0fa5f5fda9818872325f33b181262cdc56db5a27525c1db0f9aef8c746a0487e_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0fa5f5fda9818872325f33b181262cdc56db5a27525c1db0f9aef8c746a0487e_NeikiAnalytics.exe
Size

109KB
MD5

1b9f4d8187f3555ea82db3069556afa0
SHA1

19befef065efd729b81d9600119dfc5e357ba5fd
SHA256

0fa5f5fda9818872325f33b181262cdc56db5a27525c1db0f9aef8c746a0487e
SHA512

73f59600a8b7513cf20fae95a2ddebe590439fe98497f7f153c8071d5d261b03b5489e75fade9f3732678ca6839921f36539e8c86ec231c7661fc14333439082
SSDEEP

3072:Z8jveKEJAOKU6Wi5hhysEE/umu0MirQpccdyROKVp1h:uLeKOPKJh4sEEmOB8pCOKVB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa5f5fda9818872325f33b181262cdc56db5a27525c1db0f9aef8c746a0487e_NeikiAnalytics.exe

Files

0fa5f5fda9818872325f33b181262cdc56db5a27525c1db0f9aef8c746a0487e_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

707757eeec7b18aed0e17e5e5b94c09e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\V4-x64\Platform\vscomm\Win32\v90\Release\VsComm-vc9u.pdb

Imports

ws2_32

listen
ioctlsocket
connect
WSACleanup
htons
socket
WSAStartup
sendto
inet_addr
closesocket
setsockopt
recvfrom
WSAGetLastError

kernel32

GetSystemTimeAsFileTime
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentThreadId
GetWindowsDirectoryW
GetUserDefaultLangID
MultiByteToWideChar
WideCharToMultiByte
GlobalMemoryStatusEx
GetCurrentProcess
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
GetLastError
SetFileAttributesW
FindFirstFileW
GetDiskFreeSpaceExW
lstrlenW
CloseHandle
CreateFileW
SetCommConfig
GetDefaultCommConfigW
SetupComm
CreateEventW
SetCommState
GetCommState
SetCommMask
SetEvent
CancelIo
WaitForSingleObject
WaitCommEvent
SetCommTimeouts
GetCommTimeouts
GetOverlappedResult
WriteFile
ReadFile
PurgeComm
ClearCommBreak
Sleep
SetCommBreak
ClearCommError
GetCommModemStatus
CreateThread
ResetEvent
InterlockedExchange

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mfc90u

ord3355
ord1667
ord2277
ord4510
ord1601
ord2103
ord1934
ord1935
ord1938
ord4000
ord6411
ord4405
ord6760
ord814
ord5008
ord2057
ord2069
ord2084
ord2046
ord6579
ord2360
ord2904
ord2372
ord1383
ord4516
ord4324
ord329
ord3485
ord962
ord1544
ord5809
ord6103
ord1613
ord5812
ord6119
ord610
ord1137
ord1239
ord391
ord1152
ord1183
ord811
ord663
ord1552
ord608
ord1542
ord1599
ord324
ord5535
ord404
ord2523
ord1243
ord2458
ord287
ord291
ord5767
ord1219
ord6811
ord1276
ord3185
ord2479
ord6659
ord1248
ord758
ord554
ord1064
ord5908
ord1609
ord1664
ord1041
ord5894
ord781
ord1565
ord6835
ord5543
ord579
ord5851
ord2694
ord1453
ord6604
ord1607
ord285
ord3220
ord1493
ord4654
ord5664
ord3286
ord4681
ord3496
ord5632
ord4631
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord3515
ord374
ord595
ord639
ord615
ord290
ord4668
ord5247
ord773
ord5681
ord5086
ord6120
ord5813
ord1614
ord4709
ord4584
ord5177
ord5300
ord6104
ord5810
ord1563
ord963
ord3649
ord572
ord799
ord1250
ord1254
ord296
ord2537
ord265
ord266
ord286
ord280
ord600
ord813
ord406
ord909
ord2490
ord665
ord801
ord5167
ord949

msvcr90

__dllonexit
_wfindfirst64i32
__CxxFrameHandler3
free
wcsncpy_s
wcscpy_s
memcpy
malloc
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
vswprintf_s
calloc
_recalloc
?what@exception@std@@UBEPBDXZ
_purecall
strtok
strcpy_s
memset
strlen
atoi
isdigit
strtok_s
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
_findclose
_unlock
printf
memmove_s
_localtime64_s
wcsftime
_time64
_wtoi
atol
atof
_strnset_s
isprint
isspace
memmove
strcat_s
strcmp
strncpy_s

user32

SetTimer
MessageBoxW
EnableWindow
SendMessageW

oleaut32

SysFreeString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??Bios_base@std@@QBEPAXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$allocator@D@std@@QAE@ABV01@@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?max_size@?$allocator@D@std@@QBEIXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$allocator@D@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

psapi

GetProcessMemoryInfo

Exports

Exports

??0CVTComm@@QAE@ABV0@@Z
??0CVTComm@@QAE@XZ
??1CVTComm@@UAE@XZ
??4CVTComm@@QAEAAV0@ABV0@@Z
??_7CVTComm@@6B@
?CreateComm@@YAPAVCVTComm@@PAD0@Z
?GetData@CVTComm@@UAEPADXZ
?SetRDataCallback@CVTComm@@UAEXP6AXPAXI@Z0W4PORT_TYPE@@@Z

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

707757eeec7b18aed0e17e5e5b94c09e

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

version

mfc90u

msvcr90

user32

oleaut32

msvcp90

psapi

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 7KB - Virtual size: 6KB