40352a5929e647add83297c77e91beb0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

40352a5929e647add83297c77e91beb0_NeikiAnalytics
Size

783KB
MD5

40352a5929e647add83297c77e91beb0
SHA1

c1b89f13325f47657a6eacdad90d2d565d2f6e28
SHA256

74d4616dabcad9b33434919d14269b567f4c20c293049e617cdd7a7b9498945c
SHA512

3795f2ea5faa74b183ec7b7720fe680f7e8e3f3fb914bf87468c66d60e91a74864f52a3aafd36015ced1257127ad4e8324b2385e09e81f2c1e7a10a153e57f48
SSDEEP

12288:S38A4MJnUx2FA/9IX98ZjVpugj5rXM2jjIdpSqZwgSiPnQh:qaMJrA/9IXWVggjFcVdpS6NY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40352a5929e647add83297c77e91beb0_NeikiAnalytics

Files

40352a5929e647add83297c77e91beb0_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

e09230016ffc8204eb241b65dc5bc5e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\drmemory\drmemory\build_drmemory-release-32\bin\drstrace.pdb

Imports

drinjectlib

dr_inject_get_process_id
dr_inject_process_exit
dr_inject_process_run
dr_inject_process_inject
dr_inject_print_stats
dr_inject_process_create
dr_inject_get_image_name
dr_inject_get_process_handle

drconfiglib

dr_register_process
dr_register_client
dr_get_config_dir

kernel32

GetFullPathNameW
GetDriveTypeW
GetFileAttributesExW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LocalFree
GetModuleHandleA
GetWindowsDirectoryW
CreateDirectoryW
WaitForSingleObject
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
OutputDebugStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetFilePointerEx
ReadFile
GetFileSizeEx
HeapSize
HeapReAlloc
CloseHandle
CreateFileW
DecodePointer
GetEnvironmentVariableW
DeleteFileW
GetFileAttributesW
GetCurrentDirectoryW
SetFilePointer
LoadLibraryW

ntdll

wcschr
strncpy
wcsncpy
_aullshr
_allshl
strrchr
tolower
_allmul
_allrem
_alldiv
_aullrem
_aulldiv

dbghelp

SymGetLineFromAddrW64
SymInitialize
SymGetTypeFromName
SymEnumLines
SymGetModuleInfoW64
SymCleanup
SymGetOptions
SymSetOptions
UnDecorateSymbolName
SymUnloadModule64
SymFromAddr
SymFromName
SymEnumSymbols
SymLoadModuleExW
SymGetTypeInfo

dynamorio

__wrap_malloc
dr_mutex_unlock
dr_mutex_lock
dr_is_wow64
dr_standalone_init
dr_create_dir
dr_directory_exists
dr_map_executable_file
dr_unmap_executable_file
dr_open_file
dr_close_file
dr_fprintf
dr_print_instr
dr_mutex_destroy
dr_global_alloc
dr_global_free
dr_recurlock_create
dr_recurlock_destroy
dr_recurlock_lock
dr_recurlock_unlock
dr_atomic_add32_return_sum
dr_file_size
dr_map_file
dr_unmap_file
dr_snprintf
dr_snwprintf
__wrap_free
dr_file_exists
dr_symbol_export_iterator_start
dr_symbol_export_iterator_hasnext
dr_symbol_export_iterator_next
dr_symbol_export_iterator_stop
__wrap_calloc
__wrap_strdup
__wrap_realloc
isdigit
strtol
dr_mutex_create

