459965d865b6e04dede79d303c1657e0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

459965d865b6e04dede79d303c1657e0_NeikiAnalytics
Size

59KB
MD5

459965d865b6e04dede79d303c1657e0
SHA1

316a4fe99674327f8c4a13a369afbec1227e26ce
SHA256

70eae37f73f29398973880f40c3f7e945f3e7e187f9e1614800916fd5dedee35
SHA512

716b796813b7b53d772fa3002d86ecb19ab346b2fac98fd2da3218ec8f6c63ddf634352a7b0a7d9daebf6e6e0660e6e49465c99318588e00758f7c339ad47705
SSDEEP

1536:Etsq6zoHZCZ2Xt6uGopBIV9Witj6ARvg:EWq6zooZ/oAV9Wi96ARvg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
459965d865b6e04dede79d303c1657e0_NeikiAnalytics

Files

459965d865b6e04dede79d303c1657e0_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

8c72de3f3a9f5bf927ec7a9714f899a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\wtf\_x86\service.terminal\svc.terminal.srv:pdb

Imports

svc.console

?create@TextDisplayImpl@@SA?AV?$Ref@VTextDisplay@@@@V?$Ref@VTextGrid@@@@@Z

lib.file.ini

?create@IniFile@@SA?AV?$Ref@VIniFile@@@@V?$Ref@VString@@@@@Z

lib.graphic.geometry

??0Dim@@QAE@II@Z
??0Point@@QAE@XZ
??0Point@@QAE@HH@Z

lib.io.char

?create@CharWriter@@SA?AV?$Ref@VCharWriter@@@@V?$Ref@VStream@Interfaces@@@@I@Z
?stdOut@StdIO@@SAXV?$Ref@VStream@Interfaces@@@@@Z
?str@StrConv@@SA?AV?$Ref@VString@@@@I@Z
?create@CharPrinter@@SA?AV?$Ref@VCharPrinter@@@@V?$Ref@VCharWriter@@@@@Z

lib.syslog

?thdName@SysLog@@SAXV?$Ref@VString@@@@@Z
?id@SysLogFilter@@SAII@Z
?state@SysLogFilter@@SA_NI@Z
?level@SysLogFilter@@SAIXZ
?procName@SysLog@@SAXV?$Ref@VString@@@@@Z
?stdOutPrinter@SysLogStream@@SA?AV?$Ref@VSysLogStream@@@@XZ

svc.binary

?load@Binary@@SA_NV?$Ref@VString@@@@@Z
?create@StackWalker@Client@Binary@Services@@SA?AV?$Ref@VStackWalker@Client@Binary@Services@@@@ABUX86_32@Contexts@Definitions@@V?$Ref@VCoreMemory@Client@Binary@Services@@@@@Z
?create@Binary@@SAIV?$Ref@VString@@@@@Z
?info@Binary@@SAPAXV?$Ref@VString@@@@0@Z
?moduleList@Binary@@SA?AV?$Ref@V?$TVector@V?$Ref@VModuleInfo@@@@@@@@XZ
?create@CoreMemory@Client@Binary@Services@@SA?AV?$Ref@VCoreMemory@Client@Binary@Services@@@@XZ

svc.event

?create@DeviceClient@@SA?AV?$Ref@VDeviceClient@@@@V?$Ref@VString@@@@_N@Z
?nodePrefix@DeviceServer@@SA?AV?$Ref@VString@@@@XZ

svc.filesys

?parent@Service@Client@Filesystem@Services@@SA?AV?$Ref@VString@@@@V5@@Z
?absolute@Service@Client@Filesystem@Services@@SA?AV?$Ref@VString@@@@V5@0@Z
?open@Nodes@Client@Filesystem@Services@@SA?AV?$Ref@VNode@@@@V?$Ref@VString@@@@@Z

svc.input

?create@Provider@Client@Input@Services@@SA?AV?$Ref@VClient@Input@Interfaces@@@@V?$Ref@VProvider@Nodes@Services@@@@@Z

svc.node

?create@Provider@Nodes@Services@@SA?AV?$Ref@VProvider@Nodes@Services@@@@V?$Ref@VNode@@@@I@Z

system

?out@Debug@@SA?AV?$Ref@VStream@Interfaces@@@@XZ
?create@Chn@@SA?AV?$Ref@VChn@@@@V?$Ref@VConMan@@@@V?$Ref@VString@@@@@Z
?priority@Thd@@SAXI@Z
?create@OutMsg@@SA?AV?$Ref@VOutMsg@@@@XZ
?get@Error@@SAIXZ
?open@ShMem@@SA?AV?$Ref@VSharedMemory@@@@UShMemID@@@Z
?name@Proc@@SA?AV?$Ref@VString@@@@XZ
?create@Mon@@SA?AV?$Ref@VMon@@@@XZ
?create@String@@SA?AV?$Ref@VString@@@@PBD@Z
??1Object@@MAE@XZ
?selfTest@Object@@UAE_NV?$Ref@VStream@Interfaces@@@@@Z
?dump@Object@@UAEXV?$Ref@VStream@Interfaces@@@@@Z
?_selfTest@Object@@UAE_NV?$Ref@VStream@Interfaces@@@@@Z
?_dump@Object@@UAEXV?$Ref@VStream@Interfaces@@@@@Z
?gcproxy@Object@@UAEPAVGcProxy@@XZ
?obj@Object@@UAE?AV?$Ref@VObject@@@@XZ
?counterRef@Object@@UAEIXZ
?unlockRef@Object@@UAEXXZ
?lockRef@Object@@UAEXXZ
?decRef@Object@@UAEXXZ
?incRef@Object@@UAEXXZ
??0Object@@QAE@XZ
?set@Error@@SAXI@Z
?fill32@Mem@@SAXPAXII@Z
?fill16@Mem@@SAXPAXIG@Z
?copy@Mem@@SAXPBXPAXI@Z
?create@Thd@@SA?AV?$Ref@VThd@@@@V?$Ref@VExec@@@@I@Z
?fill8@Mem@@SAXPAXIE@Z
?equal@Mem@@SA_NPBX0I@Z
?exit@Proc@@SAXI@Z
?lock@InitCode@@SAXXZ
?unlock@InitCode@@SAXXZ
?free@Heap@@SAXPAXI0@Z
?alloc@Heap@@SAPAXIIPAX@Z
??_7type_info@@6B@
?set@ExceptionHandler@@SAXP6AXPAUX86_32@Contexts@Definitions@@@Z@Z
?dec@Atomic@@SAIPAI@Z
?inc@Atomic@@SAIPAI@Z
?setExitCode@Proc@@SAII@Z
?info@Sys@@SAII@Z
?name@Thd@@SA?AV?$Ref@VString@@@@XZ
?current@Thd@@SAIXZ
?info@Proc@@SA?AV?$Ref@VProcInfo@@@@I@Z
?current@Proc@@SAIXZ

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c72de3f3a9f5bf927ec7a9714f899a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

svc.console

lib.file.ini

lib.graphic.geometry

lib.io.char

lib.syslog

svc.binary

svc.event

svc.filesys

svc.input

svc.node

system

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 720B

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 720B

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 3KB - Virtual size: 2KB