b49306c42505719152882a740041ff00_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

b49306c42505719152882a740041ff00_NeikiAnalytics
Size

35KB
MD5

b49306c42505719152882a740041ff00
SHA1

92789ab9ebe5440feb202af6402c4b19a61084a0
SHA256

172cdecb7189805330273898fb472f4cd33a323d7348928823289b4c7d66a780
SHA512

abf7eeaddcc09ecaef8755ac09d52d82b28ae44a1899247bb58b2ed5133d9ee0c32075c5fd119caa4aabdeb81046b430e09ee31c58ef87b95d5617d843e94b19
SSDEEP

384:lbeQMOMP1aCBNpeyjdQlz3dbSIgQ2Zv8Q0K4SzJHsR6FXbGZ0JFcd+2HZlJqRZn9:JfFtyjdcdbR32drLNsR6y06+2HZlJqR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b49306c42505719152882a740041ff00_NeikiAnalytics

Files

b49306c42505719152882a740041ff00_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

ba10e30f176681261b85eb84fa323682

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\VC16\Win64\httpd-2.4\srclib\apr-iconv\x64\Release\libapriconv.pdb

Imports

libapr-1

apr_pool_destroy
apr_snprintf
apr_env_get
apr_dso_sym
apr_dso_unload
apr_dso_load
apr_filepath_list_split
apr_stat
apr_pool_create_ex

vcruntime140

memcpy
memset
__C_specific_handler
__std_type_info_destroy_list
memcmp

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment
_execute_onexit_table

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlVirtualUnwind

Exports

Exports

apr_iconv
apr_iconv_ces_close
apr_iconv_ces_close_func
apr_iconv_ces_nbits7
apr_iconv_ces_nbits8
apr_iconv_ces_no_func
apr_iconv_ces_open
apr_iconv_ces_open_func
apr_iconv_ces_reset_func
apr_iconv_ces_zero
apr_iconv_close
apr_iconv_euc_close
apr_iconv_euc_convert_from_ucs
apr_iconv_euc_convert_to_ucs
apr_iconv_euc_open
apr_iconv_iso2022_close
apr_iconv_iso2022_convert_from_ucs
apr_iconv_iso2022_convert_to_ucs
apr_iconv_iso2022_open
apr_iconv_iso2022_reset
apr_iconv_mod_load
apr_iconv_mod_noevent
apr_iconv_mod_unload
apr_iconv_open

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba10e30f176681261b85eb84fa323682

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libapr-1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 900B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 900B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB