatW
lstrcpyW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
lstrcmpW
DisableThreadLibraryCalls
GetUserDefaultUILanguage
FreeResource
GlobalFree
lstrcmpiW
MultiByteToWideChar
GetEnvironmentVariableW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CloseHandle
DeleteFileW
IsBadWritePtr
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
GetModuleFileNameA
RaiseException
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetLastError
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
CompareStringW
WriteFile
GetStdHandle

user32

wsprintfW
EndDialog
LoadStringW
SetClipboardData
OpenClipboard
EmptyClipboard
DialogBoxParamW
GetFocus
CharNextW
CloseClipboard
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
GetSystemMetrics
LoadImageW
SendMessageW

advapi32

RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

ole32

CreateStreamOnHGlobal
StringFromIID
CoGetMalloc

oleaut32

SysFreeString
OleCreatePictureIndirect
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dbb32189a1c229a336aa6f035520ba5

Headers

File Characteristics

Imports

comctl32

gdiplus

dicore

dilibdocs

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 210KB - Virtual size: 210KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 18KB - Virtual size: 18KB