2b89def035d1198e10d5beac8967a170_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2b89def035d1198e10d5beac8967a170_NeikiAnalytics
Size

2.7MB
MD5

2b89def035d1198e10d5beac8967a170
SHA1

dc89d298808da30986b1ce4acd2d5c026c07c2ee
SHA256

4c1674a5ef1da8acf64ba334dff4b9fd9427b911046d3d8f2538423fa02701cf
SHA512

723d2168822e194c699a402bb9ef5310ef4c2215ee2cdc085e0be006aaea0065bdc4d65171387affd7da5424030ff08c453fe9817a2a753d55f51f4952a9bb28
SSDEEP

49152:3u907rH1eM63wXdVISH+Xb0ZL+rxvGgWtV+VGhhG:ev7ydGAZoZsVQG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b89def035d1198e10d5beac8967a170_NeikiAnalytics

Files

2b89def035d1198e10d5beac8967a170_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

66d599fd5963c542ed0791ed276555fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\runner\builds\gstreamer\cerbero\cerbero-build\sources\msvc_x86_64\gst-plugins-rs-0.12.5\_builddir\x86_64-pc-windows-msvc\release\deps\gstreqwest.pdb

Imports

gstbase-1.0-0

gst_base_src_set_caps
gst_push_src_get_type
gst_base_src_get_type
gst_base_src_submit_buffer_list
gst_base_src_set_automatic_eos
gst_base_src_set_format
gst_base_src_set_live
gst_base_src_is_live

gstreamer-1.0-0

gst_uri_error_quark
gst_element_register
gst_plugin_register_static
gst_object_get_parent
gst_context_get_structure
gst_context_get_context_type
gst_core_error_quark
gst_structure_new_empty
gst_caps_append_structure_full
gst_caps_new_empty
gst_buffer_copy_into
gst_buffer_unmap
gst_buffer_map
gst_query_add_scheduling_mode
gst_query_set_scheduling
gst_element_class_add_metadata
gst_element_class_set_metadata
gst_element_class_add_pad_template
gst_uri_handler_get_type
gst_caps_features_to_string
gst_allocator_get_type
gst_tag_list_copy_value
gst_tag_list_nth_tag_name
gst_debug_log_literal
_gst_debug_get_category
gst_caps_get_features
gst_caps_is_empty
gst_caps_is_any
gst_caps_get_structure
gst_caps_get_size
gst_buffer_set_size
gst_buffer_get_sizes_range
gst_buffer_extract
gst_buffer_get_size
gst_structure_id_get_value
gst_event_new_tag
gst_structure_get_type
_gst_debug_category_new
gst_caps_new_any
gst_pad_template_new
gst_mini_object_unref
gst_memory_init
gst_buffer_new
gst_mini_object_is_writable
gst_buffer_append_memory
gst_element_get_type
gst_structure_copy
gst_query_new_context
gst_structure_nth_field_name
gst_pad_peer_query
gst_query_parse_context
gst_mini_object_ref
gst_structure_get_name
gst_element_set_context
gst_message_new_need_context
gst_message_set_seqnum
gst_message_writable_structure
gst_structure_take_value
gst_element_post_message
gst_context_new
gst_context_writable_structure
gst_message_new_have_context
gst_structure_n_fields
gst_value_array_get_type
gst_value_list_get_type
gst_structure_free
gst_tag_list_new_empty
gst_tag_get_type
gst_tag_list_add_value
gst_tag_list_n_tags
gst_resource_error_quark
gst_element_message_full
gst_message_new_error_with_details
gst_pad_push_event
gst_library_error_quark
gst_is_initialized

gobject-2.0-0

g_param_spec_string
g_param_spec_boolean
g_type_name
g_value_get_boxed
g_value_copy
g_strdup_value_contents
g_value_transform
g_param_spec_get_name
g_type_check_is_value_type
g_object_is_floating
g_value_set_int
g_value_get_uint
g_value_get_boolean
g_value_set_boxed
g_boxed_type_register_static
g_object_class_install_properties
g_type_class_peek_parent
g_type_class_adjust_private_offset
g_type_add_interface_static
g_type_add_instance_private
g_type_register_static_simple
g_param_spec_boxed
g_object_newv
g_type_register_static
g_type_from_name
g_value_init
g_value_set_uint
g_value_unset
g_value_set_boolean
g_param_spec_uint
g_param_spec_ref_sink
g_type_is_a
g_strv_get_type
g_param_spec_unref
g_object_ref_sink
g_object_unref
g_type_check_value_holds
g_value_get_string
g_object_ref
g_value_take_boxed
g_value_take_string

glib-2.0-0

g_strndup
g_malloc
g_string_append_len
g_free
g_string_append_unichar
g_quark_to_string
g_error_new_literal
g_error_free
g_quark_from_string
g_strfreev
g_realloc

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

ntdll

RtlNtStatusToDosError
NtCreateFile
RtlVirtualUnwind
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

IsProcessorFeaturePresent
ReleaseSRWLockExclusive
CloseHandle
SwitchToThread
SetUnhandledExceptionFilter
HeapReAlloc
GetProcAddress
GetModuleHandleA
Sleep
HeapFree
HeapAlloc
GetProcessHeap
GetFinalPathNameByHandleW
AcquireSRWLockShared
ReleaseSRWLockShared
PostQueuedCompletionStatus
UnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetQueuedCompletionStatusEx
SetLastError
SetHandleInformation
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
CreateIoCompletionPort
SetThreadStackGuarantee
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
SetFileCompletionNotificationModes
TryAcquireSRWLockExclusive
CreateThread
GetCurrentThread
AcquireSRWLockExclusive

crypt32

CertGetCertificateChain
CertCloseStore
CertDuplicateCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDuplicateStore

ws2_32

ioctlsocket
setsockopt
WSAIoctl
bind
closesocket
getpeername
WSAGetLastError
getsockname
WSASocketW
recv
send
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSASend
shutdown
connect
getsockopt

secur32

InitializeSecurityContextW
FreeCredentialsHandle
ApplyControlToken
EncryptMessage
DecryptMessage
DeleteSecurityContext
AcceptSecurityContext
QueryContextAttributesW
FreeContextBuffer
AcquireCredentialsHandleA

vcruntime140

memcmp
memcpy
__CxxFrameHandler3
__std_type_info_destroy_list
memmove
memset
_CxxThrowException
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

pow

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_initterm_e
_initterm
_execute_onexit_table
_cexit
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

gst_plugin_reqwest_get_desc
gst_plugin_reqwest_register

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66d599fd5963c542ed0791ed276555fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gstbase-1.0-0

gstreamer-1.0-0

gobject-2.0-0

glib-2.0-0

bcrypt

advapi32

ntdll

kernel32

crypt32

ws2_32

secur32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 772KB - Virtual size: 771KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 80KB - Virtual size: 79KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 772KB - Virtual size: 771KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 80KB - Virtual size: 79KB

.reloc
Size: 10KB - Virtual size: 9KB