c3fe827976efcdd4f578fd0890214f60_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

c3fe827976efcdd4f578fd0890214f60_NeikiAnalytics
Size

161KB
MD5

c3fe827976efcdd4f578fd0890214f60
SHA1

12d0a7d17301c9793deeeea3dd106fa613e5c4b1
SHA256

2db894251b28d4c204994d5f7c890ff9e415e617e16a0087e778f53d1cede44b
SHA512

4cab55d43346548343314670140976ffcd4a7889c8c1b6401d126c275caccb36547abafd8e7cbca781eaf58226324a5a053ba7c8e7d1aea5b7488b677459caf4
SSDEEP

3072:jdLZy5vdFVZj0e+WbRG6CqK2kT/YobOr9/NpNcO9caMFHt1BWg9RkkBz:j9IvdFHt+WiZmLGRZUmR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3fe827976efcdd4f578fd0890214f60_NeikiAnalytics

Files

c3fe827976efcdd4f578fd0890214f60_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

03999effbd10fe7ae195a1f4ce7bb5b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryServer-Settings.pdb

Imports

factoryserver-coreuobject

?GetConfigName@UClass@@QEBA?BVFString@@XZ
?IsValid@FWeakObjectPtr@@QEBA_NXZ
?Get@FWeakObjectPtr@@QEBAPEAVUObject@@XZ
?Get@FWeakObjectPtr@@QEBAPEAVUObject@@_N@Z
??4FWeakObjectPtr@@QEAAXPEBVUObject@@@Z
?ReloadReinstancingCompleteDelegate@FCoreUObjectDelegates@@2V?$TMulticastDelegate@$$A6AXXZUFDefaultDelegateUserPolicy@@@@A
?LoadConfig@UObject@@QEAAXPEAVUClass@@PEB_WIPEAVFProperty@@@Z
?UpdateProjectUserConfigFile@UObject@@QEAAXXZ
?UpdateGlobalUserConfigFile@UObject@@QEAAXXZ
?TryUpdateDefaultConfigFile@UObject@@QEAA_NAEBVFString@@_N@Z
?GetPathName@UObjectBaseUtility@@QEBA?AVFString@@PEBVUObject@@@Z
?SaveConfig@UObject@@QEAAX_KPEB_WPEAVFConfigCacheIni@@_N@Z
?ReloadConfig@UObject@@QEAAXPEAVUClass@@PEB_WIPEAVFProperty@@@Z

factoryserver-core

??0FConfigContext@@IEAA@PEAVFConfigCacheIni@@_NAEBVFString@@PEAVFConfigFile@@@Z
?GConfig@@3PEAVFConfigCacheIni@@EA
?Load@FConfigContext@@QEAA_NPEB_W@Z
?PassesFilter@FNamePermissionList@@QEBA_NVFName@@@Z
?GetActiveReloadInterface@@YAPEAVIReload@@XZ
?EmptySection@FConfigCacheIni@@QEAA_NPEB_WAEBVFString@@@Z
?Flush@FConfigCacheIni@@QEAAX_NAEBVFString@@@Z
?GetBaseFilename@FPaths@@SA?AVFString@@AEBV2@_N@Z
?ForUseOnlyByLocMacroAndGraphNodeTextLiterals_CreateText@FInternationalization@@SA?AVFText@@PEB_W00@Z
?FromString@FText@@SA?AV1@$$QEAVFString@@@Z
??0FText@@QEAA@XZ
?GetEmpty@FText@@SAAEBV1@XZ
?GetReadersTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@UFReaderNum@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
?GetDestructionSentinelStackTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@PEAUFDestructionSentinel@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
??0FString@@QEAA@PEBD@Z
??0FString@@QEAA@PEB_W@Z
?FromValidEName@FNameEntryId@@CA?AU1@W4EName@@@Z
?GetTypeHash@@YAIUFNameEntryId@@@Z
?ToString@FName@@QEBA?AVFString@@XZ
??0FName@@QEAA@PEBDW4EFindName@@@Z
?NameToDisplayString@FName@@SA?AVFString@@AEBV2@_N@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?GenerateNewID@FDelegateHandle@@CA_KXZ
?StackWalkAndDump@FWindowsPlatformStackWalk@@SAXPEAD_KHPEAX@Z
?ThreadStackWalkAndDump@FWindowsPlatformStackWalk@@SAXPEAD_KHI@Z
?GInternalProjectName@@3PA_WA

kernel32

EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSListHead

vcruntime140

memmove
memset
memcpy
_purecall
__C_specific_handler
__std_type_info_destroy_list
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
terminate
_initterm_e
_initterm
_seh_filter_dll
_cexit

Exports

Exports

InitializeModule

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03999effbd10fe7ae195a1f4ce7bb5b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factoryserver-coreuobject

factoryserver-core

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.uedbg Size: 3KB - Virtual size: 3KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 512B - Virtual size: 504B

.text
Size: 67KB - Virtual size: 66KB

.uedbg
Size: 3KB - Virtual size: 3KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 504B