2d656da826349e5e42cd3a0dd22dc590_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

2d656da826349e5e42cd3a0dd22dc590_NeikiAnalytics
Size

2.0MB
MD5

2d656da826349e5e42cd3a0dd22dc590
SHA1

a39df7abd28ec119357e4fcf7651291d4276edce
SHA256

8ec46ac505477ba8cc5d73f2b861582d47668c34794de71d14596c903a0c86d2
SHA512

244dce177d58dafc41eefc61eb87d6933b514ad0668475340743fd4d5c620468db8320d7f218b3b6e4d5cd5d4bd35af697a36121a98746d141bab1f3ba28bc74
SSDEEP

49152:znbShmTlytFhhljvdSZ4/GS7/VkaP07+Pz:zbUmTdWG02

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d656da826349e5e42cd3a0dd22dc590_NeikiAnalytics

Files

2d656da826349e5e42cd3a0dd22dc590_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

a90af07c9d4ad16263c3015d2722bd09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\db3\blender_dependencies.git\trunk\S\VS1286D\build\python\src\external_python\PCBuild\win32\_ssl_d.pdb

Imports

ws2_32

WSAGetLastError
send
recv
closesocket
shutdown
WSASetLastError
select

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertEnumCRLsInStore
CertFreeCRLContext
CertGetEnhancedKeyUsage
CertOpenStore
CertCloseStore

kernel32

CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GetStdHandle
GetLastError
LoadLibraryA
FlushConsoleInputBuffer
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
IsProcessorFeaturePresent
DecodePointer
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
FindClose
FindFirstFileA
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
WriteFile
SetLastError
GetFileType
GlobalMemoryStatus
IsDebuggerPresent
FreeLibrary
EncodePointer
FindNextFileA
WideCharToMultiByte

user32

ReleaseDC
GetUserObjectInformationW
MessageBoxA
GetDC
GetProcessWindowStation

gdi32

GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
GetObjectA

advapi32

RegisterEventSourceA
DeregisterEventSource
ReportEventA

python35_d

PyExc_IOError
PyExc_RuntimeWarning
PyExc_ValueError
PyExc_TypeError
PyExc_OverflowError
PyExc_MemoryError
PyExc_OSError
_Py_TrueStruct
_Py_FalseStruct
_PyByteArray_empty_string
PyByteArray_Type
_Py_NoneStruct
_Py_RefTotal
PyThread_release_lock
PyThread_acquire_lock
PyThread_free_lock
PyThread_allocate_lock
PyThread_get_thread_ident
_Py_fopen_obj
PyBuffer_Release
PyBuffer_IsContiguous
PyObject_GetBuffer
PyObject_CallFunctionObjArgs
PyEval_RestoreThread
PyEval_SaveThread
PyModule_Create2TraceRefs
PyModule_AddIntConstant
PyModule_AddObject
_PyArg_NoPositional
_PyArg_NoKeywords
_Py_BuildValue_SizeT
_PyArg_ParseTupleAndKeywords_SizeT
_PyArg_ParseTuple_SizeT
_PyArg_Parse_SizeT
PyErr_CheckSignals
PyErr_WriteUnraisable
PyErr_NewExceptionWithDoc
PyErr_SetFromWindowsErr
PyErr_Format
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrno
PyErr_NoMemory
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyWeakref_GetObject
PyWeakref_NewRef
PyErr_WarnFormat
PyGILState_Release
PyGILState_Ensure
PyCapsule_Import
PyModule_GetDict
PySet_Add
PySet_New
PyDict_SetItemString
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyList_AsTuple
PyList_Append
PyList_Size
PyList_New
PyTuple_New
PyBool_FromLong
PyLong_AsLong
PyLong_FromUnsignedLong
PyLong_FromLong
PyUnicode_DecodeFSDefault
PyUnicode_FSConverter
PyUnicode_AsASCIIString
PyUnicode_DecodeUTF8
PyUnicode_AsEncodedString
PyUnicode_Decode
PyUnicode_InternFromString
PyUnicode_FromFormat
PyUnicode_FromEncodedObject
PyUnicode_FromString
PyUnicode_FromStringAndSize
_PyBytes_Resize
PyBytes_AsString
PyBytes_FromString
PyBytes_FromStringAndSize
_PyObject_New
PyObject_Free
PyMem_Free
PyMem_Malloc
_PyTime_GetMonotonicClock
_PyTime_AsTimeval_noraise
_Py_Dealloc
_Py_NegativeRefcount
PyCallable_Check
_PyObject_SetAttrId
PyObject_Str
PyType_Ready
PyType_IsSubtype
PyType_FromSpec
PyObject_CallObject

msvcr120d

wcsstr
__iob_func
sscanf
_stat64i32
printf
calloc
strtoul
getenv
_exit
qsort
memset
memcpy
_errno
strchr
_wassert
__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_dbg
_CrtDbgReportW
_unlock
_lock
fclose
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_CrtSetCheckCount
_free_dbg
_malloc_dbg
_amsg_exit
__CppXcptFilter
abort
strstr
sprintf
_getch
fputs
signal
_gmtime64
strtol
atoi
strrchr
_localtime64
fprintf
_stricmp
strncmp
isupper
_time64
isxdigit
strcmp
tolower
_strnicmp
strerror
strncpy
memchr
isalnum
isspace
isdigit
memmove
_setmode
_wfopen
fwrite
ftell
fseek
fread
fopen
_fileno
fgets
fflush
_vsnprintf
ferror
feof
free
malloc
realloc
memcmp
raise

Exports

Exports

PyInit__ssl

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a90af07c9d4ad16263c3015d2722bd09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

python35_d

msvcr120d

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 335KB - Virtual size: 334KB

.data Size: 57KB - Virtual size: 65KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 53KB - Virtual size: 53KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 335KB - Virtual size: 334KB

.data
Size: 57KB - Virtual size: 65KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 53KB - Virtual size: 53KB