9ee8aa1a2351a3115abb08f96be03150_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

9ee8aa1a2351a3115abb08f96be03150_NeikiAnalytics
Size

109KB
MD5

9ee8aa1a2351a3115abb08f96be03150
SHA1

f3ff3e3bcf24e0e29aacf760decd1c4382a79c35
SHA256

8d67ede266d72c9656d6351cda2415144f9c73af8353a75fa0930b33eec3e601
SHA512

ab8ef8cd36d88a7fae3ce4c6b3716d0ae8b70e87fa55acd9266dff8a9847a6678f709fb6086d130293b4f3291458c68ea913f6ccdc053c4a5854bac533660ae6
SSDEEP

1536:4o6HvLbNS0iOJIyUlNKb0lSxOpcgEqrohUFh96iVs1oo43yLuFzKBDjh:/KbY0iO2yUlO0lSxvaFeL4FzKB/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ee8aa1a2351a3115abb08f96be03150_NeikiAnalytics

Files

9ee8aa1a2351a3115abb08f96be03150_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

da10d53d016e25730da77c40649cacf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\paddockd\source\squeezelite\Release\squeezelite-win.pdb

Imports

ws2_32

WSAEventSelect
send
htonl
closesocket
inet_ntoa
ntohs
recvfrom
sendto
htons
setsockopt
socket
getsockname
recv
ioctlsocket
getsockopt
WSACleanup
WSAStartup
WSAWaitForMultipleEvents
WSAResetEvent
WSACreateEvent
WSAGetLastError
getaddrinfo
freeaddrinfo
connect
select
__WSAFDIsSet

portaudio

ord5
ord8
ord15
ord12
ord3
ord4
ord19
ord17
ord14
ord21
ord20
ord26
ord27
ord23

kernel32

GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetLastError
GetProcAddress
SetLastError
LoadLibraryA
GetTickCount
GetLocalTime
CreateEventA
SetEvent
Sleep
CreateThread
CloseHandle
CreateMutexA
WaitForSingleObject
ReleaseMutex

msvcr90

__p__commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
vfprintf
fflush
_open
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_adjust_fdiv
malloc
free
strstr
strcmp
memcpy
memcmp
memset
sscanf
memmove
strerror
_errno
freopen
signal
strtoul
strncmp
strtok
atoi
exit
fprintf
__iob_func
strcat
strlen
printf
sprintf
_snprintf
fwrite
atof
strchr
pow
fclose
fputs
fopen
strncpy
strncat
fgets
_read

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da10d53d016e25730da77c40649cacf4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

portaudio

kernel32

msvcr90

iphlpapi

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 21KB - Virtual size: 38KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 21KB - Virtual size: 38KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 8KB - Virtual size: 8KB