45a0a9894d67d1a2b12de01f3b684f796f442ea8f597ed14c83efb894ea2d528_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

45a0a9894d67d1a2b12de01f3b684f796f442ea8f597ed14c83efb894ea2d528_NeikiAnalytics.exe
Size

494KB
MD5

9a62887326200d076beef87b8a338440
SHA1

e0e15ddd91c2b96798901a350bf7da7424e1d2fe
SHA256

45a0a9894d67d1a2b12de01f3b684f796f442ea8f597ed14c83efb894ea2d528
SHA512

bf3816958bc27fb8977f09596ebed0a4d80503c406f30e644dfe0327570d52806332f68337ee4019577a8f5e4410e086eac7ef19176af12ff877519ca36b1a89
SSDEEP

12288:WLpUZOo8zRYId0/PUn4Ud0gyEQWt/r4s0H+Gx0S5FxbDr18Y:WVUqcWlbGR0S5FZr1Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45a0a9894d67d1a2b12de01f3b684f796f442ea8f597ed14c83efb894ea2d528_NeikiAnalytics.exe

Files

45a0a9894d67d1a2b12de01f3b684f796f442ea8f597ed14c83efb894ea2d528_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

373dabd1d743d1594cca428ba046736f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Dev\BSS\Code\BSS Robot\Release\BSS Robot.pdb

Imports

mxp_softmotion

ord404
ord201
ord307
ord212
ord110
ord210
ord211
ord205
ord204
ord309
ord203
ord310
ord400
ord202
ord402
ord303
ord2
ord16
ord14
ord3
ord11
ord1

paho-mqtt3a

MQTTAsync_freeMessage
MQTTAsync_send
MQTTAsync_connect
MQTTAsync_subscribe
MQTTAsync_setCallbacks
MQTTAsync_destroy
MQTTAsync_create
MQTTAsync_getVersionInfo
MQTTAsync_free

mfc120u

ord2970
ord1518
ord280
ord2416
ord2415
ord887
ord1386
ord10919
ord7704
ord3790
ord14094
ord8921
ord2666
ord9246
ord5324
ord6436
ord9091
ord9116
ord12048
ord2718
ord13612
ord6121
ord3361
ord3362
ord11271
ord10896
ord12006
ord960
ord1435
ord8771
ord9053
ord12358
ord12969
ord3329
ord6729
ord1714
ord2855
ord11191
ord10912
ord9150
ord2975
ord12361
ord12986
ord10632
ord12127
ord7004
ord4176
ord3103
ord9007
ord6393
ord1063
ord450
ord1105
ord2478
ord4128
ord4606
ord13149
ord13907
ord3911
ord9938
ord13153
ord10309
ord9582
ord5085
ord4434
ord2948
ord3829
ord2951
ord8626
ord4179
ord3105
ord9009
ord6400
ord1067
ord3302
ord3144
ord6488
ord1173
ord5785
ord2967
ord5824
ord285
ord3330
ord3898
ord11999
ord2640
ord5838
ord13563
ord11592
ord6774
ord14455
ord7807
ord14449
ord3013
ord4451
ord9574
ord4459
ord4909
ord4874
ord4867
ord4905
ord4932
ord4883
ord2130
ord4928
ord4891
ord4895
ord4899
ord4887
ord4920
ord4879
ord1736
ord1727
ord1731
ord13997
ord1711
ord12132
ord12134
ord13738
ord3224
ord9137
ord10883
ord6875
ord12095
ord8846
ord14447
ord11811
ord3795
ord11964
ord9019
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord2719
ord8092
ord3260
ord3263
ord13616
ord6123
ord3218
ord3324
ord4196
ord2343
ord2347
ord462
ord265
ord8352
ord8268
ord12736
ord8206
ord5262
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord3809
ord5821
ord12114
ord12122
ord4546
ord8099
ord10314
ord12126
ord12094
ord12799
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord13991
ord3122
ord7954
ord1520
ord286
ord8699
ord2480
ord5327
ord3562
ord10353
ord7384
ord3654
ord2204
ord2173
ord6452
ord6032
ord9020
ord6758
ord1110
ord6392
ord1108
ord1130
ord1449
ord6462
ord6469
ord3839
ord999
ord6743
ord10136
ord1723
ord3102
ord6020
ord5693
ord12043
ord4916
ord3223
ord296
ord1042
ord4772
ord2262
ord1658
ord4049
ord13771
ord7206
ord13302
ord949
ord2163
ord2230
ord2261
ord7881
ord1467
ord992
ord7542
ord10260
ord266
ord1506
ord1508
ord2367
ord1698
ord11079

msvcr120

memcpy
_CxxThrowException
__CxxFrameHandler3
_time64
_localtime64_s
isprint
_finite
_ecvt_s
?wait@Concurrency@@YAXI@Z
?_Yield@_Context@details@Concurrency@@SAXXZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?terminate@@YAXXZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
free
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_purecall
fwrite
_wassert
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_vsnprintf_s
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
_wtol
_mktime64
calloc
_recalloc
atof
atoi
_wtof
_wtoi
exit
fclose
fflush
?what@exception@std@@UBEPBDXZ
_fsopen
memmove

kernel32

SetEvent
WritePrivateProfileStringW
GetTickCount
WaitForMultipleObjects
ResetEvent
GetPrivateProfileStringW
CreateFileW
SetupComm
PurgeComm
GetCommTimeouts
SetCommTimeouts
GetCommState
SetCommState
CreateThread
SetCommMask
CloseHandle
OutputDebugStringW
GetOverlappedResult
ClearCommError
ReadFile
WaitCommEvent
CreateEventW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
Sleep
GetModuleFileNameW
LoadLibraryW
GetCurrentThreadId
GetDynamicTimeZoneInformation
WriteFile
WideCharToMultiByte
GetLastError
GetSystemTimeAsFileTime

user32

GetClientRect
SendMessageW
LoadIconW
UpdateWindow
PostMessageW
PeekMessageW
EnableWindow
GetWindowTextW
DrawEdge
InvalidateRect
KillTimer
DrawIcon
GetSystemMetrics
IsIconic
SetTimer

gdi32

CreateFontW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW

ws2_32

htons
ntohs
listen
WSAStartup

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_Xtime_get_ticks
?_Throw_C_error@std@@YAXH@Z
_Thrd_join
_Mtx_init
_Mtx_lock
_Mtx_unlock
_Mtx_destroy
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_yield
xtime_get
_Xtime_diff_to_millis2
_Thrd_sleep
_Thrd_current
_Thrd_equal
?_Xbad_function_call@std@@YAXXZ
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
??1_Pad@std@@QAE@XZ
?_Release@_Pad@std@@QAEXXZ
??0_Pad@std@@QAE@XZ
?_Syserror_map@std@@YAPBDH@Z

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

373dabd1d743d1594cca428ba046736f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mxp_softmotion

paho-mqtt3a

mfc120u

msvcr120

kernel32

user32

gdi32

comctl32

shlwapi

ws2_32

msvcp120

Sections

.text Size: 277KB - Virtual size: 277KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 118KB - Virtual size: 117KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 277KB - Virtual size: 277KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 29KB - Virtual size: 28KB