3f5d9307bfa1946ac68f389840e3b9ffe24de75019315519f2ce86233a483c2c_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3f5d9307bfa1946ac68f389840e3b9ffe24de75019315519f2ce86233a483c2c_NeikiAnalytics.exe
Size

2.6MB
MD5

8f8498547de56dc5b637550a54c15b50
SHA1

846915b1e3b7bce4a9e85443d3d990ae41452c40
SHA256

3f5d9307bfa1946ac68f389840e3b9ffe24de75019315519f2ce86233a483c2c
SHA512

2e1c0c305fe564f4eecd531308acae07230ba4ffac9db2636e26bff5feba84c6e93a9fdca5b7d7f4aed0d86e07eea936a432bf3232dafcece249195f20274421
SSDEEP

49152:US0aZZFeb0/uJKNAiIkXdBsO00hlvS3gD+ib0mYCMRIxA3TpXlbNzPC8j610dm/m:US0aZZFeb0/uJKNAiIkXdBsO00hlvS3/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f5d9307bfa1946ac68f389840e3b9ffe24de75019315519f2ce86233a483c2c_NeikiAnalytics.exe

Files

3f5d9307bfa1946ac68f389840e3b9ffe24de75019315519f2ce86233a483c2c_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

afdcbc29bc931067e5af10f0f34bd348

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetModuleHandleA
GetCurrentThreadId
ExitThread
GetVersion
GetFileType
GetStdHandle
MultiByteToWideChar
InterlockedCompareExchange
DuplicateHandle
CreateThread
GetCurrentProcess
Sleep
TlsAlloc
InterlockedIncrement
ResumeThread
CreateEventA
SetEvent
OpenFileMappingA
LeaveCriticalSection
GetVolumeInformationA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
FreeLibrary
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
TlsSetValue
TlsGetValue
TlsFree
ReadFile
CreateMutexA
GetTempPathA
GetLastError
GetCurrentProcessId
GlobalMemoryStatus
MapViewOfFile
UnmapViewOfFile
FindNextFileA
FindFirstFileA
GetVersionExA
ReleaseSemaphore
CreateSemaphoreA
TerminateThread
FormatMessageA
DeviceIoControl
LocalAlloc
InterlockedDecrement
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
HeapFree
GetProcessHeap
HeapAlloc
GetFileSize
GetLocalTime
SetErrorMode
HeapReAlloc
GetModuleFileNameA
SearchPathA
OpenSemaphoreA
FlushConsoleInputBuffer
LocalFree
OpenMutexA
WaitForSingleObject
SetFilePointer
WriteFile
ReleaseMutex
CreateFileA
CloseHandle
GetCurrentThread

shell32

SHGetSpecialFolderPathA

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics

ws2_32

shutdown
closesocket
bind
listen
setsockopt
htons
select
connect
ioctlsocket
gethostbyname
socket
gethostname
send
recvfrom
__WSAFDIsSet
accept
WSAGetLastError
WSACleanup
WSAStartup
htonl

advapi32

DeregisterEventSource
RegisterEventSourceA
GetUserNameA
ReportEventA

iphlpapi

GetAdaptersInfo

dforrt

for_write_seq_fmt_xmit
for_write_seq_fmt
for_set_reentrancy
for_check_flawed_pentium
_OtsMove
for_stop_core
for_write_int_fmt
_OtsStringIndex
_OtsMoveMinimum
for_read_int_fmt
for_inquire
for_read_seq_fmt
_OtsFill
GETTIM
GETDAT
for_write_int_fmt_xmit
for_rewind
NARGS
_OtsStringCompareLssPadded
_OtsStringCompareLeqPadded
fpowi
for_write_seq
for_write_dir
_FIcos
_FIsin
_FIanint
_OtsStringCompareEqlPadded
for_close
for_open
for_dealloc_allocatable
GETARG
for_read_seq
for_read_dir
GETENVQQ
for_check_mult_overflow
for_allocate
for_rtl_finish_
for_rtl_init_
for__nt_signal_handler

msvcrt

getenv
printf
_snprintf
ceil
_ftol
_vsnprintf
mktime
gmtime
time
strftime
??3@YAXPAX@Z
??2@YAPAXI@Z
strncpy
memchr
tolower
toupper
isupper
_stricmp
isdigit
__CxxFrameHandler
strlen
malloc
free
realloc
calloc
qsort
memmove
sprintf
_except_handler3
strstr
_stat
_getcwd
_chdir
_mkdir
srand
wcsstr
strcpy
localtime
fwrite
_iob
sscanf
strncmp
strcmp
_putenv
strcat
strncat
strerror
fopen
memset
fclose
fprintf
_pctype
_isctype
__mb_cur_max
memcpy
strtok
_exit
raise
strtoul
vfprintf
isspace
_errno
fread
fflush
_wfopen
_wstat
_beginthread
_endthread
_mktemp
_ftime
strrchr
fgets
_open
_locking
isxdigit
_close
_unlink
_fullpath
_chmod
_getpid
_setmode
ftell
fseek
_strnicmp
fputs
_getch
signal
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
strchr
atoi
exit
_statusfp
_control87

msvcp60

?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afdcbc29bc931067e5af10f0f34bd348

Headers

File Characteristics

Imports

kernel32

shell32

user32

ws2_32

advapi32

iphlpapi

dforrt

msvcrt

msvcp60

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 216KB - Virtual size: 212KB

.data Size: 192KB - Virtual size: 1.5MB

.rsrc Size: 4KB - Virtual size: 888B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 216KB - Virtual size: 212KB

.data
Size: 192KB - Virtual size: 1.5MB

.rsrc
Size: 4KB - Virtual size: 888B