e88078fcadea8fa1baeb82fabfac3d60_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

e88078fcadea8fa1baeb82fabfac3d60_NeikiAnalytics
Size

331KB
MD5

e88078fcadea8fa1baeb82fabfac3d60
SHA1

51cd14bc7fac828820b73eff2e66beed16a58c98
SHA256

11be7a0fd9833bcbbc7753efb714abee087b0a818bbf5f9b444c03af31135b5e
SHA512

bcac909b4afd63fe23069523863f3524de576d50afa1b2c0473ada762f1bb478afffe7afbad84eddbebe7646f1703c934e75300d4f3361d5ad8f3430c6320308
SSDEEP

3072:kEAGrlnA2vA/5GgdWevh5iXpRjCMjVHjZehB2pvJHfObnS2MfwTxtXbPm2mbqAgZ:0GhnA2xgdWevXiXz/PM2bno1tabEP

Score

1^/10

Malware Config

Signatures

Files

e88078fcadea8fa1baeb82fabfac3d60_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

72eeeaacdb5106211096c687b87e536b

Code Sign

33:00:00:03:8c:ad:cb:66:95:90:08:80:f4:00:00:00:00:03:8c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/08/2023, 18:28

Not After

07/08/2024, 18:28

Subject

CN=Skype Software Sarl,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:97:f0:2d:81:c3:72:c6:91:a6:c9:a6:dc:96:18:df:c6:2b:f8:fe:58:3c:9e:aa:29:de:c6:cc:cf:6a:07:4e
Signer

Actual PE Digest

2f:97:f0:2d:81:c3:72:c6:91:a6:c9:a6:dc:96:18:df:c6:2b:f8:fe:58:3c:9e:aa:29:de:c6:cc:cf:6a:07:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\a_work\2\s\MSRTC\msrtc\build.d\output\ssScreenVVS2.pdb

Imports

skypert

?sleep@spl@@YAXI@Z
?FreeDynamicLibrary@spl@@YAXPAX@Z
?GetFunctionAddress@spl@@YAPAXPAXPBD@Z
?LoadDynamicLibrary@spl@@YAPAXPB_WW4DynLibMode@1@@Z
?abort@spl@@YAXXZ
splFailBufferOverlap
?wcscpy_s@spl@@YAHPA_WIPB_W@Z
?decodeToWide@spl@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$basic_string_view@DU?$char_traits@D@std@@@3@W4utfEncodingMask@1@@Z
?abortWithStackTrace@spl@@YAXXZ
?destroyEnd@MutexCheck@MutexWrapperData@auf@@SAXAAV23@_N@Z
?unlockBegin@MutexCheck@MutexWrapperData@auf@@QAE_NXZ
?lockEnd@MutexCheck@MutexWrapperData@auf@@QAEXXZ
?lockBegin@MutexCheck@MutexWrapperData@auf@@QAE_NXZ
?mutexUnlock@internal@spl@@YAXAAUWinMutex@12@@Z
?mutexLock@internal@spl@@YAXAAUWinMutex@12@@Z
?mutexDestroy@internal@spl@@YAXAAUWinMutex@12@@Z
?mutexCreate@internal@spl@@YA_NAAUWinMutex@12@_NPBD@Z
?threadCurrentId@spl@@YAIXZ
?encodeUtf8@internal@spl@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBXIIW4utfEncodingMask@2@@Z
?startImp@auf@@YAXPAUSplOpaqueUpperLayerThread@@PAUVarBase@spl@@@Z
?getImp@ThreadRef@auf@@ABEPAUSplOpaqueUpperLayerThread@@XZ
?join@ThreadRef@auf@@QAE_NPAH@Z
??4ThreadRef@auf@@QAEAAV01@ABV01@@Z
??1ThreadRef@auf@@QAE@XZ
??0ThreadRef@auf@@QAE@PBDII@Z
?unregisterCall@internal@rt@@YAXPAX@Z
?registerCall@internal@rt@@YAXPAX@Z
?log@LogComponent@auf@@QAEXPBXIIABVLogArgs@2@@Z
?sleep@spl@@YAXV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@Z
?memMalloc@spl@@YAPAXI@Z
?log@LogComponent@auf@@QAEXIIABVLogArgs@2@@Z
?stop@auf@@YAXPAUAufInitTag@1@PBD@Z
?init@internal@auf@@YA_NPAUAufInitTag@2@PBDII@Z
?instantiateLogComponent@internal@auf@@YAPAVLogComponent@2@PBD@Z
?setLogComponentSafe@internal@auf@@YA_NPBD_N1@Z

