a9eaa3f1b190dea28d300ccc7f5411f4bf9686a430ad0b3ab21480615dd18abd_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a9eaa3f1b190dea28d300ccc7f5411f4bf9686a430ad0b3ab21480615dd18abd_NeikiAnalytics.exe
Size

87KB
MD5

49c79013d90ff55bb508f638768dc900
SHA1

27eb15f1bbac53c65ad030de39a4a3880a160d4c
SHA256

a9eaa3f1b190dea28d300ccc7f5411f4bf9686a430ad0b3ab21480615dd18abd
SHA512

154d354558fe3e98e16c305ce513721bbbe030a317630ec134a6588ac275e14cee0f8c06193d9096e13996d6f6d7b33c4471d72bb1dfd8d757a46f5f5685e3dc
SSDEEP

1536:rX1ATtNZj9JUDvaowznGbfMvlwUMIFOZJD/QQ7Bm:OjAiPnGbfMvlNMIqpBm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9eaa3f1b190dea28d300ccc7f5411f4bf9686a430ad0b3ab21480615dd18abd_NeikiAnalytics.exe

Files

a9eaa3f1b190dea28d300ccc7f5411f4bf9686a430ad0b3ab21480615dd18abd_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

630c397001a329cfcf1acf76f119c8d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\global\Release\bin\aoem\AcDcDimstyles.pdb

Imports

2020cad.exe

acedPostCommandPrompt
?acDocManagerPtr@@YAPAVAcApDocManager@@XZ

acdb16

?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ
acrxSysRegistry
?acrxRegisterAppMDIAware@@YA_NPAX@Z
?acrxRegisterService@@YAPAXPBD@Z
?acrxUnlockApplication@@YA_NPAX@Z
?isUndoing@AcDbObject@@QBEHXZ
?getSymbolTable@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@AAPAVAcDbDimStyleTable@@W4OpenMode@AcDb@@@Z
acutPrintf
acadErrorStatusText
?saveAs@AcDbDatabase@@QAE?AW4ErrorStatus@Acad@@PBDPBUSecurityParams@@@Z
??0AcDbDatabase@@QAE@_N0@Z
?freeRawMem@AcHeapOperators@@CIXPAX@Z
?allocRawMem@AcHeapOperators@@CIPAXI@Z
?desc@AcDbDimStyleTableRecord@@SAPAVAcRxClass@@XZ
?acdbGetReservedString@@YAPBDW4reservedStringEnumType@AcDb@@_N@Z
?close@AcDbObject@@QAE?AW4ErrorStatus@Acad@@XZ

