460d5dfd5e9db72649f5ed3502dba1a0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

460d5dfd5e9db72649f5ed3502dba1a0_NeikiAnalytics
Size

613KB
MD5

460d5dfd5e9db72649f5ed3502dba1a0
SHA1

897ee891dc922dc9bb702dce2b67988c2e0339f3
SHA256

ceb08c0c8045c9399dfd5f76999f47ddd8750833e13ca40879d6b33a2b912843
SHA512

24d67bf85d6d0021e0e310e687494d31bb69ef93333cae331d664de0700356d1c17049549abb1d99556679ccaa0639787e7e206bf997faf37a474efd47392e76
SSDEEP

12288:89UVd8mLMNuLMRLtXVhAOGdcAgrL+NwJTYdmOBR/1:/LmGMltF6QAgrL+NwehBR/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
460d5dfd5e9db72649f5ed3502dba1a0_NeikiAnalytics

Files

460d5dfd5e9db72649f5ed3502dba1a0_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

9fe38e500d9e9f4fc47dcd641f6aef42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\pc-2345mpcsafe-build\Rhino\Safe\Bin\Win32\release\pdb\2345MPCSafe.pdb

Imports

basicsqlite

??0RCSQLiteConnection@RC@@QAE@XZ
??1RCSQLiteConnection@RC@@QAE@XZ

gdiplus

GdiplusStartup
GdiplusShutdown

imm32

ImmDisableIME

kernel32

CreateSemaphoreW
CreateThread
TerminateThread
GetProcessId
ReleaseSemaphore
RtlCaptureContext
lstrcmpW
CreateEventA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
CreateFileW
LocalAlloc
GetCurrentProcess
InterlockedIncrement
GetProcessHeap
UnhandledExceptionFilter
InitializeSListHead
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
lstrlenW
GetFullPathNameW
CreateDirectoryW
GetFileSize
ReadFile
WaitForSingleObject
FindClose
LoadLibraryA
GetFileAttributesW
GetFileAttributesExW
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
FreeLibrary
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
lstrcmpiW
FindResourceW
LoadResource
LockResource
HeapAlloc
GetVersionExW
GetEnvironmentVariableW
ResetEvent
SetEvent
Sleep
CreateEventW
GetWindowsDirectoryW
GetModuleHandleExW
SetFilePointer
WriteFile
LocalFree
GetLocalTime
InterlockedDecrement
HeapFree
GetCurrentProcessId
GetLastError
CreateMutexW
OpenMutexW
CloseHandle
GetModuleHandleW
GetProcAddress
ReleaseMutex
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
OpenProcess
SetThreadPriority
GetExitCodeThread
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc

user32

SetForegroundWindow
IsWindow
ShowWindow
SendMessageW
GetWindowLongW
wsprintfW

advapi32

FreeSid
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
OpenServiceW
QueryServiceStatusEx
AllocateAndInitializeSid
EqualSid
GetTokenInformation

msvcp140

?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Mtx_destroy_in_situ
?classic@locale@std@@SAABV12@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

shlwapi

PathFileExistsW

vcruntime140

__std_exception_destroy
__RTDynamicCast
_set_purecall_handler
__RTtypeid
memchr
memmove
memcpy
__std_type_info_compare
memset
_CxxThrowException
_except_handler4_common
wcschr
__std_terminate
__std_type_info_name
__CxxFrameHandler3
strchr
_purecall
strstr
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_errno
_exit
exit
_initterm_e
strerror_s
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
terminate
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_set_invalid_parameter_handler
_initterm
_controlfp_s

api-ms-win-crt-convert-l1-1-0

atoi
_itow_s

api-ms-win-crt-string-l1-1-0

isspace
wcscpy_s
towupper
towlower
_stricmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf
_set_fmode
__acrt_iob_func
__stdio_common_vsnwprintf_s
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__p__commode

api-ms-win-crt-time-l1-1-0

_localtime64
_mktime64

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr
floor
_dtest
_finite
_isnan
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

?__autoclassinit2@RCDllWString@@QAEXI@Z
?__autoclassinit2@RCSQLiteConnection@RC@@QAEXI@Z
?__autoclassinit2@RCSQLiteRecordSet@RC@@QAEXI@Z

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fe38e500d9e9f4fc47dcd641f6aef42

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

basicsqlite

gdiplus

imm32

kernel32

user32

advapi32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 313KB - Virtual size: 312KB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 313KB - Virtual size: 312KB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 21KB - Virtual size: 21KB