rtmpal

RtcPalMFHasDXGI
RaiseException
lstrlenW
lstrcmpW
RtcPalGetEcsSetting
GetLastError
DisableThreadLibraryCalls

kernel32

LoadLibraryW
GetProcAddress
GetModuleHandleW
OpenProcess
CloseHandle
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemInfo
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
FreeLibrary
VirtualProtect
VirtualQuery
LoadLibraryExA

vcruntime140

_except_handler4_common
__std_terminate
__CxxFrameHandler3
__std_type_info_destroy_list
__current_exception
__current_exception_context
memset
_purecall
memcmp
memchr
wcsstr
memcpy
_CxxThrowException
memmove
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_invalid_parameter_noinfo
_initialize_narrow_environment
_beginthreadex
_errno
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_configure_narrow_argv

dxgi

CreateDXGIFactory1

d2d1

ord1

dwmapi

DwmGetWindowAttribute
DwmIsCompositionEnabled
ord102

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

magnification

MagSetWindowFilterList
MagSetImageScalingCallback
MagSetWindowTransform
MagUninitialize
MagSetWindowSource
MagInitialize

gdi32

EqualRgn
GetDeviceCaps
BitBlt
CreateDCW
GetDIBits
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
FillRgn
GetRegionData
GetStockObject
OffsetRgn
SelectObject
CreateDIBSection
DeleteObject

user32

GetWindowRgn
ReleaseDC
PrintWindow
GetSystemMetrics
GetAncestor
GetComboBoxInfo
GetCursorInfo
SetRectEmpty
GetDisplayConfigBufferSizes
DisplayConfigGetDeviceInfo
QueryDisplayConfig
IsRectEmpty
GetWindowDC
MonitorFromWindow
GetIconInfo
DrawIconEx
SetWindowLongW
PtInRect
IntersectRect
InflateRect
SetLayeredWindowAttributes
GetLayeredWindowAttributes
UnhookWinEvent
SetWinEventHook
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcW
DispatchMessageW
RegisterWindowMessageW
SendMessageW
PostMessageW
IsWindow
IsIconic
GetForegroundWindow
FindWindowA
FindWindowExW
TranslateMessage
SystemParametersInfoW
MonitorFromRect
GetClassNameW
GetWindowPlacement
IsWindowVisible
GetDC
GetWindowRect
SetRect
CopyRect
OffsetRect
EqualRect
GetWindowLongW
EnumWindows
GetWindowThreadProcessId
GetWindow
EnumDisplaySettingsW
EnumDisplayDevicesW
MonitorFromPoint
GetMonitorInfoW
GetWindowInfo
GetMessageW

msvcp140

_Thrd_id
_Thrd_join
_Unlock_shared_ptr_spin_lock
_Cnd_do_broadcast_at_thread_exit
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
_Query_perf_frequency
_Query_perf_counter
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
_Lock_shared_ptr_spin_lock

api-ms-win-crt-string-l1-1-0

wcscmp

api-ms-win-crt-utility-l1-1-0

abs

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

ceil
floor
fabs

ole32

CoCreateFreeThreadedMarshaler

Exports

Exports

CreateScreenScraper

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72eeeaacdb5106211096c687b87e536b

Code Sign

33:00:00:03:8c:ad:cb:66:95:90:08:80:f4:00:00:00:00:03:8cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

2f:97:f0:2d:81:c3:72:c6:91:a6:c9:a6:dc:96:18:df:c6:2b:f8:fe:58:3c:9e:aa:29:de:c6:cc:cf:6a:07:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

skypert

rtmpal

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

dxgi

d2d1

dwmapi

version

magnification

gdi32

user32

msvcp140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

ole32

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 8KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 44B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

33:00:00:03:8c:ad:cb:66:95:90:08:80:f4:00:00:00:00:03:8c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

2f:97:f0:2d:81:c3:72:c6:91:a6:c9:a6:dc:96:18:df:c6:2b:f8:fe:58:3c:9e:aa:29:de:c6:cc:cf:6a:07:4e
Signer

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 8KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 44B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB