3589ccc447c8961fdc5d1a0f8bd9401c3f23b4d6236b9509c563e17d43099900_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3589ccc447c8961fdc5d1a0f8bd9401c3f23b4d6236b9509c563e17d43099900_NeikiAnalytics.exe
Size

134KB
MD5

ba9d343e4ba7b816aed92930b28eb8b0
SHA1

23105f7e0291f423e1495fc8da307270ab6883e5
SHA256

3589ccc447c8961fdc5d1a0f8bd9401c3f23b4d6236b9509c563e17d43099900
SHA512

ffef1e6c07d2a152d08007b5b15f1261b22d93c73a83c02c6c117cf313193191e6f344deb5cbd0f1c0e361e47d3587fdad8f3e20ee80ec90ba7ee3ce422becaf
SSDEEP

1536:mvW9Pb6R+09fTiGwbTh7xHyrta0NYEuw7tJt0wIgzbv5RW+EMW+EXg/T+l:m6M39ffwvh75sa0NY/wpJt9F53E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3589ccc447c8961fdc5d1a0f8bd9401c3f23b4d6236b9509c563e17d43099900_NeikiAnalytics.exe

Files

3589ccc447c8961fdc5d1a0f8bd9401c3f23b4d6236b9509c563e17d43099900_NeikiAnalytics.exe
.exe windows:1 windows x86 arch:x86

8ca63c18f63db839d0299c2b97569a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

c60runx

Cla$ACCEPTED
Cla$ADDqueue
Cla$ADDqueuekey
Cla$ALERT
Cla$ALIAS
Cla$CLEAR
Cla$CLEARqueue
Cla$clearstr
Cla$CLOCK
Cla$CLOSEwindow
Cla$code
Cla$comparestr
Cla$DecDistinct
Cla$DELETEqueue
Cla$DISABLE
Cla$DISPLAY
Cla$DPopDec
Cla$DPopLong
Cla$DPushDec
Cla$DPushLong
Cla$DPushULong
Cla$ERRORCODE
Cla$EVENT
Cla$FIELD
Cla$FILE_ADDf
Cla$FILE_CLEAR
Cla$FILE_NEXT
Cla$FILE_RECORDSf
Cla$FILE_SETf
Cla$FILE_SET_PROPERTY
Cla$FIRSTFIELD
Cla$FOCUS
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GETINI
Cla$GetPropS
Cla$GETqueuekey
Cla$GETqueueptr
Cla$HIDE
Cla$init
Cla$KEYCODE
Cla$LASTFIELD
Cla$LFNDIRECTORY
Cla$loadbtdate
Cla$loadbttime
Cla$Locale
Cla$longtostr
Cla$Mem2Ufo
Cla$MessageBox
Cla$OPENwindow
Cla$paopen
Cla$POKE
Cla$PopCString
Cla$PopString
Cla$PopTemp
Cla$POST
Cla$PRESSKEY
Cla$PushCString
Cla$PushLong
Cla$PushPictDec
Cla$PushPictLong
Cla$PushReal
Cla$PushString
Cla$PushTemp
Cla$PUTINI
Cla$PUTqueue
Cla$pwopen
Cla$RECORDSqueue
Cla$SELECTED
Cla$SETCLIPBOARD
Cla$SETCURSOR
Cla$SETPATH
Cla$SetPropS
Cla$SetPropV
Cla$SHORTPATH
Cla$Stack2DStack
Cla$StackCLIP
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackConcat
Cla$StackConcatR
Cla$StackErrstr
Cla$StackINSTRING
Cla$StackLEFT
Cla$STACKpop
Cla$StackRotate
Cla$StackSUB
Cla$StackUPPER
Cla$StackVAL
Cla$START
Cla$START1
Cla$START2
Cla$START3
Cla$StashBP
Cla$STOP
Cla$storebtdate
Cla$storebttime
Cla$storecstr
Cla$storestr
Cla$String2Ref
Cla$THREAD
Cla$TODAY
Cla$UNHIDE
THR$GetInstance
Wsl$CloseDown
_exit
_free
_malloc
__sysinit
__sysstart

kernel32

CloseHandle
CreateFileMappingA
CreateMutexA
GetLastError
GetVersionExA
MapViewOfFile
OpenEventA
OutputDebugStringA
SetEvent
WaitForSingleObject

