ddb1184c9ef61dd7956d09e4e15692c0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

ddb1184c9ef61dd7956d09e4e15692c0_NeikiAnalytics
Size

1.3MB
MD5

ddb1184c9ef61dd7956d09e4e15692c0
SHA1

10ed84b65fe2f307d90eb05c57de62cfc935ed50
SHA256

926615763947ac538c35097dc42c5fe513552de97226802ad2b1738ea3b94d02
SHA512

291c21a90b449a8e713936f7bdf860128289c3b62683fc005892fd514473134075de34b48bb0160fa1ae42b08e3a0e4559ae89786bc22a92575d73d012abd7f0
SSDEEP

24576:C7swWk4ek32l8FxR+qdWhb4hng0vEFAl/K:MswWk4ekcqdWhb4hg0vEG8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddb1184c9ef61dd7956d09e4e15692c0_NeikiAnalytics

Files

ddb1184c9ef61dd7956d09e4e15692c0_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

4c5ec89be46a3f814cd0eaa7f5ab5166

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\str8\Documents\Visual Studio 2013\Projects\fossil\Debug\fossil.pdb

Imports

kernel32

FindClose
FindFirstFileA
FindNextFileA
CreateThread
DisableThreadLibraryCalls
GetModuleHandleA
GetProcAddress
GetTempPathA
IsBadCodePtr
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
IsProcessorFeaturePresent
DecodePointer
IsDebuggerPresent
RaiseException
GetLastError
LoadLibraryExW
WideCharToMultiByte
EncodePointer

user32

ClientToScreen
GetCursorPos
SetCursorPos
GetClientRect
MapVirtualKeyA
ToAscii
GetKeyboardState
GetAsyncKeyState
GetKeyState
FindWindowA
ScreenToClient

msvcp120d

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0id@locale@std@@QAE@I@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?uncaught_exception@std@@YA_NXZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Xinvalid_argument@std@@YAXPBD@Z
_Strcoll
_Strxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??_U@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
??Bid@locale@std@@QAEIXZ
??2facet@locale@std@@SAPAXIABU_DebugHeapTag_t@2@PADH@Z
??3facet@locale@std@@SAXPAXABU_DebugHeapTag_t@2@PADH@Z
??3facet@locale@std@@SAXPAX@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?widen@?$ctype@D@std@@QBEPBDPBD0PAD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?precision@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?id@?$collate@D@std@@2V0locale@2@A
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
??1_Container_base12@std@@QAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?setf@ios_base@std@@QAEHH@Z

d3dx9_43

D3DXCreateLine
D3DXAssembleShader
D3DXCreateFontA
D3DXCreateSprite

msvcr120d

strlen
cos
sin
_hypot
_vswprintf
_CxxThrowException
__CxxFrameHandler3
memset
_purecall
memcpy
memmove
isalpha
isdigit
isspace
__iob_func
fclose
ferror
fgetc
fopen_s
fread
fseek
ftell
printf
sscanf_s
vfprintf
_vscprintf
strchr
strncmp
??_V@YAXPAX@Z
_invalid_parameter
memchr
memcmp
strcmp
strcspn
strstr
wcslen
_errno
strtod
strtol
free
realloc
atan2
fabs
sqrt
ceil
floor
sprintf_s
vsprintf_s
_CrtDbgReportW
??0bad_cast@std@@QAE@PBD@Z
localeconv
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_vsnprintf_s
_CRT_RTC_INITW
_lock
_unlock
_calloc_dbg
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_malloc_dbg
_free_dbg
_CrtSetCheckCount
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
wcscpy_s
_wmakepath_s
_wsplitpath_s
__clean_type_info_names_internal
??3@YAXPAX@Z
??2@YAPAXI@Z
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
??1_Condition_variable@details@Concurrency@@QAE@XZ
??0_Condition_variable@details@Concurrency@@QAE@XZ
?unlock@critical_section@Concurrency@@QAEXXZ
?lock@critical_section@Concurrency@@QAEXXZ
??1critical_section@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ

Sections

.textbss
Size: - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c5ec89be46a3f814cd0eaa7f5ab5166

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp120d

d3dx9_43

msvcr120d

Sections

.textbss Size: - Virtual size: 527KB

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: 1024B - Virtual size: 777B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 36KB

.textbss
Size: - Virtual size: 527KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: 1024B - Virtual size: 777B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 36KB