Exports

Exports

_DRMF_VERSION_USED_
_DR_CLIENT_AVX512_CODE_IN_USE_
_USES_DR_VERSION_
decode
decode_eflags_usage
decode_first_opcode_byte
decode_from_copy
decode_memory_reference_size
decode_next_pc
decode_opcode_name
decode_sizeof
decode_sizeof_ex
dr_app_pc_as_jump_target
dr_app_pc_as_load_target
dr_get_isa_mode
dr_get_stderr_file
dr_get_stdin_file
dr_get_stdout_file
dr_get_sve_vector_length
dr_set_isa_mode
dr_set_sve_vector_length
drsym_demangle_symbol
drsym_enumerate_lines
drsym_enumerate_symbols
drsym_enumerate_symbols_ex
drsym_exit
drsym_expand_type
drsym_free_resources
drsym_get_func_type
drsym_get_module_debug_kind
drsym_get_type
drsym_get_type_by_name
drsym_init
drsym_lookup_address
drsym_lookup_symbol
drsym_module_has_symbols
drsym_search_symbols
drsym_search_symbols_ex
drsys_find_sysnum_libs
drsys_generate_sysnum_file
get_register_name
instr_allocate_raw_bits
instr_build
instr_build_bits
instr_clear_label_callback
instr_clone
instr_cmovcc_to_jcc
instr_cmovcc_triggered
instr_compute_address
instr_compute_address_ex
instr_compute_address_ex_pos
instr_convert_short_meta_jmp_to_long
instr_create
instr_create_0dst_0src
instr_create_0dst_1src
instr_create_0dst_2src
instr_create_0dst_3src
instr_create_0dst_4src
instr_create_1dst_0src
instr_create_1dst_1src
instr_create_1dst_2src
instr_create_1dst_3src
instr_create_1dst_4src
instr_create_1dst_5src
instr_create_1dst_6src
instr_create_2dst_0src
instr_create_2dst_1src
instr_create_2dst_2src
instr_create_2dst_3src
instr_create_2dst_4src
instr_create_2dst_5src
instr_create_3dst_0src
instr_create_3dst_1src
instr_create_3dst_2src
instr_create_3dst_3src
instr_create_3dst_4src
instr_create_3dst_5src
instr_create_3dst_6src
instr_create_4dst_1src
instr_create_4dst_2src
instr_create_4dst_3src
instr_create_4dst_4src
instr_create_4dst_5src
instr_create_4dst_6src
instr_create_4dst_7src
instr_create_5dst_3src
instr_create_5dst_4src
instr_create_5dst_5src
instr_create_5dst_8src
instr_create_Ndst_Msrc_vardst
instr_create_Ndst_Msrc_varsrc
instr_create_popa
instr_create_pusha
instr_destroy
instr_encode
instr_encode_to_copy
instr_free
instr_free_raw_bits
instr_from_noalloc
instr_get_app_pc
instr_get_arith_flags
instr_get_branch_target_pc
instr_get_category
instr_get_dst
instr_get_eflags
instr_get_interrupt_number
instr_get_isa_mode
instr_get_label_data_area
instr_get_next
instr_get_next_app
instr_get_note
instr_get_offset
instr_get_opcode
instr_get_opcode_eflags
instr_get_predicate
instr_get_prefix_flag
instr_get_prev
instr_get_prev_app
instr_get_raw_bits
instr_get_raw_byte
instr_get_raw_word
instr_get_rel_data_or_instr_target
instr_get_src
instr_get_target
instr_has_allocated_bits
instr_has_encoding_hint
instr_init
instr_invert_cbr
instr_is_3DNow
instr_is_app
instr_is_call
instr_is_call_direct
instr_is_call_indirect
instr_is_cbr
instr_is_cti
instr_is_cti_loop
instr_is_cti_short
instr_is_cti_short_rewrite
instr_is_encoding_possible
instr_is_exclusive_load
instr_is_exclusive_store
instr_is_exit_cti
instr_is_far_abs_cti
instr_is_far_cti
instr_is_floating
instr_is_floating_ex
instr_is_floating_type
instr_is_gather
instr_is_interrupt
instr_is_label
instr_is_mbr
instr_is_meta
instr_is_meta_may_fault
instr_is_mmx
instr_is_mov
instr_is_mov_constant
instr_is_mov_imm_to_tos
instr_is_near_call_direct
instr_is_near_ubr
instr_is_nop
instr_is_opmask
instr_is_opnd_store_source
instr_is_predicated
instr_is_prefetch
instr_is_rep_string_op
instr_is_return
instr_is_scatter
instr_is_sse
instr_is_sse2
instr_is_sse3
instr_is_sse41
instr_is_sse42
instr_is_sse4A
instr_is_sse_or_sse2
instr_is_ssse3
instr_is_string_op
instr_is_syscall
instr_is_ubr
instr_is_undefined
instr_is_wow64_syscall
instr_is_xsave
instr_jcc_taken
instr_length
instr_make_persistent
instr_mem_usage
instr_memory_reference_size
instr_needs_encoding
instr_noalloc_init
instr_num_dsts
instr_num_memory_read_access
instr_num_memory_write_access
instr_num_srcs
instr_ok_to_emit
instr_ok_to_mangle
instr_opcode_valid
instr_operands_valid
instr_predicate_is_cond
instr_predicate_triggered
instr_raw_bits_valid
instr_reads_from_exact_reg
instr_reads_from_reg
instr_reads_memory
instr_reg_in_dst
instr_reg_in_src
instr_remove_dsts
instr_remove_srcs
instr_replace_reg_resize
instr_replace_src_opnd
instr_reset
instr_reuse
instr_same
instr_set_app
instr_set_branch_target_pc
instr_set_category
instr_set_dst
instr_set_encoding_hint