sconfig

CONFIGURACIONEMPRESA@Fsbsb
SCONFIG:INIT@F10ERRORCLASS8INICLASS
SCONFIG:KILL@F

sdatos_1

$ACCESS:BOTONES
$ACCESS:CONFBACKLOCAL
$ACCESS:CONFSIST
$ACCESS:CONFSUEL
$ACCESS:EMPRESAS
$ACCESS:SERVIDORES
$ACCESS:SIJP
$ACCESS:T_RESPUESTA
$ACCESS:USUARIOS
$CONFBACKLOCAL
$CONFSUEL
$GLO:CONTROLSALIR
$GLO:GLO:MAINTHREADNO
$GLO:NOMBRESARCHIVOS
$GLO:PANTALLAINACTIVA
$GLO:PROTECTORLANZADO
$GLO:SQLCONEXION
$GLO:SQLCONSULTA
$GLO:SQLRESPUESTA
$GLO:TRACEPROCEDIMIENTOS
$GLO:VARIOS
$GLOBALREQUEST
$GLOBALRESPONSE
$G_RESPUESTA
$JAL:QMENUBYTHREAD
$JAL:QPRESSEDBUTTONS
$JALCURRENTMENU
$RELATE:BOTONES
$RELATE:CONFBACKLOCAL
$RELATE:USUARIOS
$SEG:SEGURIDAD
$SEG:SEGURIDADHABILITADA
$SEG:SUELDOS
$SEG:USUARIO
$SERVIDORES
$SIJP
$T_RESPUESTA
$VCRREQUEST
ADDITEM@F13WINDOWMANAGER12TOOLBARCLASS
ASK@F13WINDOWMANAGER
BOTONES$BOTO:KEY01
BOTONES$BOTO:RECORD
BOTONES$TYPE$BOTO:RECORD
CHANGEACTION@F13WINDOWMANAGER
CONFBACKLOCAL$CBL:KEY01
CONFBACKLOCAL$CBL:RECORD
CONFBACKLOCAL$TYPE$CBL:RECORD
CONFSIST$COSI:KEY01
CONFSIST$COSI:RECORD
CONFSIST$TYPE$COSI:RECORD
CONFSUEL$COSU:RECORD
CONSTRUCT@F10ERRORCLASS
CONSTRUCT@F16ERRORSTATUSCLASS
CONSTRUCT@F8INICLASS
DELETEACTION@F13WINDOWMANAGER
DESTRUCT@F16ERRORSTATUSCLASS
EMPRESAS$EMPR:KEY01
EMPRESAS$EMPR:RECORD
EMPRESAS$TYPE$EMPR:RECORD
INIT@F10ERRORCLASS16ERRORSTATUSCLASS
INIT@F13WINDOWMANAGER
INIT@F8INICLASSsbll
INSERTACTION@F13WINDOWMANAGER
JALGETMENUINFO@Fl
KILL@F13WINDOWMANAGER
KILL@F8INICLASS
OPEN@F13WINDOWMANAGER
OPEN@F13WINDOWMANAGERBwBw
PRIMEFIELDS@F13WINDOWMANAGER
PRIMEUPDATE@F13WINDOWMANAGER
RESET@F13WINDOWMANAGERUc
RESTOREFIELD@F13WINDOWMANAGERl
RUN@F13WINDOWMANAGER
RUN@F13WINDOWMANAGERUsUc
SAVEONCHANGEACTION@F13WINDOWMANAGER
SAVEONINSERTACTION@F13WINDOWMANAGER
SDATOS_1:INIT@F10ERRORCLASS8INICLASS
SDATOS_1:KILL@F
SERVIDORES$SERV:RECORD
SETALERTS@F13WINDOWMANAGER
SETPROCEDURENAME@F10ERRORCLASSOsb
SETRESPONSE@F13WINDOWMANAGERUc
SIJP$SIJP:KEY01
SIJP$SIJP:RECORD
SIJP$TYPE$SIJP:RECORD
TAKEACCEPTED@F13WINDOWMANAGER
TAKECLOSEEVENT@F13WINDOWMANAGER
TAKECOMPLETED@F13WINDOWMANAGER
TAKEDISABLEBUTTON@F13WINDOWMANAGERlUc
TAKEEVENT@F13WINDOWMANAGER
TAKEFIELDEVENT@F13WINDOWMANAGER
TAKENEWSELECTION@F13WINDOWMANAGER
TAKENOTIFY@F13WINDOWMANAGERlll
TAKEREJECTED@F13WINDOWMANAGER
TAKESELECTED@F13WINDOWMANAGER
TAKEWINDOWEVENT@F13WINDOWMANAGER
TCB$JAL:QMENUBYTHREAD
TCB$JAL:QPRESSEDBUTTONS
TYPE$TOOLBARCLASS
T_RESPUESTA$T_RES:RECORD
UPDATE@F13WINDOWMANAGER
USUARIOS$TYPE$USUA:RECORD
USUARIOS$USUA:KEY01
USUARIOS$USUA:RECORD
VMT$ERRORCLASS
VMT$ERRORSTATUSCLASS
VMT$INICLASS
VMT$TOOLBARCLASS

sexpordbf

CONVERSIONLIQUIDACIONSUELDOSDBFWINDOW@F
CONVERSIONPERSONALSUELDOSDBFWINDOW@F
SEXPORDBF:INIT@F10ERRORCLASS8INICLASS
SEXPORDBF:KILL@F

sfichas

FICINDABM@F
FICINDALTA@F
FICINDBORRARDATO@F
FICINDBORRARMODELO@F
FICINDDEPURAR@F
SFICHAS:INIT@F10ERRORCLASS8INICLASS
SFICHAS:KILL@F

simpt

IMPORTARPERSONAL@F
SIMPT:INIT@F10ERRORCLASS8INICLASS
SIMPT:KILL@F

simpw

IMPORTACIONSUEWINBTB@F
SIMPW:INIT@F10ERRORCLASS8INICLASS
SIMPW:KILL@F

sinfgen

SINFGEN:INIT@F10ERRORCLASS8INICLASS
SINFGEN:KILL@F

sinfsuel

CALCULORESUMENWINDOWS@F
CERTSERVABM@F
CERTSERVWINDOW@Fsb
CONFIGURACIONSICORE@F
GENERACIONSICORE@F
INFORMESDIVERSOSABM@F
INFORMESDIVERSOSEXPORTARDBF@F
L_CERTIFICADOART80@F
L_CERTIFICADOSSERVICIOS@F
L_HOJASLIBROLEYMATRIZ@F
L_LEGAJOSLIBROLEY@F
L_LEGAJOSLIBROLEYBSAS@F
L_LIBROLEY@F
L_LIBROLEYBSAS@F
L_LIBROLEYCOMPRIMIDO@F
L_LIBROLEYCOMPRIMIDOBSAS@F
L_LIBROLEYENBLANCO@F
L_LIBROLEYMATRIZ@F
L_RECIBOSREDIR_OK@F
RESUMENCONSULTA@F
SINFSUEL:INIT@F10ERRORCLASS8INICLASS
SINFSUEL:KILL@F

slib1

AGREGARDISCODATOS@F
AGREGOHORASTRABAJADAS@Fbdbtbdbt
AGREGOTRACEPROC@Fsb
ARMOSTRINGCONEXION@Fs
BACKUPWINDOW@Fsb
BORROTEMPORALES@FUc
BOTONESACCESORAPIDOABM@Fsb
CALCULADORABTBPROC@F
CALENDARIOBTBPROC@F
CAMBIOCLAVE@F
CAMBIOSPORVERSION@Fsb
CANTIDADVENTANASABIERTAS@F
CARGORANGOSCONTABLES@F
CARTELAVISOBACKUP@F
CONFIGIMPRESORA@Fsb
CONFIGURACIONBACKUPLOCAL@F
CONFIGURACIONGENERALOK@Fsb
CONSULTASQL@FsbRUcsbsbUc
CONSULTASQLARCHIVO@FsbRUcsbsbBfUc
CONTROLMENUSESPECIALES@FsbRUc
DATOSINI@Fsbsbssb
DATOSLLAVE@F
EMPRESAACTIVALOC@F
IMPRIMIRMANUAL@F
INICIARSISTEMALOC@Fsb
LLAMARHELP@Fsb
MANEJODECARPETAS@Fsbsb
MEJORASCONS@F
MENUEMPRESAS@FRUcRsbsbUcUc
NOMBREARCHIVOSTEMPORALES@F
NOMBREEJECUTABLEACTUAL@F
PARAMETROSGENERALES@F
PROTECTORPANTALLA@F
R_ERROR@FsOsb
SLIB1:INIT@F10ERRORCLASS8INICLASS
SLIB1:KILL@F
VERMANUALWORD@FOsbOsbPl
VERSION@F

