65ed01048e4b67cf6054b6d7261d5660_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

65ed01048e4b67cf6054b6d7261d5660_NeikiAnalytics
Size

53KB
MD5

65ed01048e4b67cf6054b6d7261d5660
SHA1

37d11f14cb4c99401cb792ca80c1089c17101c41
SHA256

b6d5c0d7cb9927c5201ff08df429d10a3b1df0ce9371449519bb3569beedf5ba
SHA512

9388871294850722fd5e70b06b030c635ed016c44bce32fc89d6cf662033bda403d89f5b73b3d5733678827c6df19852491a90c66f8ffa070e303a0b2336b887
SSDEEP

768:zyjH9iIFC3C/Jw+6mJhP5WLYLh1v4s4dsOT7hy5:zKV/36mJhP5P3v4sosY9y5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65ed01048e4b67cf6054b6d7261d5660_NeikiAnalytics

Files

65ed01048e4b67cf6054b6d7261d5660_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

96fdc2edd981cf6e66725f8c52370caf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32help.pdb

Imports

user32

WinHelpW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

python310

PyObject_GenericSetAttr
PyObject_GenericGetAttr
PyEval_SaveThread
PyLong_FromLong
Py_BuildValue
PyExc_MemoryError
_Py_NoneStruct
PyTuple_New
PyExc_AttributeError
PyErr_SetString
PyExc_ValueError
PyErr_Format
_Py_Dealloc
PyTuple_GetItem
PyModule_GetDict
PyLong_AsLong
PyEval_RestoreThread
PyArg_ParseTuple
PyExc_TypeError
_Py_NewReference
PyExc_NotImplementedError
PyTuple_SetItem
PyModule_AddIntConstant
PyTuple_Size
PyErr_Clear
PyType_Ready
PyModule_Create2
PyUnicode_AsUTF8

pywintypes310

?PyWinLong_FromHANDLE@@YAPEAU_object@@PEAX@Z
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
?PyWin_CopyString@@YAPEA_WPEB_W@Z
?PyWinObject_FromRECT@@YAPEAU_object@@PEAUtagRECT@@@Z
?ptr@PyWinBufferView@@QEAAPEAXXZ
?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z
??1PyWinBufferView@@QEAA@XZ
??0PyWinBufferView@@QEAA@XZ
?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinObject_AsRECT@@YAHPEAU_object@@PEAUtagRECT@@@Z
?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z

kernel32

LoadLibraryExA
RtlCaptureContext
ExpandEnvironmentStringsA
GetProcAddress
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW

vcruntime140

__std_exception_copy
__C_specific_handler
memset
__std_terminate
__CxxFrameHandler3
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_seh_filter_dll
_register_onexit_function
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

strcmp

Exports

Exports

PyInit_win32help

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96fdc2edd981cf6e66725f8c52370caf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

python310

pywintypes310

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 860B

.reloc Size: 512B - Virtual size: 308B

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 860B

.reloc
Size: 512B - Virtual size: 308B