instr_set_isa_mode
instr_set_label_callback
instr_set_meta
instr_set_meta_may_fault
instr_set_meta_no_translation
instr_set_next
instr_set_note
instr_set_num_opnds
instr_set_ok_to_emit
instr_set_ok_to_mangle
instr_set_opcode
instr_set_operands_valid
instr_set_predicate
instr_set_prefix_flag
instr_set_prev
instr_set_raw_bits
instr_set_raw_bits_valid
instr_set_raw_byte
instr_set_raw_bytes
instr_set_raw_word
instr_set_src
instr_set_target
instr_set_translation
instr_shrink_to_16_bits
instr_uses_fp_reg
instr_uses_reg
instr_valid
instr_writes_memory
instr_writes_to_exact_reg
instr_writes_to_reg
instr_zeroes_ymmh
instr_zeroes_zmmh
instrlist_append
instrlist_clear
instrlist_clear_and_destroy
instrlist_clone
instrlist_create
instrlist_cut
instrlist_destroy
instrlist_encode
instrlist_encode_to_copy
instrlist_first
instrlist_first_app
instrlist_first_nonlabel
instrlist_get_auto_predicate
instrlist_get_translation_target
instrlist_init
instrlist_insert_mov_immed_ptrsz
instrlist_insert_mov_instr_addr
instrlist_insert_push_immed_ptrsz
instrlist_insert_push_instr_addr
instrlist_last
instrlist_last_app
instrlist_meta_append
instrlist_meta_postinsert
instrlist_meta_preinsert
instrlist_postinsert
instrlist_preinsert
instrlist_prepend
instrlist_remove
instrlist_replace
instrlist_set_auto_predicate
instrlist_set_fall_through_target
instrlist_set_return_target
instrlist_set_translation_target
opnd_add_flags
opnd_compute_address
opnd_create_abs_addr
opnd_create_base_disp
opnd_create_base_disp_ex
opnd_create_far_abs_addr
opnd_create_far_base_disp
opnd_create_far_base_disp_ex
opnd_create_far_instr
opnd_create_far_pc
opnd_create_immed_float
opnd_create_immed_int
opnd_create_immed_int64
opnd_create_immed_uint
opnd_create_increment_reg
opnd_create_instr
opnd_create_instr_ex
opnd_create_mem_instr
opnd_create_null
opnd_create_pc
opnd_create_reg
opnd_create_reg_element_vector
opnd_create_reg_ex
opnd_create_reg_partial
opnd_defines_use
opnd_get_addr
opnd_get_base
opnd_get_disp
opnd_get_flags
opnd_get_immed_float
opnd_get_immed_int
opnd_get_immed_int64
opnd_get_index
opnd_get_instr
opnd_get_mem_instr_disp
opnd_get_pc
opnd_get_reg
opnd_get_reg_used
opnd_get_scale
opnd_get_segment
opnd_get_segment_selector
opnd_get_shift
opnd_get_size
opnd_get_vector_element_size
opnd_invert_immed_int
opnd_is_abs_addr
opnd_is_base_disp
opnd_is_disp_encode_zero
opnd_is_disp_force_full
opnd_is_disp_short_addr
opnd_is_element_vector_reg
opnd_is_far_abs_addr
opnd_is_far_base_disp
opnd_is_far_instr
opnd_is_far_memory_reference
opnd_is_far_pc
opnd_is_governing
opnd_is_immed
opnd_is_immed_float
opnd_is_immed_int
opnd_is_immed_int64
opnd_is_instr
opnd_is_mem_instr
opnd_is_memory_reference
opnd_is_near_abs_addr
opnd_is_near_base_disp
opnd_is_near_instr
opnd_is_near_memory_reference
opnd_is_near_pc
opnd_is_null
opnd_is_pc
opnd_is_predicate_merge
opnd_is_predicate_reg
opnd_is_predicate_zero
opnd_is_reg
opnd_is_reg_32bit
opnd_is_reg_64bit
opnd_is_reg_partial
opnd_is_reg_pointer_sized
opnd_is_vsib
opnd_num_regs_used
opnd_replace_reg
opnd_replace_reg_resize
opnd_same
opnd_same_address
opnd_set_disp
opnd_set_disp_ex
opnd_set_flags
opnd_set_size
opnd_share_reg
opnd_shrink_to_16_bits
opnd_size_from_bytes
opnd_size_in_bits
opnd_size_in_bytes
opnd_uses_reg
proc_get_vendor
proc_restore_fpstate
proc_save_fpstate
proc_set_vendor
reg_32_to_16
reg_32_to_8
reg_32_to_opsz
reg_get_bits
reg_get_size
reg_get_value
reg_get_value_ex
reg_is_32bit
reg_is_64bit
reg_is_bnd
reg_is_fp
reg_is_gpr
reg_is_mmx
reg_is_opmask
reg_is_pointer_sized
reg_is_segment
reg_is_simd
reg_is_stolen
reg_is_strictly_xmm
reg_is_strictly_ymm
reg_is_strictly_zmm
reg_is_vector_simd
reg_is_xmm
reg_is_ymm
reg_overlap
reg_parameter_num
reg_resize_to_opsz
reg_set_value
reg_set_value_ex
reg_to_pointer_sized

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e09230016ffc8204eb241b65dc5bc5e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

drinjectlib

drconfiglib

kernel32

ntdll

dbghelp

dynamorio

Exports

Exports

Sections

.text Size: 365KB - Virtual size: 365KB

.rdata Size: 372KB - Virtual size: 372KB

.data Size: 7KB - Virtual size: 51KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 365KB - Virtual size: 365KB

.rdata
Size: 372KB - Virtual size: 372KB

.data
Size: 7KB - Virtual size: 51KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 35KB - Virtual size: 35KB