b62fcbe8dc8e2e4933c24781b4d205c0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

b62fcbe8dc8e2e4933c24781b4d205c0_NeikiAnalytics
Size

68KB
MD5

b62fcbe8dc8e2e4933c24781b4d205c0
SHA1

dca38105bb5123935409c3501c938c1b5abb6070
SHA256

5218caa18a892fbc21ed34e24d3d70084ff0928af95bd8e26afa23c1d3d5b88e
SHA512

0d04ddeed8a4abda448f5bd7ebd3176b097146ff46ff63856921ed948878bda162ce60ff32587f5f7dae4d64e060b79c029e0f396ecf1c16b29ba19803b23d57
SSDEEP

1536:66fLHRMK8SD1xi4mBDRVWUd9a/C5Y998+8M6vBE3cQyPEzpDiwkwoxADzj8lCdDO:667cYzoM6vqsQyPEdDmxKDzj8OJG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b62fcbe8dc8e2e4933c24781b4d205c0_NeikiAnalytics

Files

b62fcbe8dc8e2e4933c24781b4d205c0_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

fabf30c3680063b2b7ea796c60f39acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

libllvm-18

LLVMInitializeAArch64AsmParser
LLVMInitializeAArch64TargetInfo
LLVMInitializeAArch64TargetMC
LLVMInitializeARMAsmParser
LLVMInitializeARMTargetInfo
LLVMInitializeARMTargetMC
LLVMInitializeNVPTXTargetInfo
LLVMInitializeNVPTXTargetMC
LLVMInitializeX86AsmParser
LLVMInitializeX86TargetInfo
LLVMInitializeX86TargetMC
_ZN4llvm11LLVMContextC1Ev
_ZN4llvm11LLVMContextD1Ev
_ZN4llvm11StringSaver4saveENS_9StringRefE
_ZN4llvm11raw_ostream5writeEPKcj
_ZN4llvm11raw_ostream5writeEh
_ZN4llvm11raw_ostreamlsERKNS_18format_object_baseE
_ZN4llvm11raw_ostreamlsERKNS_19formatv_object_baseE
_ZN4llvm11raw_ostreamlsEm
_ZN4llvm12MemoryBuffer7getFileERKNS_5TwineEbbbNSt3__18optionalINS_5AlignEEE
_ZN4llvm12MemoryBuffer8getSTDINEv
_ZN4llvm12writeArchiveENS_9StringRefENS_8ArrayRefINS_16NewArchiveMemberEEENS_17SymtabWritingModeENS_6object7Archive4KindEbbNSt3__110unique_ptrINS_12MemoryBufferENS8_14default_deleteISA_EEEEb
_ZN4llvm13ErrorInfoBase2IDE
_ZN4llvm13StringMapImpl11RehashTableEj
_ZN4llvm13StringMapImpl15LookupBucketForENS_9StringRefE
_ZN4llvm13libDriverMainENS_8ArrayRefIPKcEE
_ZN4llvm13line_iterator7advanceEv
_ZN4llvm13line_iteratorC1ERKNS_12MemoryBufferEbc
_ZN4llvm14identify_magicENS_9StringRefE
_ZN4llvm14raw_fd_ostreamC1EibbNS_11raw_ostream11OStreamKindE
_ZN4llvm14raw_fd_ostreamD1Ev
_ZN4llvm15SmallVectorBaseIjE8grow_podEPvjj
_ZN4llvm15allocate_bufferEjj
_ZN4llvm15format_providerINSt3__16chrono10time_pointINS2_12system_clockENS2_8durationIxNS1_5ratioILx1ELx1000000000EEEEEEEvE6formatERKS9_RNS_11raw_ostreamENS_9StringRefE
_ZN4llvm16NewArchiveMember12getOldMemberERKNS_6object7Archive5ChildEb
_ZN4llvm16NewArchiveMember7getFileENS_9StringRefEb
_ZN4llvm16errorToErrorCodeENS_5ErrorE
_ZN4llvm17deallocate_bufferEPvjj
_ZN4llvm17dlltoolDriverMainENS_8ArrayRefIPKcEE
_ZN4llvm18format_object_base4homeEv
_ZN4llvm18getAsSignedIntegerENS_9StringRefEjRx
_ZN4llvm26computeArchiveRelativePathENS_9StringRefES0_
_ZN4llvm2cl19ExpandResponseFilesERNS_11StringSaverEPFvNS_9StringRefES2_RNS_15SmallVectorImplIPKcEEbES8_
_ZN4llvm2cl19PrintVersionMessageEv
_ZN4llvm2cl22TokenizeGNUCommandLineENS_9StringRefERNS_11StringSaverERNS_15SmallVectorImplIPKcEEb
_ZN4llvm2cl26TokenizeWindowsCommandLineENS_9StringRefERNS_11StringSaverERNS_15SmallVectorImplIPKcEEb
_ZN4llvm3sys16getProcessTripleEv
_ZN4llvm3sys2fs12is_directoryERKNS_5TwineERb
_ZN4llvm3sys2fs18create_directoriesERKNS_5TwineEbNS1_5permsE
_ZN4llvm3sys2fs32setLastAccessAndModificationTimeEiNSt3__16chrono10time_pointINS3_12system_clockENS3_8durationIxNS2_5ratioILx1ELx1000000000EEEEEEESA_
_ZN4llvm3sys2fs6statusERKNS_5TwineERNS1_11file_statusEb
