7fc4fee14cb6b205e48f304569c7c4e0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

7fc4fee14cb6b205e48f304569c7c4e0_NeikiAnalytics
Size

1.7MB
MD5

7fc4fee14cb6b205e48f304569c7c4e0
SHA1

e8af4eeffa342f3000f7c62a62fe9f84e7229641
SHA256

fc802d459c580ec6005f666a3e0be339760ec7236e9cebb86b671919a5a135ac
SHA512

b7c4cd9401477ee32fba92c930a6b92d5cb21515cc6a167f4dbedcd62c1a3580ee09163191f4eba54a81f5330a992570e15f8ae1137b9b12c7ae8bd9819ca921
SSDEEP

24576:tV8GGp8b5Z8j+updv5M3iUHvY4e5GX5LJb:tV8jp8b5ajXbREiUPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fc4fee14cb6b205e48f304569c7c4e0_NeikiAnalytics

Files

7fc4fee14cb6b205e48f304569c7c4e0_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

f49dc1a16620a265140c335b5bc802fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\runner\builds\gstreamer\cerbero\cerbero-build\sources\msvc_x86_64\gst-plugins-rs-0.12.5\_builddir\x86_64-pc-windows-msvc\release\deps\gstrstracers.pdb

Imports

gobject-2.0-0

g_type_add_instance_private
g_type_register_static_simple
g_type_class_adjust_private_offset
g_type_from_name
g_type_class_peek_parent
g_param_spec_unref
g_object_get_property
g_param_spec_get_name
g_value_init
g_param_spec_ref_sink
g_object_class_find_property
g_value_unset
g_value_get_uint
g_type_check_value_holds
g_value_get_string
g_type_name
g_object_ref_sink
g_type_is_a
g_value_get_uint64
g_object_unref

glib-2.0-0

g_strndup
g_free
g_quark_to_string
g_mutex_unlock
g_mutex_lock
g_get_tmp_dir
g_quark_from_string

kernel32

IsProcessorFeaturePresent
RtlLookupFunctionEntry
UnhandledExceptionFilter
GetEnvironmentVariableW
ReleaseSRWLockShared
GetCurrentProcessId
RtlVirtualUnwind
ReleaseMutex
LoadLibraryA
WaitForSingleObjectEx
RtlCaptureContext
GetCurrentDirectoryW
FormatMessageW
GetModuleHandleW
GetCurrentProcess
WriteConsoleW
MultiByteToWideChar
SetUnhandledExceptionFilter
WaitForSingleObject
GetConsoleMode
GetStdHandle
GetProcAddress
GetModuleHandleA
SetFileInformationByHandle
CreateFileW
GetLastError
GetFullPathNameW
SetLastError
CloseHandle
HeapReAlloc
GetProcessHeap
HeapAlloc
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
HeapFree
ReleaseSRWLockExclusive
CreateMutexA
AcquireSRWLockShared
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
RtlNtStatusToDosError

advapi32

SystemFunction036

gstreamer-1.0-0

gst_structure_id_get_value
gst_plugin_register_static
gst_tracer_get_type
gst_tracing_register_hook
gst_structure_free
gst_segment_to_running_time
gst_clock_get_time
gst_event_parse_segment
gst_pad_get_sticky_event
gst_element_get_start_time
gst_element_get_base_time
gst_plugin_feature_load
gst_element_factory_get_element_type
_gst_debug_category_new
gst_object_get_parent
gst_element_get_type
gst_is_initialized
gst_tracer_register
gst_structure_from_string
_gst_debug_get_category
gst_debug_log_literal
gst_element_factory_find
gst_pad_get_direction
gst_query_parse_latency
gst_buffer_list_length
gst_buffer_list_get
gst_mini_object_ref
gst_mini_object_unref
gst_object_get_name
gst_element_get_clock

vcruntime140

memmove
__CxxFrameHandler3
memcpy
memset
memcmp
__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

gst_plugin_rstracers_get_desc
gst_plugin_rstracers_register

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f49dc1a16620a265140c335b5bc802fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gobject-2.0-0

glib-2.0-0

kernel32

bcrypt

ntdll

advapi32

gstreamer-1.0-0

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 552KB - Virtual size: 551KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 34KB - Virtual size: 34KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 552KB - Virtual size: 551KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 34KB - Virtual size: 34KB

.reloc
Size: 17KB - Virtual size: 17KB