acdcutils

?QueryObjectLocation@AcDcContentFinderBase@@UAGJPBG00PAPAG1@Z
?_EnumeratePropertyValues@AcDcContentFinderBase@@UAEJPBG@Z
?_InitPopupMenu@AcDcContentFinderBase@@UAEJH@Z
?_QueryObjectLocation@AcDcContentFinderBase@@UAEJPBG00PAPAG1@Z
?copyObjectFrom@AcDcObjectTable@@UAE?AW4ErrorStatus@Acad@@AAV1@PBD_N@Z
?copyObjectsFrom@AcDcObjectTable@@UAEHAAV1@PBD_N@Z
?openSymbolTable@AcDcDimstyleTable@@UAE?AW4ErrorStatus@Acad@@XZ
?copyRecordTo@AcDcDimstyleTable@@UAE?AW4ErrorStatus@Acad@@PAVAcDbDatabase@@AAVAcDbObjectId@@_N@Z
?DeleteCacheData@AcDcCacheContainer@@EAEJPBD@Z
?ReleaseCacheManager@AcDcCacheContainer@@MAEXXZ
?RemoveAllCacheData@AcDcCacheContainer@@MAEJXZ
?AddCacheData@AcDcCacheContainer@@MAEJPAVAcDcCacheDataInfo@@PAVAcDcCacheData@@@Z
?GetCacheData@AcDcCacheContainer@@MBE_NPAVAcDcCacheDataInfo@@PAVAcDcCacheData@@_N@Z
?InitPopupMenu@AcDcContentFinderBase@@UAGJH@Z
?FindCacheData@AcDcCacheContainer@@MBE_NPAVAcDcCacheDataInfo@@AAV?$CComPtr@UIStorage@@@ATL@@AAV?$CComPtr@UIStream@@@4@@Z
?SetupContents@AcDcCacheContainer@@MAEJPAVAcDcCacheManager@@@Z
?getCommentsForRecord@AcDcSymbolTable@@UBE?AW4ErrorStatus@Acad@@AAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBVAcDbSymbolTableRecord@@@Z
?openSymbolTable@AcDcSymbolTable@@UAE?AW4ErrorStatus@Acad@@XZ
?copyRecordTo@AcDcSymbolTable@@UAE?AW4ErrorStatus@Acad@@PAVAcDbDatabase@@PBD_N@Z
?copyRecordTo@AcDcSymbolTable@@UAE?AW4ErrorStatus@Acad@@PAVAcDbDatabase@@AAVAcDbObjectId@@_N@Z
?copyRecordFrom@AcDcSymbolTable@@UAE?AW4ErrorStatus@Acad@@AAV1@AAVAcDbObjectId@@_N@Z
?copyRecordsTo@AcDcSymbolTable@@UAEHPAVAcDbDatabase@@PBD_N@Z
?copyRecordsFrom@AcDcSymbolTable@@UAEHAAV1@PBD_N@Z
?getNamesAndImages@AcDcSymbolTable@@UAE?AW4ErrorStatus@Acad@@AAV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@AAVCImageList@@1AAV?$CArray@HH@@_N@Z
?getNamesAndImages@AcDcObjectTable@@UAE?AW4ErrorStatus@Acad@@AAV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@AAVCImageList@@1@Z
?getNames@AcDcObjectTable@@UAE?AW4ErrorStatus@Acad@@AAV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@@Z
?copyObjectFrom@AcDcSymbolTable@@UAE?AW4ErrorStatus@Acad@@AAVAcDcObjectTable@@PBD_N@Z
?copyObjectsFrom@AcDcSymbolTable@@UAEHAAVAcDcObjectTable@@PBD_N@Z
?isMatchingName@AcDcObjectTable@@UBE_NPBD0@Z
?WarnUserIfInsertingEMR@@YA_NW4DcTableType@@PAVAcDbDatabase@@1@Z
?ClipFormatName@AcDcContentViewBase@@QAEXPAD@Z
?CreateTempFile@CTempFile@@QAEPBDXZ
??1CTempFile@@QAE@XZ
??0CTempFile@@QAE@XZ
?copyObjectTo@AcDcSymbolTable@@UAE?AW4ErrorStatus@Acad@@PAVAcDbDatabase@@PBD_N@Z
?ExtractPathInfo@AcDcContentViewBase@@QAE_NAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00PAH@Z
?acdcReadDwgFile@@YA?AW4ErrorStatus@Acad@@PAVAcDbDatabase@@PBDH_N@Z
?SortPaletteItems@AcDcSymContentView@@IBEXXZ
?EnglishToLocalizedTable@AcDcContentViewBase@@IAEXAAV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@@Z
?getNames@AcDcSymbolTable@@QAE?AW4ErrorStatus@Acad@@AAV?$CArray@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V12@@@_N@Z
?RegisterSupportedType@AcDcContentViewBase@@QAEXAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?Interrupt@AcDcContentFinderBase@@UAGJXZ
?InvokeCommand@AcDcContentFinderBase@@UAGJHPAPAUtagSAFEARRAY@@H@Z
?IsMultiselectionEnabled@AcDcContentFinderBase@@UAGJPBGPAE@Z
?EnumeratePropertyValues@AcDcContentFinderBase@@UAGJPBG@Z
?EnumerateObjects@AcDcContentFinderBase@@UAGJPAUIAcDcContentFinderSite@@PBG11E1E@Z
?Initialize@AcDcContentFinderBase@@UAGJPAUIAcDcContentFinderSite@@@Z
?CreateImageLists@AcDcContentViewBase@@MAEJXZ
?ErrorObject@AcDcContentViewBase@@MBEJHK@Z
?ErrorObject@AcDcContentViewBase@@MBEJAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@K@Z
?ErrorObject@AcDcContentViewBase@@MBEJKK@Z
