af7a754104f9ac9334adb48e7166c5193244b2f8b9e453239053b2c66be5f8e5_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

af7a754104f9ac9334adb48e7166c5193244b2f8b9e453239053b2c66be5f8e5_NeikiAnalytics.exe
Size

593KB
MD5

ece1fc297742c5a9cba26deba1f05320
SHA1

ac613556876b105a9c0ca93ee121c07923618b5a
SHA256

af7a754104f9ac9334adb48e7166c5193244b2f8b9e453239053b2c66be5f8e5
SHA512

f98f7bf95057f7603e20bdd3f51e3b26b71858be694aab2bca5ebf5014dc67d68544ebd06a1d52d1611d2465aeddcdce01056b90cc814d41feccdfdffb55b3a0
SSDEEP

12288:Nob4dPgSlEzwVamNr1Am5NzCQUHXCx7TciBS559zpToqWxgScLJqyd4s6:NobwPgSlEoamNr1GvHXCFTezpkG2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af7a754104f9ac9334adb48e7166c5193244b2f8b9e453239053b2c66be5f8e5_NeikiAnalytics.exe

Files

af7a754104f9ac9334adb48e7166c5193244b2f8b9e453239053b2c66be5f8e5_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

351eab7d0adb935c390497ef3575b399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Jenkins\workspace\gisserver_release_incremental\gisserver\_Win64\Release\dsloader64.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
CreateFileW
CloseHandle
DeleteCriticalSection
CreateDirectoryW
GetCurrentThreadId
FormatMessageW
GetLastError
GetLocalTime
LocalFree
FindFirstFileW
FindNextFileW
RemoveDirectoryW
SetEndOfFile
GetTempPathW
FindClose
GetFileAttributesW
SetCurrentDirectoryA
SetFileAttributesW
DeleteFileW
MoveFileExW
CopyFileW
GetTempFileNameW
GetTickCount
GetSystemTime
GetDiskFreeSpaceW
FileTimeToSystemTime
GetFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW

user32

CharToOemBuffW

shell32

SHGetFolderPathW

ole32

CoCreateGuid

gis643dex

db3dCreateConnect
db3dFree
db3dGetMetadata

gis64acces

mapOpenConnectEx
mapGetSiteObjectCount
mapSetSiteContext
mapGetSiteY2
mapGetSiteIdent
mapGetSiteX2
mapOpenDiagnostics
mapCloseMapAccess
mapAliasToNormalNameUn
mapIsNormalPathUn
mapGetPathShellUn
gmlGetFeaturiesDatasetUn
gmlOpenUn
mapRscUpdateXSD
mapGetRscFileNameUn
mapGetRscNameUn
mapSetMtrEllipsoidParam
mapGetMapScale
mapGetRstEllipsoidParam
mapOpenAnyData
mapIsMtrGeoSupported
mapSetMtrDatumParam
mapTransformationMap
mapGetSiteInfoEx
mapSetRstEllipsoidParam
mapGetMtrProjectionDataEx
mapGetRstProjectionData
mapIsRstGeoSupported
mapGetRstDatumParam
mapOpenRstUn
mapGetMtrDatumParam
mapSetRstDatumParam
mapIsGeoSupported
mapGetSiteDatum
mapGetTotalBorder
mapGetMtrEllipsoidParam
mapGetSiteScale
mapOpenMtrUn
mapSetMtrProjectionData
mapSetRstProjectionData
mapLoadKmlToMapEx
mapUserPlaneToGeoWGS84
mapRegisterFromMapType
mapUserGeoToGeoWGS84
gmlGetGmlBorder
mapCreateUserSystemParameters
mapGetObjectCount
mapMessageEnable
gmlGetJSONBorder
mapGetZoneByMeridian
mapGetProjectionNameByCodeUn
mapCheckInsideObject
mapAppendPointGeo
mapGetEllipsoidNameByCodeUn
mapGetHeightSystemNameByCodeUn
mapSeekObjectInList
mapUpdatePointGeo
mapCommitObjectEx
mapAppendPointGeoWGS84
mapObjectNumber
mapBuildAliasName
MapSortingSitePro
mapGetSiteFileNameUn
mapAppendSemanticLong
mapLogCommitAction
mapReadObjectByNumber
mapCommitObjectAsNewEx
mapIsObjectDeleted
mapSetMultiContourFlagForCommit
mapIsMultiContour
mapGetGeoPoint
mapGetGeoPointWGS84
mapCopySubjectOneMap
mapGetSiteEditFlag
mapYPlane
mapXPlane
mapOpenData
mapLoadLibrary
mapGetProcAddress
mapFreeLibrary
mapGetActualMtrFrame
mapGetMtrMeterInElementX
mapCheckNomenclature
mapObjectFrameGeoWGS84
mapGetRstMeterInElementX
mapGetMtdDensity
mapGetMtqMeterInElementX
mapGetActualRstFrame
mapGetActualMtqFrame
mapGetMtlAccuracy
mapCalcTopographicSheetEx
mapOpenRscUn
mapRscSaveToXSDPro
mapCreateLegendFromXMLEx
mapBuildLongNameUn
mapCreateTempSiteUn
mapRegisterUserEx
mapGetSiteY1
mapGetSiteLayerCount
mapGetAxisMeridianByZone
mapLogCreateAction
mapCloseData
mapSetMultiPolygonEx
mapCreateTempSitePro
mapCreateSubject
mapCreateSiteObject
mapGetSiteEllipsoidParameters
mapGeoWGS84ToPlane3D
mapSetMapAccessLanguage
mapDeleteSubject
mapDeleteUserSystemParameters
mapPointCount
mapGetRscIdent
mapCompareSystemParameters
mapUserPlaneToGeoWGS843D
mapSetExclusiveAccess
mapCloseConnect
mapGetSiteType
mapGetSiteX1
mapGetSiteCount
mapSetPathShellUn
mapGetRmfDataFiles
mapCompareFiles
mapFreeRmfDataFiles
mapDeleteMapByNameEx
mapCheckSQliteData
mapGetRmfDataFilesCount
mapGetMetadataFromSQlite
mapDeleteMapByNameUn
mapGetRmfDataFilesItem
mapCreateConnectToSQlite
mapFreeConnectToSQlite
mapGetSQliteFolderCount
mapCreateObject
mapGetSQliteFolderByNumber
mapClearSiteObject
mapGetCommonRscPathUn
mapGetEPSGCode
mapGetSiteDateAndTime
mapCloseRsc
ConvertFromXmlToStringUn
mapGetMapFilesName
mapIsMapSite
mapGetSheetNameUn
mapGetFileCrc32
mapReformNomenclatureVN2000
mapCheckNomenclatureUn
mapCheckFileExUn
mapSetCommonRscPathUn
mapOpenCommonRscUn
mapDeleteObjectByNumber
mapGetSiteObjectKeyByNumber
mapLongToString
mapClearSite
mapGetDataIdent
mapGetSiteNomenclatureUn
mapGetListCount
mapOpenDataUn
mapWriteToDiagnosticsLog
mapIsDiagnostics
mapErrorMessageLog
mapObjectKey
mapClearObject
mapAppendPointPlane3D
mapAppendSemanticUn
mapAppendPointPlane
mapPolyCount
mapPlaneToGeoWGS84
mapRegisterObject
mapGetDocProjection
mapCreateUserSystemParametersByEpsg
mapObjectFrame
mapDeleteSemantic
mapGetParametersForEPSG
mapUserGeoToGeoWGS843D
mapFreeObject

