baff71070b18e7c12826167190682c40_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

baff71070b18e7c12826167190682c40_NeikiAnalytics
Size

15KB
MD5

baff71070b18e7c12826167190682c40
SHA1

85316b95ee3333690b4450de151f88ea3c6885ec
SHA256

c67df5fe9be623ad69e506411c7ab0ef029ef4ca9bec59fc317e7e45b32667c5
SHA512

739b57d01f69a1d29b6acac39ea4d37ca5f4cd5d6bfbc9c88027363012351e7c5089172b03348368ccf9ad0ba493e5fd676c5a99e7f0f83ee21fb00a10fe5af4
SSDEEP

384:ENfdZAz72Q9Jf1KIXS1W8j/lBSHkON/VAiv4:6f3AvDLKIX4WMrSEONtA24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baff71070b18e7c12826167190682c40_NeikiAnalytics

Files

baff71070b18e7c12826167190682c40_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

e5761eb6fd6f1604019a81d2740729c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Jenkins\jobs\ConfigCalc_Windows_Release\workspace\Source\Release\CCLauncher.pdb

Imports

kernel32

CreateProcessW
WaitForSingleObject
GetStdHandle
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcr100

_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
_initterm
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
exit
__CxxFrameHandler3
memcpy
_CxxThrowException
memset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5761eb6fd6f1604019a81d2740729c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp100

msvcr100

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 988B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 864B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 988B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 864B