?_SetImageLists@AcDcContentViewBase@@UAEJXZ
?_Refresh@AcDcContentViewBase@@UAEJXZ
?_RenderPreviewWindow@AcDcContentViewBase@@UAEJAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PAUHWND__@@@Z
?_PreviewMouseUp@AcDcContentViewBase@@UAEJHHH@Z
?_PaletteMouseDown@AcDcContentViewBase@@UAEJHAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?_PaletteColumnClick@AcDcContentViewBase@@UAEJH@Z
?_NavigatorNodeExpanding@AcDcContentViewBase@@UAEJPAU_TREEITEM@@AAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?_NavigatorNodeCollapsing@AcDcContentViewBase@@UAEJPAU_TREEITEM@@AAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?_NavigatorMouseUp@AcDcContentViewBase@@UAEJPAU_TREEITEM@@AAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?_IsExpandable@AcDcContentViewBase@@UAEJAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AA_N@Z
??1CTemporaryResourceOverride@@UAE@XZ
??0CTemporaryResourceOverride@@QAE@PAUHINSTANCE__@@@Z
?_Initialize@AcDcSymContentView@@UAEJPAPAUHINSTANCE__@@@Z
??1AcDcSymContentView@@UAE@XZ
??0AcDcSymContentView@@QAE@XZ
??1AcDcCacheContainer@@UAE@XZ
??0AcDcCacheContainer@@QAE@XZ
?_GetSmallImageListForContent@AcDcContentViewBase@@UAEJAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAPAU_IMAGELIST@@@Z
?_GetLargeImageListForContent@AcDcContentViewBase@@UAEJAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAPAU_IMAGELIST@@@Z
?_GetLargeImage@AcDcContentViewBase@@UAEJAAV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAPAUHBITMAP__@@@Z
?_GetCommandString@AcDcContentViewBase@@UAEJHW4dcMenuInfoFlag@@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?_DeleteItemData@AcDcContentViewBase@@UAEJW4dcItemDataSource@@UtagVARIANT@@@Z
?SetImageLists@AcDcContentViewBase@@UAGJXZ
?RenderPreviewWindow@AcDcContentViewBase@@UAGJPAGUtagVARIANT@@@Z
?ReleaseBrowser@AcDcContentViewBase@@UAGJXZ
?Refresh@AcDcContentViewBase@@UAGJXZ
?QueryContextMenu@AcDcContentViewBase@@UAGJUtagVARIANT@@0000@Z
?PreviewMouseUp@AcDcContentViewBase@@UAGJUtagVARIANT@@00@Z
?PaletteMouseUp@AcDcContentViewBase@@UAGJUtagVARIANT@@000@Z
?PaletteMouseDown@AcDcContentViewBase@@UAGJUtagVARIANT@@PAG00@Z
?PaletteItemDblClick@AcDcContentViewBase@@UAGJPAG@Z
?PaletteItemClick@AcDcContentViewBase@@UAGJPAG@Z
?PaletteColumnClick@AcDcContentViewBase@@UAGJUtagVARIANT@@@Z
?PaletteBeginDrag@AcDcContentViewBase@@UAGJUtagVARIANT@@00@Z
?NavigatorNodeExpanding@AcDcContentViewBase@@UAGJUtagVARIANT@@PAG@Z
?NavigatorNodeCollapsing@AcDcContentViewBase@@UAGJUtagVARIANT@@PAG@Z
?NavigatorNodeClick@AcDcContentViewBase@@UAGJUtagVARIANT@@PAG@Z
?NavigatorMouseUp@AcDcContentViewBase@@UAGJUtagVARIANT@@PAG00@Z
?IsExpandable@AcDcContentViewBase@@UAGJPAGPAUtagVARIANT@@@Z
?InvokeCommand@AcDcContentViewBase@@UAGJUtagVARIANT@@@Z
?Initialize@AcDcContentViewBase@@UAGJUtagVARIANT@@0@Z
?GetSmallImageListForContent@AcDcContentViewBase@@UAGJPAGPAUtagVARIANT@@@Z
?GetLargeImageListForContent@AcDcContentViewBase@@UAGJPAGPAUtagVARIANT@@@Z
?GetLargeImage@AcDcContentViewBase@@UAGJPAGPAUtagVARIANT@@@Z
?GetCommandString@AcDcContentViewBase@@UAGJUtagVARIANT@@W4dcMenuInfoFlag@@PAU2@PAPAG@Z
?DeleteItemData@AcDcContentViewBase@@UAGJW4dcItemDataSource@@UtagVARIANT@@@Z
?CreatePalette@AcDcContentViewBase@@UAGJUtagVARIANT@@@Z
?_CreatePalette@AcDcSymContentView@@UAEJAAVCStringList@@@Z
?syncToCurrentDocPtrs@AcDcSymContentView@@UAEXXZ
?FindFiles@@YAXPBD_NP6A_N0PAX@ZP6A_N0PAUDIRWALKDATA@@2@ZP6A_N2@Z2@Z
?addDocument@AcDcSymContentView@@UAEXPAVAcApDocument@@@Z
?deleteDocument@AcDcSymContentView@@UAEXPAVAcApDocument@@@Z
?FindCacheData@AcDcCacheContainer@@MBE_NPBDAAV?$CComPtr@UIStorage@@@ATL@@AAV?$CComPtr@UIStream@@@3@@Z
?setDocumentCurrent@AcDcSymContentView@@UAEXPAVAcApDocument@@@Z

