28254bebac4337cd7dfe63f41adcb6a0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

28254bebac4337cd7dfe63f41adcb6a0_NeikiAnalytics
Size

79KB
MD5

28254bebac4337cd7dfe63f41adcb6a0
SHA1

c78fa2c6ee843a77d37172dd79fa2b9caa4f83fe
SHA256

190a8fa2fb7d7e32deed01f0e758ec2c600ddde492a577ab61cea1666620b91b
SHA512

b38e88051d3a05eba5d338f1155f30f26e30ad71805fc62a7b6219fb26f219d69d9382a54e150497f0be6ab3dd51988739071271f0a3067b0501febf5ad8aa61
SSDEEP

1536:0VBuRHf4DV9A50CDLo0k3Ed3MYWs4PEKoko4lTJbbbbdbH5bBttcMou0IiINsQY:0VcR/4DV9A6Crtz4PEKok9dbbbbdb1BM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28254bebac4337cd7dfe63f41adcb6a0_NeikiAnalytics

Files

28254bebac4337cd7dfe63f41adcb6a0_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

46f34018b3f26ef124f647874492c1ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\gps\AppData\Local\Temp\python-build-r5seklmg\Python-3.8.5\PCbuild\amd64\_sqlite3.pdb

Imports

python38

PyExc_OverflowError
PyModule_GetDict
PyErr_ExceptionMatches
PyErr_Fetch
PyObject_CallFunctionObjArgs
PyUnicode_AsUTF8
PyObject_GetBuffer
PyList_New
PyObject_GetAttrString
_PyObject_CallMethod_SizeT
PyErr_Clear
PyList_Append
PyUnicode_FSConverter
_PyDict_GetItemIdWithError
PyList_GetItem
PyUnicode_Type
PyLong_AsLongAndOverflow
PyTuple_SetItem
PyErr_NoMemory
PyObject_CallObject
PyBytes_FromStringAndSize
PyGILState_Ensure
PyThread_get_thread_ident
_PyObject_MakeTpCall
_PyObject_New
PyExc_TypeError
PyObject_IsTrue
_PyUnicode_Ready
PyCallable_Check
_PyLong_AsInt
_Py_TrueStruct
PyErr_Print
PyUnicode_FromString
PyBuffer_Release
PyEval_RestoreThread
PyUnicode_FromStringAndSize
PyOS_snprintf
PyErr_SetObject
PyObject_SelfIter
PyIter_Next
PyObject_GetIter
PyExc_UnicodeDecodeError
PyEval_SaveThread
PyObject_ClearWeakRefs
PyBytes_Type
PyUnicode_Decode
PyByteArray_FromStringAndSize
_PyObject_NextNotImplemented
PyByteArray_Type
Py_BuildValue
PyDict_SetItemString
_PyObject_CallMethodId_SizeT
PyArg_ParseTuple
PyExc_Exception
PyLong_FromLong
PyLong_Type
PyModule_AddObject
PySys_Audit
PyModule_Create2
PyErr_NewException
PyExc_ImportError
PyObject_Call
PyType_Type
PyBool_FromLong
PySlice_Type
PyObject_Hash
PyObject_RichCompare
PyTuple_GetItem
_Py_ctype_tolower
PyObject_RichCompareBool
PyTuple_Size
PyObject_GetItem
_Py_NotImplementedStruct
PyNumber_AsSsize_t
PyExc_IndexError
PySequence_Size
PySequence_GetItem
PyUnicode_AsUTF8AndSize
PyDict_Type
PyTuple_Type
PySequence_Check
PyList_Type
PyExc_LookupError
_PyLong_AsByteArray
PyLong_FromLongLong
PyLong_AsLongLongAndOverflow
_PyUnicode_EqualToASCIIString
PyUnicode_DecodeUTF8
PyBytes_AsString
PyImport_ImportModule
_PyArg_NoKeywords
_Py_BuildValue_SizeT
_PyTime_AsMilliseconds
_PyTime_FromSecondsObject
PyWeakref_NewRef
PyObject_Print
PyDict_DelItem
PyDict_New
PyDict_SetItem
PyType_Ready
PyUnicode_FromFormat
_PyArg_ParseTuple_SizeT
_Py_Dealloc
PyErr_Restore
_Py_FalseStruct
PyFloat_Type
PyType_IsSubtype
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyExc_ValueError
PyErr_SetString
_Py_CheckFunctionResult
PyList_Size
_PyObject_CallMethodIdObjArgs
PyExc_AttributeError
PyWeakref_GetObject
PyFloat_FromDouble
PyTuple_New
PyGILState_Release
_PyObject_LookupAttrId
PyFloat_AsDouble
_Py_NoneStruct
PyDict_GetItemWithError
PyErr_Occurred
PyType_GenericNew
_PyErr_FormatFromCause
_PyObject_CallFunction_SizeT

sqlite3

sqlite3_column_type
sqlite3_column_decltype
sqlite3_data_count
sqlite3_column_int64
sqlite3_column_bytes
sqlite3_column_name
sqlite3_column_blob
sqlite3_column_double
sqlite3_enable_shared_cache
sqlite3_complete
sqlite3_column_count
sqlite3_bind_double
sqlite3_bind_blob
sqlite3_bind_text
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_int64
sqlite3_reset
sqlite3_bind_parameter_name
sqlite3_errcode
sqlite3_step
sqlite3_errmsg
sqlite3_libversion
sqlite3_last_insert_rowid
sqlite3_column_text
sqlite3_libversion_number
sqlite3_value_double
sqlite3_backup_step
sqlite3_value_blob
sqlite3_trace
sqlite3_backup_pagecount
sqlite3_enable_load_extension
sqlite3_value_bytes
sqlite3_result_blob
sqlite3_progress_handler
sqlite3_load_extension
sqlite3_close_v2
sqlite3_get_autocommit
sqlite3_errstr
sqlite3_value_int64
sqlite3_value_type
sqlite3_result_text
sqlite3_sleep
sqlite3_result_null
sqlite3_prepare_v2
sqlite3_backup_finish
sqlite3_open_v2
sqlite3_value_text
sqlite3_result_double
sqlite3_result_int64
sqlite3_busy_timeout
sqlite3_user_data
sqlite3_total_changes
sqlite3_finalize
sqlite3_result_error
sqlite3_backup_init
sqlite3_interrupt
sqlite3_backup_remaining
sqlite3_create_function_v2
sqlite3_set_authorizer
sqlite3_create_collation
sqlite3_aggregate_context
sqlite3_changes

vcruntime140

__current_exception
__std_type_info_destroy_list
__current_exception_context
memset
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate

api-ms-win-crt-string-l1-1-0

_strnicmp

kernel32

TerminateProcess
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

Exports

Exports

PyInit__sqlite3

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46f34018b3f26ef124f647874492c1ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python38

sqlite3

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 612B

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 612B