_ZN4llvm3sys2fs8openFileERKNS_5TwineERiNS1_19CreationDispositionENS1_10FileAccessENS1_9OpenFlagsEj
_ZN4llvm3sys4path11is_absoluteERKNS_5TwineENS1_5StyleE
_ZN4llvm3sys4path11parent_pathENS_9StringRefENS1_5StyleE
_ZN4llvm3sys4path16convert_to_slashENS_9StringRefENS1_5StyleE
_ZN4llvm3sys4path4stemENS_9StringRefENS1_5StyleE
_ZN4llvm3sys4path6appendERNS_15SmallVectorImplIcEERKNS_5TwineES7_S7_S7_
_ZN4llvm3sys4path8filenameENS_9StringRefENS1_5StyleE
_ZN4llvm3sys7windows11UTF8ToUTF16ENS_9StringRefERNS_15SmallVectorImplIwEE
_ZN4llvm4errsEv
_ZN4llvm4outsEv
_ZN4llvm6TripleC1ERKNS_5TwineE
_ZN4llvm6detail14format_adapter6anchorEv
_ZN4llvm6object12createBinaryENS_15MemoryBufferRefEPNS_11LLVMContextEb
_ZN4llvm6object7Archive21getDefaultKindForHostEv
_ZN4llvm6object7Archive6createENS_15MemoryBufferRefE
_ZN4llvm8InitLLVMC2ERiRPPKcb
_ZN4llvm8InitLLVMD1Ev
_ZN4llvm9ErrorList2IDE
_ZN4llvm9WithColor5errorERNS_11raw_ostreamENS_9StringRefEb
_ZN4llvm9WithColor7warningERNS_11raw_ostreamENS_9StringRefEb
_ZNK4llvm12MemoryBuffer15getMemBufferRefEv
_ZNK4llvm16NewArchiveMember20detectKindFromObjectEv
_ZNK4llvm3sys2fs17basic_file_status23getLastModificationTimeEv
_ZNK4llvm5Twine3strEv
_ZNK4llvm5Twine5printERNS_11raw_ostreamE
_ZNK4llvm6object27AbstractArchiveMemberHeader13getAccessModeEv
_ZNK4llvm6object27AbstractArchiveMemberHeader15getLastModifiedEv
_ZNK4llvm6object27AbstractArchiveMemberHeader6getGIDEv
_ZNK4llvm6object27AbstractArchiveMemberHeader6getUIDEv
_ZNK4llvm6object7Archive11child_beginERNS_5ErrorEb
_ZNK4llvm6object7Archive14hasSymbolTableEv
_ZNK4llvm6object7Archive5Child11getAsBinaryEPNS_11LLVMContextE
_ZNK4llvm6object7Archive5Child11getFullNameEv
_ZNK4llvm6object7Archive5Child14getChildOffsetEv
_ZNK4llvm6object7Archive5Child7getNameEv
_ZNK4llvm6object7Archive5Child7getNextEv
_ZNK4llvm6object7Archive5Child7getSizeEv
_ZNK4llvm6object7Archive5Child9getBufferEv
_ZNK4llvm6object7Archive9child_endEv
_ZNK4llvm9StringRef16find_insensitiveES0_j
_ZNK4llvm9StringRef16find_last_not_ofES0_j
_ZNK4llvm9StringRef17find_first_not_ofES0_j
_ZNK4llvm9StringRef17rfind_insensitiveES0_
_ZNK4llvm9StringRef4findES0_j
_ZNK4llvm9StringRef5lowerEv
_ZTVN4llvm9ErrorListE

kernel32

CompareStringOrdinal
DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

libc++

_ZNKSt3__110error_code7messageEv
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKcj
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6assignEPKc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE9push_backEc
_ZNSt3__115system_categoryEv
_ZNSt3__116generic_categoryEv
_ZNSt3__122__libcpp_verbose_abortEPKcz
_ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_
_ZdlPv
_Znwj

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_close
fwrite

api-ms-win-crt-string-l1-1-0

strcmp
strlen
strncmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fabf30c3680063b2b7ea796c60f39acd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libllvm-18

kernel32

libc++

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 14KB - Virtual size: 14KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 512B - Virtual size: 1KB

.eh_fram Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 8B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 14KB - Virtual size: 14KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 512B - Virtual size: 1KB

.eh_fram
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 2KB - Virtual size: 2KB