acge16

??0AcGeMatrix3d@@QAE@XZ

mfc70

ord262
ord930
ord1096
ord1098
ord990
ord317
ord1011
ord1091
ord1066
ord1068
ord523
ord1058
ord984
ord1014
ord2898
ord1511
ord651
ord450
ord1821
ord1035
ord977
ord261
ord1019
ord1767
ord942
ord3062
ord982
ord3591
ord1432
ord256
ord5446
ord5103
ord6011
ord257
ord1077
ord1081
ord1981
ord1212
ord895
ord5202
ord894
ord2200
ord1155
ord956
ord3051
ord1944
ord3886
ord1805
ord958
ord957
ord687
ord504
ord703
ord705
ord706
ord1099

msvcr70

realloc
malloc
free
_mbsupr
_mbsicmp
_except_handler3
__security_error_handler
_adjust_fdiv
_initterm
_onexit
__dllonexit
_mbscmp
_unlink
strncpy
memmove
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_CxxThrowException
__CxxFrameHandler
memset

kernel32

GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
InterlockedDecrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
lstrlenW
GetTempPathA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
LoadLibraryA
GetModuleHandleA
DeleteCriticalSection
LoadLibraryExA
GetModuleFileNameA
DisableThreadLibraryCalls
EnterCriticalSection
lstrcmpiA
GetLastError
MultiByteToWideChar
IsDBCSLeadByte
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
FreeLibrary
lstrcpynA
lstrlenA
GlobalAlloc
WideCharToMultiByte
GlobalUnlock
GlobalLock

user32

DispatchMessageA
PeekMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CharNextA
RegisterClipboardFormatA
MessageBeep
GetKeyState
TrackPopupMenuEx
SetMenuDefaultItem
GetSubMenu
LoadMenuA
GetCursorPos

advapi32

RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA

ole32

CoTaskMemRealloc
CoCreateInstance
DoDragDrop
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SafeArrayGetDim
VariantInit
SysAllocStringByteLen
SysStringByteLen
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630c397001a329cfcf1acf76f119c8d3

Headers

File Characteristics

PDB Paths

Imports

2020cad.exe

acdb16

acdcutils

acge16

mfc70

msvcr70

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 6KB - Virtual size: 5KB