slib2

ARCHIVOTESTIGO@FsbOsb
SLIB2:INIT@F10ERRORCLASS8INICLASS
SLIB2:KILL@F

slib3

SLIB3:INIT@F10ERRORCLASS8INICLASS
SLIB3:KILL@F
UNIFICAROBRASOC@F

slibseg

BLOQUEARSISTEMA@F
SLIBSEG:INIT@F10ERRORCLASS8INICLASS
SLIBSEG:KILL@F
VERIFICAREMPRESASEGURIDAD@FRUcsb
VERIFICARSEGURIDADGENERAL@FRUcRUc

sliquid

ABM_DIS_SIJP@F
ABM_DIS_UOCRA@F
BILLETESLIST@F
BORRARLIQUIDACION@F
CAMBIARCABECERA@F
CONSULTALIQUIDACION@F
GENERARARCHIVOSIJP@F
GENERARARCHIVOUOCRA@F
GENERARPAGOBANCARIO@F
LIQCABEVER@F
LIQUIDACIONLIST@F
LIQUIDARSUELDOS@Fsb
SLIQUID:INIT@F10ERRORCLASS8INICLASS
SLIQUID:KILL@F

smaeaux

BILLETESABM@F
CODPOSTABM@F
FERIADOSABM@Fsb
JURISDICABM@Fsb
PAISESABM@Fsb
SERVIDORESSQLCONS@F
SMAEAUX:INIT@F10ERRORCLASS8INICLASS
SMAEAUX:KILL@F

smaegen

CUENTASABM@Fsb
SMAEGEN:INIT@F10ERRORCLASS8INICLASS
SMAEGEN:KILL@F

smaesuel

AFJPABM@F
CENSUEABM@F
CONFIGSUELDOS@F
DEPOSITOSCARSOCABM@F
DOCANSESABM@F
DOMTRABABM@F
ESTCIVILABM@F
OBRASOCABM@F
PARENTESABM@F
PERSONALABM@F
PERSONALCENCOSABM@F
SMAESUEL:INIT@F10ERRORCLASS8INICLASS
SMAESUEL:KILL@F

smodsuel

CONFIMPORTADINDIV@F
CORREGIRSIGNOSMODFOR@F
DATODETGENABM@F
DATODETGENLIST@F
DATODETINDABM@F
DATODETINDLIST@F
DATOGENEXPORTACION@F
DATOTABABM@F
IMPORTARDATOSINDIVIDUALES@F
MODCABABM@F
MODCABIMPORTACION@F
MODCABLIST@F
MODEMPCONS@F
SMODSUEL:INIT@F10ERRORCLASS8INICLASS
SMODSUEL:KILL@F

srecalc

SRECALC:INIT@F10ERRORCLASS8INICLASS
SRECALC:KILL@F

svardoc

COPIARCOMPROBANTESMODELO@Fsbsb
DISENIARCOMPROBANTESABM@Fsbsbsb
IMPORTARVARDOC@Fsb
SVARDOC:INIT@F10ERRORCLASS8INICLASS
SVARDOC:KILL@F

user32

GetSystemMenu
RemoveMenu
SetForegroundWindow
SystemParametersInfoA

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ca63c18f63db839d0299c2b97569a95

Headers

File Characteristics

Imports

c60runx

kernel32

sconfig

sdatos_1

sexpordbf

sfichas

simpt

simpw

sinfgen

sinfsuel

slib1

slib2

slib3

slibseg

sliquid

smaeaux

smaegen

smaesuel

smodsuel

srecalc

svardoc

user32

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 4KB

.cwtls Size: 512B - Virtual size: 1KB

.idata Size: 13KB - Virtual size: 13KB

.rsrc Size: 77KB - Virtual size: 76KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 4KB

.cwtls
Size: 512B - Virtual size: 1KB

.idata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 77KB - Virtual size: 76KB

.reloc
Size: 4KB - Virtual size: 4KB