1284751e91e5d90990e3f4afe75a503b04aac0c9c8a1e44d0636dfa9265f7b15_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1284751e91e5d90990e3f4afe75a503b04aac0c9c8a1e44d0636dfa9265f7b15_NeikiAnalytics.exe
Size

104KB
MD5

59d897be59e34eaa6e954ec7fa7cf950
SHA1

7da7e69d4e48e1c56e562631f4d98bf89755f7cc
SHA256

1284751e91e5d90990e3f4afe75a503b04aac0c9c8a1e44d0636dfa9265f7b15
SHA512

dc321d9ff73a15e0db9952d2dfd93fa67349a44d1964ec0702ec8dc1cf2b6ab2363f935bfecfbacede5a5416309d2ccb7214f3738b0a0f05b8ffc40cb232c902
SSDEEP

3072:f1c2BgvsJmns9hxBvqIBK1dMbD4TtOgdc+:tc2BKsJmn+hxBg1dcqtOgdc+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1284751e91e5d90990e3f4afe75a503b04aac0c9c8a1e44d0636dfa9265f7b15_NeikiAnalytics.exe

Files

1284751e91e5d90990e3f4afe75a503b04aac0c9c8a1e44d0636dfa9265f7b15_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

273846c7dccb34d00a3dd6c604ddd20f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\Bike2\DevicePack_v2.12\DevicePack_v2.12.0.8\IPCamPack\LG\Release\LG.pdb

Imports

winmm

timeGetTime

ws2_32

ioctlsocket
select
gethostbyname
socket
htons
connect
closesocket
WSAGetLastError
send
recv

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetCurrentThreadId
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
InterlockedExchange
DisableThreadLibraryCalls
SetEvent
ResetEvent
CreateEventA
CloseHandle
CreateThread
TerminateThread
GetExitCodeThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
Sleep

user32

PtInRect

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA

rtsp

?CreateRTSPSource@@YAPAVCRTSPSource@@XZ
?ReleaseRTSPSource@@YAXPAVCRTSPSource@@@Z

dlmalloc_dp

?dl_free@@YAXPAX@Z
?dl_malloc@@YAPAXI@Z

msvcr80

vsprintf_s
??2@YAPAXI@Z
??0exception@std@@QAE@XZ
memcpy
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
strcpy_s
_mbsstr
_stricmp
atoi
_vscprintf
_ctime64
_time64
fclose
fprintf
fopen
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_purecall
_CxxThrowException
??3@YAXPAX@Z
strncmp
strncpy
??_U@YAPAXI@Z
sscanf
sprintf
free
__CxxFrameHandler3
memset
calloc
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

Exports

Exports

CreateLGIPCam

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

273846c7dccb34d00a3dd6c604ddd20f

Headers

File Characteristics

PDB Paths

Imports

winmm

ws2_32

kernel32

user32

advapi32

rtsp

dlmalloc_dp

msvcr80

msvcp80

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 684B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 684B

.reloc
Size: 8KB - Virtual size: 7KB