cc62a362ecbabf89dfe36f6616fa7780_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

cc62a362ecbabf89dfe36f6616fa7780_NeikiAnalytics
Size

7.0MB
MD5

cc62a362ecbabf89dfe36f6616fa7780
SHA1

0b8bee1ff9254a52eb9542a7c1144fb6f9409649
SHA256

7a0106ecbead5ac1363b7b2a0f268b228941c8718da9fe318debc7c109246e01
SHA512

ed42cf0b31af3cd3d0f40a2b277378fff9ee2313c8e4f4ec630da25cae08a1b805056e1f77747ed893768b85be2fb7023422bdb4aa32a2d8891d9b4536303917
SSDEEP

98304:lsBvgb6S7ajYPODKAl8RbmlJbT9QLSVyG0Udw+hP3UZlNZ:lmgb6pjYPODBffpyG0UdPP3U9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc62a362ecbabf89dfe36f6616fa7780_NeikiAnalytics

Files

cc62a362ecbabf89dfe36f6616fa7780_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

3cc09bdbb4dbb38c50c6e862ead0106e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\fluent-bit-2e87g\build\bin\fluent-bit.pdb

Imports

ws2_32

select
WSAIoctl
ntohs
recvfrom
WSACleanup
socket
WSAPoll
getsockname
getaddrinfo
getprotobynumber
gethostbyname
setsockopt
getnameinfo
getservbyport
closesocket
recv
__WSAFDIsSet
WSAStartup
WSAGetLastError
gethostname
htonl
freeaddrinfo
ntohl
accept
bind
connect
ioctlsocket
getpeername
getservbyname
htons
getsockopt
send
WSASetLastError
inet_pton
inet_ntop
shutdown
sendto
listen

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore

bcrypt

BCryptGenRandom

iphlpapi

GetAdaptersAddresses
GetBestRoute2
GetUnicastIpAddressTable
FreeMibTable

shlwapi

PathMatchSpecA
PathIsDirectoryA
PathRemoveFileSpecA

shell32

SHCreateDirectoryExA

advapi32

DeregisterEventSource
SetServiceStatus
StartServiceCtrlDispatcherA
CloseEventLog
CryptAcquireContextA
OpenEventLogA
ReadEventLogW
SetNamedSecurityInfoA
LookupAccountNameA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
RegisterServiceCtrlHandlerA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegGetValueW
ConvertSidToStringSidA
ConvertSidToStringSidW
RegEnumKeyExA
SystemFunction036
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

wevtapi

EvtCancel
EvtNext
EvtSubscribe
EvtCreateRenderContext
EvtRender
EvtOpenPublisherMetadata
EvtCreateBookmark
EvtUpdateBookmark
EvtClose
EvtFormatMessage

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

FreeLibraryAndExitThread
ExitThread
SetStdHandle
GetCommandLineW
GetConsoleOutputCP
PeekNamedPipe
GetCommandLineA
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
DecodePointer
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateDirectoryW
WriteConsoleW
GetModuleFileNameA
GetDriveTypeW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetConsoleCtrlHandler
Beep
ExitProcess
EncodePointer
GetModuleFileNameW
InterlockedFlushSList
InterlockedPushEntrySList
GetStartupInfoW
InitializeSListHead
IsDebuggerPresent
GetSystemInfo
SetCurrentDirectoryA
GetLastError
CloseHandle
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
Sleep
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetNativeSystemInfo
CreateFileA
GetFileInformationByHandle
SetLastError
GetFileInformationByHandleEx
GetFinalPathNameByHandleA
LoadLibraryExW
LocalFree
FormatMessageW
WideCharToMultiByte
GetSystemTimes
GetTickCount64
K32GetPerformanceInfo
CreateEventA
MultiByteToWideChar
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GlobalMemoryStatusEx
GetComputerNameExA
GetModuleHandleA
CreateMutexA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
LoadLibraryExA
VirtualAlloc
VirtualFree
VirtualQuery
DeleteCriticalSection
CreateThread
VirtualProtect
GetModuleHandleExA
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
MoveFileExW
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
TryEnterCriticalSection
GetCurrentThreadId
ExpandEnvironmentStringsA
GetWindowsDirectoryA
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileW
FindNextFileW
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RemoveDirectoryA
GetFileSizeEx
SetFilePointerEx
CreateFileMappingA
GetLogicalProcessorInformation
FindFirstFileExW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetCurrentThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
GetSystemDirectoryA
LocalAlloc
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
CreateSemaphoreA
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DuplicateHandle
CreateProcessW
GetExitCodeProcess
CreatePipe
ReleaseMutex
GetFileAttributesA

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

ole32

StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree

oleaut32

VariantInit
VariantChangeType
VariantClear

Exports

Exports

_mkp_data
flb_cf_context_get
flb_cf_context_set
flb_context_get
flb_context_set
flb_create
flb_destroy
flb_filter
flb_filter_property_check
flb_filter_set
flb_init_env
flb_input
flb_input_property_check
flb_input_set
flb_lib_config_file
flb_lib_free
flb_lib_push
flb_loop
flb_output
flb_output_property_check
flb_output_set
flb_output_set_callback
flb_output_set_test
flb_service_set
flb_start
flb_start_trace
flb_stop
flb_time_now
mk_config_set
mk_create
mk_destroy
mk_http_done
mk_http_header
mk_http_send
mk_http_status
mk_main
mk_mq_create
mk_mq_send
mk_start
mk_stop
mk_thread
mk_vhost_create
mk_vhost_handler
mk_vhost_lookup
mk_vhost_set
mk_worker_callback
msgpack_object_equal
msgpack_object_print
msgpack_object_print_buffer
msgpack_pack_object
msgpack_unpack
msgpack_unpack_next
msgpack_unpacker_data
msgpack_unpacker_destroy
msgpack_unpacker_execute
msgpack_unpacker_expand_buffer
msgpack_unpacker_flush_zone
msgpack_unpacker_free
msgpack_unpacker_init
msgpack_unpacker_new
msgpack_unpacker_next
msgpack_unpacker_next_with_size
msgpack_unpacker_release_zone
msgpack_unpacker_reset
msgpack_unpacker_reset_zone
msgpack_zone_clear
msgpack_zone_destroy
msgpack_zone_free
msgpack_zone_init
msgpack_zone_is_empty
msgpack_zone_malloc_expand
msgpack_zone_new

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cc09bdbb4dbb38c50c6e862ead0106e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

bcrypt

iphlpapi

shlwapi

shell32

advapi32

wevtapi

netapi32

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 109KB - Virtual size: 137KB

.text Size: 512B - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 168KB - Virtual size: 167KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 109KB - Virtual size: 137KB

.text
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 168KB - Virtual size: 167KB