gis64mtrex

MtwProjectionReformingUn

gis64picex

RswProjectionReformingEvent
picexLoadRasterToRswUn
picexGetImageInfoByNameUn
picexPaintDataToFileUn

gis64vecex

ExportToDirPro
vecSaveMapToShpPro
SxfCheckSumAndCoordinatesUn
BuildPreviewImageFromAnySxfPro
mifLoadSheetFromFolder
BuildPreviewImageFromAnySxfUn
UnZipFileCount
UnZipFormatFilesToFolder
UpdateFromDirPro
vecLoadS57ToMapUn
UnZipToFolder
GetRscNameFromAnySxfUn
ImportFromAnySxfPro
cntMapOpenDataCheck
cntMapChecking
cntMapAdjusting
ImportFromDirPro
ExportToSxfUn
shpShapeProcReadPrj
mapGetSxfInfoByNameEx
GetSxfCheckSumUn
mapGetAnySxfInfoMeta
GetBorderMetricsFromAnySxfUn
SaveSxfFromHMapSelectUn
cntOpenScheme

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memcmp
memmove
wcsstr
__std_terminate
strstr
wcschr
strchr
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__current_exception
__current_exception_context
memset

api-ms-win-crt-string-l1-1-0

wcsncat_s
strncmp
_wcslwr
_stricmp
wcsncpy_s
_strnicmp
isdigit
strcmp

api-ms-win-crt-convert-l1-1-0

_itoa_s
_itow_s
_wtof
atoi
_wtoi
atof

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsscanf
__p__commode
fclose
fgets
_wfopen
fputs
puts
feof

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath
_wmakepath_s
_splitpath
_makepath
_wmakepath

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

fmin
fmax
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
_seh_filter_exe
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
terminate
_set_app_type
_initialize_narrow_environment
_register_onexit_function
_get_initial_narrow_environment
__p___argc
_initterm
_initterm_e
_crt_atexit
exit
_exit

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351eab7d0adb935c390497ef3575b399

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

gis643dex

gis64acces

gis64mtrex

gis64picex

gis64vecex

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 468KB - Virtual size: 468KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 13KB - Virtual size: 27KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 180B

.text
Size: 468KB - Virtual size: 468KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 13KB - Virtual size: 27KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 180B