7817ba383f58369ddccb6c1eb2c63db0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

7817ba383f58369ddccb6c1eb2c63db0_NeikiAnalytics
Size

61KB
MD5

7817ba383f58369ddccb6c1eb2c63db0
SHA1

01152d73ac8f5b4b8a48b7723a274488060ff174
SHA256

b443e58f32c915da2da447407bd2d180de362790e46d75ceb110652f772c23f6
SHA512

ec9990d2b7a3799271bab8acc1b9b900f0c9d74f922df84515ddecf6f05603152d5e85795e5b197072fe5f2634d19866a1293148d6577ca09fe8c108a18cb184
SSDEEP

768:GuYIqhSeGQtu2ryTm5kBBL/cAcdb7XiitsLvaFUuT5d8/Ut9TkdmqxZJ2dqFCzFU:GuYIEX4mXAvaFUutd8oUmvxzjpv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7817ba383f58369ddccb6c1eb2c63db0_NeikiAnalytics

Files

7817ba383f58369ddccb6c1eb2c63db0_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

d5f0aedc799d821c226eeebc55aa8c7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\runner\builds\gstreamer\cerbero\cerbero-build\sources\msvc_x86_64\gstreamer-1.0\subprojects\gst-plugins-bad\_builddir\ext\srtp\gstsrtp.pdb

Imports

gstrtp-1.0-0

gst_rtp_buffer_get_payload_type
gst_rtcp_buffer_unmap
gst_rtcp_buffer_get_first_packet
gst_rtcp_packet_move_to_next
gst_rtcp_packet_get_type
gst_rtcp_packet_sr_get_sender_info
gst_rtcp_packet_rr_get_ssrc
gst_rtcp_packet_bye_get_nth_ssrc
gst_rtcp_packet_app_get_ssrc
gst_rtcp_packet_fb_get_sender_ssrc
gst_rtp_buffer_map
gst_rtp_buffer_unmap
gst_rtp_buffer_get_ssrc
gst_rtcp_buffer_map

gstreamer-1.0-0

gst_library_error_quark
gst_stream_error_quark
gst_element_iterate_sink_pads
gst_element_remove_pad
gst_element_class_get_pad_template
gst_pad_push_list
gst_pad_get_current_caps
gst_pad_set_chain_list_function_full
gst_pad_set_active
gst_iterator_free
gst_iterator_resync
gst_iterator_next
gst_buffer_list_foreach
gst_buffer_list_insert
gst_buffer_list_length
gst_buffer_list_new
gst_buffer_copy_into
gst_buffer_extract
gst_buffer_new_allocate
gst_mini_object_replace
gst_object_get_name
_gst_value_array_type
_gst_debug_min
_gst_buffer_type
_gst_caps_type
_gst_structure_type
gst_pad_peer_query_caps
gst_element_decorate_stream_id
gst_value_array_append_value
_gst_debug_register_funcptr
gst_event_new_caps
_gst_debug_category_new
gst_debug_log
gst_core_error_quark
gst_element_message_full
_gst_element_error_printf
gst_element_add_pad
gst_element_get_type
gst_element_class_set_static_metadata
gst_element_class_add_static_pad_template
gst_element_register
gst_pad_query_default
gst_pad_set_query_function_full
gst_pad_set_iterate_internal_links_function_full
gst_pad_send_event
gst_pad_event_default
gst_pad_push_event
gst_pad_push
gst_pad_has_current_caps
gst_pad_get_pad_template_caps
gst_pad_set_event_function_full
gst_pad_set_chain_function_full
gst_pad_get_sticky_event
gst_pad_get_element_private
gst_pad_set_element_private
gst_pad_new_from_static_template
gst_pad_get_type
gst_event_parse_caps
gst_structure_get_string
gst_event_parse_stream_start
gst_event_new_stream_start
gst_query_set_caps_result
gst_query_parse_caps
gst_iterator_new_single
gst_buffer_unmap
gst_type_mark_as_plugin_api
gst_plugin_register_static
gst_mini_object_unref
gst_mini_object_make_writable
gst_mini_object_copy
gst_structure_new_empty
gst_structure_new
gst_structure_set_name
gst_structure_take_value
gst_structure_set
gst_structure_get
gst_structure_remove_fields
gst_structure_has_field_typed
gst_buffer_map
gst_buffer_set_size
gst_buffer_get_size
gst_buffer_memcmp
gst_caps_intersect_full
gst_caps_intersect
gst_caps_is_fixed
gst_caps_get_structure
gst_caps_get_size
gst_caps_new_empty_simple
gst_structure_get_uint

gobject-2.0-0

g_value_get_boolean
g_value_set_boolean
g_param_spec_enum
g_param_spec_boolean
g_value_get_enum
g_value_set_enum
g_value_get_object
g_value_dup_boxed
g_value_set_boxed
g_value_get_uint
g_value_set_uint
g_param_spec_boxed
g_param_spec_uint
g_value_set_object
g_object_class_install_property
g_value_take_boxed
g_signal_emit
g_signal_new
g_value_unset
g_value_init
g_type_check_instance_is_a
g_type_class_adjust_private_offset
g_type_register_static_simple
g_type_class_peek_parent
g_type_name
g_enum_get_value_by_nick
g_enum_get_value
g_type_class_unref
g_type_class_ref
g_enum_register_static

glib-2.0-0

g_once_init_enter
g_random_int
g_hash_table_remove_all
g_hash_table_add
g_hash_table_new
g_strdup_printf
g_return_if_fail_warning
g_log
g_direct_equal
g_direct_hash
g_hash_table_unref
g_hash_table_iter_next
g_hash_table_iter_init
g_hash_table_foreach_remove
g_hash_table_lookup
g_hash_table_remove
g_hash_table_insert
g_hash_table_new_full
g_malloc0_n
g_mutex_unlock
g_mutex_lock
g_snprintf
g_array_set_clear_func
g_array_append_vals
g_array_free
g_array_sized_new
g_assertion_message_expr
g_malloc_n
g_free
g_private_set
g_private_get
g_once_init_leave
g_intern_static_string

srtp2-1

srtp_install_event_handler
srtp_init
srtp_unprotect_mki
srtp_create
srtp_add_stream
srtp_remove_stream
srtp_dealloc
srtp_unprotect_rtcp_mki
srtp_set_stream_roc
srtp_get_stream_roc
srtp_protect_mki
srtp_protect_rtcp_mki

vcruntime140

memcpy
__C_specific_handler
__std_type_info_destroy_list
__current_exception
__current_exception_context
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
terminate
_crt_atexit
_crt_at_quick_exit
_cexit

kernel32

GetCurrentProcessId
RtlLookupFunctionEntry
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

Exports

Exports

gst_plugin_srtp_get_desc
gst_plugin_srtp_register

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5f0aedc799d821c226eeebc55aa8c7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gstrtp-1.0-0

gstreamer-1.0-0

gobject-2.0-0

glib-2.0-0

srtp2-1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 144B

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 144B