d:\保罗项目组\程序\debug\man20s.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
436adfa55f47aacd34f2845b70f80430_NeikiAnalytics.exe
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
436adfa55f47aacd34f2845b70f80430_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
436adfa55f47aacd34f2845b70f80430_NeikiAnalytics
-
Size
2.9MB
-
MD5
436adfa55f47aacd34f2845b70f80430
-
SHA1
0ecd8a1c96b3608c50217831154f3e7951fd74d2
-
SHA256
144589bc4ec2c19790e97cf9696626dcab76ee7112f0bb5bb36e8a4155e3c27f
-
SHA512
7255343f8f7bac354be426716433074d189624ac4c07d4b94c40d7c3d329ab14510049bd39e6a1413e2c9ac68d654c5ed1c077ab4ea28443311ff753576b509b
-
SSDEEP
49152:fnzXnI/XO8gMDqf+TQc2apRR/rUWyVWqnW3H68W4xVDuJKkpimNCXg2T:fc+8gMDfpLM8WYDuJ/pimNQg
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 436adfa55f47aacd34f2845b70f80430_NeikiAnalytics
Files
-
436adfa55f47aacd34f2845b70f80430_NeikiAnalytics.exe windows:5 windows x86 arch:x86
5c877da3752f03f8f1c48c6ab05ec7dc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
shell32
ShellExecuteW
opengl32
glBegin
glPushAttrib
wglGetCurrentContext
wglMakeCurrent
wglGetProcAddress
glEnable
wglShareLists
wglCreateContext
wglDeleteContext
glPopMatrix
glColor4f
glBlendFunc
glDisable
glMultMatrixf
glPushMatrix
glMatrixMode
glGetError
glEnd
glVertex2f
glTexCoord2f
glViewport
glTranslatef
glCopyTexSubImage2D
glBindTexture
glGetIntegerv
glTexParameteri
glTexImage2D
glGenTextures
glTexSubImage2D
glGetTexImage
glDeleteTextures
glClear
glClearColor
glPopAttrib
glLoadIdentity
glLoadMatrixf
wglGetCurrentDC
glGetString
glScalef
glReadPixels
winmm
joyGetDevCapsA
joyGetPosEx
openal32
alcCloseDevice
alcOpenDevice
alcCreateContext
alcMakeContextCurrent
alBufferData
alSourceQueueBuffers
alGenBuffers
alSourceUnqueueBuffers
alGetBufferi
alDeleteBuffers
alGetSource3f
alGetSourcef
alGetSourcei
alcDestroyContext
alGetEnumValue
alSource3f
alSourcef
alSourceStop
alSourcePause
alSourcePlay
alDeleteSources
alGetError
alGenSources
alListenerf
alGetListenerf
alListener3f
alGetListener3f
alListenerfv
alGetListenerfv
alSourcei
libsndfile-1
ord80
ord2
ord21
ord37
ord3
msvcp90d
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??Bios_base@std@@QBEPAXXZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@HH@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Swap_all@_Container_base_secure@std@@QBEXAAV12@@Z
?_Swap_aux@_Container_base_secure@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1_Container_base_secure@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Debug_message@std@@YAXPB_W0I@Z
??0_Container_base_secure@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1_String_base@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Orphan_all@_Container_base_secure@std@@QBEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0locale@std@@QAE@XZ
??0locale@std@@QAE@PBDH@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_Has_debug_it@01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@U_Has_debug_it@01@@Z
??1locale@std@@QAE@XZ
?_Xlen@_String_base@std@@SAXXZ
??0_String_base@std@@QAE@XZ
?_Xran@_String_base@std@@SAXXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?narrow@?$ctype@_W@std@@QBED_WD@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
msvcr90d
atol
__RTDynamicCast
_CRT_RTC_INITW
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
__initenv
_CrtSetCheckCount
_initterm
_initterm_e
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_controlfp_s
_invoke_watson
_beginthreadex
_endthreadex
??_V@YAXPAX@Z
wcstombs
mbstowcs
printf
qsort
__CxxFrameHandler3
??3@YAXPAX@Z
_CxxThrowException
_invalid_parameter
_CrtDbgReportW
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_wassert
cos
sin
sqrt
sprintf
_purecall
??0exception@std@@QAE@XZ
??8type_info@@QBE_NABV0@@Z
strlen
strchr
exit
longjmp
_setjmp3
strncat
strcspn
strcat
strcpy
strncpy
isalnum
isalpha
isspace
isdigit
iscntrl
localeconv
strtoul
strtod
abs
pow
floor
memcmp
memcpy
strcoll
strcmp
strstr
fclose
ferror
ungetc
freopen
getc
fopen
__iob_func
fread
feof
strerror
_errno
realloc
free
fprintf
fputs
fgets
_popen
tmpfile
clearerr
fscanf
fwrite
ftell
fseek
setvbuf
fflush
_pclose
fabs
sinh
cosh
tan
tanh
asin
acos
atan
atan2
ceil
fmod
modf
log
log10
exp
frexp
ldexp
rand
srand
_HUGE
strrchr
getenv
system
remove
rename
tmpnam
clock
strftime
_gmtime64
_localtime64
_time64
_mktime64
_difftime64
setlocale
tolower
toupper
strpbrk
isxdigit
isupper
ispunct
islower
memchr
_isatty
_fileno
signal
memmove_s
memset
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
__CxxLongjmpUnwind
abort
malloc
fgetc
strtol
strncmp
sscanf
memmove
kernel32
FreeLibrary
GetModuleFileNameA
GetProcAddress
MultiByteToWideChar
GetVersionExA
GetTickCount
GetLastError
FormatMessageA
CloseHandle
WaitForSingleObject
GetModuleHandleA
TerminateThread
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
lstrlenA
WideCharToMultiByte
DebugBreak
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
user32
PeekMessageA
ClientToScreen
SetCursorPos
LoadCursorA
SetCursor
TranslateMessage
DispatchMessageA
DestroyIcon
DestroyWindow
CallWindowProcA
DefWindowProcW
DefWindowProcA
MapVirtualKeyA
GetAsyncKeyState
TrackMouseEvent
ChangeDisplaySettingsA
RegisterClassW
RegisterClassA
CreateIcon
SendMessageA
GetWindowLongA
EnumDisplaySettingsA
ShowWindow
CreateWindowExA
CreateWindowExW
SetWindowLongA
GetClientRect
AdjustWindowRect
ReleaseDC
GetDC
UnregisterClassA
UnregisterClassW
SetWindowPos
gdi32
GetDeviceCaps
SetPixelFormat
ChoosePixelFormat
DescribePixelFormat
SwapBuffers
Sections
.textbss Size: - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 806KB - Virtual size: 805KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