daf1912162103c227833b8d830596cc0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

daf1912162103c227833b8d830596cc0_NeikiAnalytics
Size

1.5MB
MD5

daf1912162103c227833b8d830596cc0
SHA1

08fb6a6fd4b9c67994d003842818744ce4eeeee1
SHA256

1372ddc71fe4153ad324503026ec9bdc3b910b6d5f1a6086db2836094e69e4f2
SHA512

f5a322844b18950b2fdc876f13dc8fa43b4f1d8a58eec774799513ad2e13faec767f5d83663c610b7aeb9f2520d066d86a696caa0b8832df89ece90f0efbef3c
SSDEEP

24576:vjNV5M5O4VOuC116NcB67cpoHzmUcuGWOZLHTcXOvvfT4timDaA3E+:7n6NuAbHzmnW4TTc+vvfT4tiyaQE+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daf1912162103c227833b8d830596cc0_NeikiAnalytics

Files

daf1912162103c227833b8d830596cc0_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

da0a5a8ca9a6d77400883b2d877a1c88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

fmeutil

?FME_destroyPythonInterpreter@@YAXAAPAVIPythonInterpreter@@@Z
?FME_createPythonInterpreter@@YAKPAVIFMEMappingFile@@PAVIFMELogFile@@AAPAVIPythonInterpreter@@@Z

kernel32

GetProcessHeap
HeapFree
VirtualQuery
VirtualLock
VirtualAlloc
VirtualFree
DebugBreak
GetLastError
GetSystemInfo
IsBadCodePtr
VirtualQueryEx
GetCurrentProcessId
CreateMutexA
GetCurrentThreadId
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
HeapAlloc
SetEvent
Sleep
GetVersion
UnmapViewOfFile
OpenProcess
GetCurrentProcess
OpenMutexA
MapViewOfFileEx
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
OutputDebugStringA
IsDebuggerPresent
UnhandledExceptionFilter
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
GetStartupInfoW
CreateEventA
SetEndOfFile
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
ReadConsoleW
SetStdHandle
GetCurrentDirectoryW
SetFilePointerEx
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
GetStdHandle
EnumSystemLocalesW
IsValidLocale
CreateDirectoryW
MoveFileExW
DeleteFileW
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
GetFullPathNameA
GetFullPathNameW
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
LoadLibraryExW
RtlUnwind
RaiseException
GetStringTypeExA
LCMapStringA
TerminateProcess
InitializeSListHead
FindClose
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
IsProcessorFeaturePresent
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FreeLibrary
LoadLibraryA
GetUserDefaultLCID
GetFileAttributesW
SetEnvironmentVariableA
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter

stk

?beginsWith@?$UString@$0A@@ex@stk@@QBE_NABV123@Vcase_sensitive_t@detail@23@@Z
?rawData@?$UString@$0A@@ex@stk@@QBEPBDXZ
?size@?$UString@$0A@@ex@stk@@QBEIXZ
??4?$UString@$0A@@ex@stk@@QAEAAV012@$$QAV012@@Z
?case_insensitive@?$UString@$0A@@ex@stk@@2Vcase_insensitive_t@detail@23@B
?case_sensitive@?$UString@$0A@@ex@stk@@2Vcase_sensitive_t@detail@23@B
?init@?$UStringArray@$0A@@ex@stk@@AAEXXZ
?match@?$URegex@$0A@@ex@stk@@QBE?AV?$URegexMatch@$0A@@23@ABV?$UString@$0A@@23@@Z
??B?$URegex@$0A@@ex@stk@@QBE_NXZ
?compare@?$UString@$0A@@ex@stk@@QBEHABV123@Vcase_insensitive_t@detail@23@@Z
?compare@?$UString@$0A@@ex@stk@@QBEHABV123@Vcase_sensitive_t@detail@23@@Z
??H?$UString@$0A@@ex@stk@@QBE?AV012@ABV012@@Z
?isEmpty@?$UString@$0A@@ex@stk@@QBE_NXZ
?init@?$UString@$0A@@ex@stk@@IAEXPB_SI@Z
?deallocate@AllocatorHelper@detail@ex@stk@@IAEXPAXI@Z
?allocate@AllocatorHelper@detail@ex@stk@@IAEPAXIPBX@Z
?getLossyConversion@UStringEncodingException@ex@stk@@QAE?AV?$UString@$0A@@23@XZ
??1?$UStringArray@$0A@@ex@stk@@UAE@XZ
??0?$URegex@$0A@@ex@stk@@QAE@XZ
??8?$UString@$0A@@ex@stk@@QBE_NABV012@@Z
?getAsFoldedCase@?$UString@$0A@@ex@stk@@QBE?AV123@XZ
?getAsUtf16@?$UString@$0A@@ex@stk@@QBE?AV?$UString@$00@23@XZ
?rfind@?$UString@$0A@@ex@stk@@QBEIDI@Z
?init@?$UString@$0A@@ex@stk@@IAEXXZ
?rawData@?$UString@$00@ex@stk@@QBEPB_SXZ
?size@?$UString@$00@ex@stk@@QBEIXZ
?getAsUtf16@?$UString@$00@ex@stk@@QBE?AV123@XZ
??1?$UString@$00@ex@stk@@QAE@XZ
??0?$UString@$00@ex@stk@@QAE@PBDIABVEncoding@12@@Z
?rawData@?$UString@$06@ex@stk@@QBEPBDXZ
?size@?$UString@$06@ex@stk@@QBEIXZ
??1?$UString@$06@ex@stk@@QAE@XZ
??1?$URegex@$0A@@ex@stk@@QAE@XZ
?getAsEncoding@?$UString@$0A@@ex@stk@@QBE?AV?$UString@$06@23@ABVEncoding@23@@Z
??1?$UString@$0A@@ex@stk@@QAE@XZ
??0?$UString@$0A@@ex@stk@@QAE@$$QAV012@@Z
?substr@?$UString@$0A@@ex@stk@@QBE?AV?$UStringView@$0A@@23@II@Z
?prepend@?$UString@$0A@@ex@stk@@QAEAAV123@ABV123@@Z
?append@?$UString@$0A@@ex@stk@@QAEAAV123@ABV123@@Z
?replaceAll@?$UString@$0A@@ex@stk@@QAEAAV123@ABV123@0Vcase_sensitive_t@detail@23@@Z
??0?$UString@$0A@@ex@stk@@QAE@ABV012@@Z
??0?$UString@$0A@@ex@stk@@QAE@ABV?$UStringView@$0A@@12@@Z
??0?$UString@$0A@@ex@stk@@QAE@PBDIABVEncoding@12@@Z
?index@ObsoleteRegexp@@QBEIABVObsoleteString@@PAII@Z
??0ObsoleteRegexp@@QAE@ABVObsoleteString@@@Z
??0ObsoleteRegexp@@QAE@PBD@Z
??1?$PimplBase@VObsoleteRegexpImpl@@@detail@ex@stk@@IAE@XZ
??1ObsoleteDate@@QAE@XZ
?replaceAll@?$UString@$0A@@ex@stk@@QAEAAV123@DDVcase_sensitive_t@detail@23@@Z
?rstrip@?$UString@$0A@@ex@stk@@QAEAAV123@ABV?$vector@D@23@@Z
??0ObsoleteDate@@QAE@III@Z
??4?$UString@$0A@@ex@stk@@QAEAAV012@ABV012@@Z

user32

LoadStringA

Exports

Exports

??0PythonObject@@IAE@XZ
??0PythonObject@@QAE@ABV0@@Z
??1PythonObject@@MAE@XZ
??4PythonObject@@QAEAAV0@ABV0@@Z
??_7PythonObject@@6B@
DllSetMemoryErrorHandler
FME_acceptSession
FME_apiVersion
FME_createWriter
FME_destroyWriter
FME_initialize

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da0a5a8ca9a6d77400883b2d877a1c88

Headers

DLL Characteristics

File Characteristics

Imports

fmeutil

kernel32

stk

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 28KB - Virtual size: 231KB

.gfids Size: 512B - Virtual size: 420B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 28KB - Virtual size: 231KB

.gfids
Size: 512B - Virtual size: 420B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 85KB - Virtual size: 84KB