080ce82ef0f45313edbe1e747f634070_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

080ce82ef0f45313edbe1e747f634070_NeikiAnalytics
Size

52KB
MD5

080ce82ef0f45313edbe1e747f634070
SHA1

897c90b6b496ff5d6ecbb68da936da2ea53694b6
SHA256

13bdc232bf3f9b1967a7c2fdea29b856bc97da3eff96737dcd925b5fd2d01a77
SHA512

e064420329b275d35cdd5da2c8cbf8aebc335964d51ece412da0755fe97e1dce51fc76f72d3117653f622d3d885ce7f891dc4c933bb8646c7dab6547844f9da9
SSDEEP

1536:s+PKY6xBB5fXZ2CEHFlnaQr3/pHPggWR5N:sjxRklDr3/2gE5N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
080ce82ef0f45313edbe1e747f634070_NeikiAnalytics

Files

080ce82ef0f45313edbe1e747f634070_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

ff0a7a647d1a3e37e5b21bf5cb82931b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

udhisapi.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
wcsstr
strncmp
_wcsicmp
strtoul
isupper
isdigit
strtok
tolower
strstr
_vsnwprintf
_vsnprintf
_strcmpi
_stricmp
_strnicmp
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

kernel32

HeapAlloc
GetProcessHeap
DelayLoadFailureHook
LoadLibraryExA
GetProcAddress
lstrcmpW
lstrlenW
GetLastError
lstrlenA
HeapFree
WideCharToMultiByte
FreeLibrary
SetUnhandledExceptionFilter
Sleep
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar
UnhandledExceptionFilter

rpcrt4

UuidFromStringW

Exports

Exports

GetExtensionVersion
HttpExtensionProc
TerminateExtension

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff0a7a647d1a3e37e5b21bf5cb82931b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

kernel32

rpcrt4

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 250B

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 250B