cc03fcae36f9f8d6cd14e5ceb5254150_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

cc03fcae36f9f8d6cd14e5ceb5254150_NeikiAnalytics
Size

1.9MB
MD5

cc03fcae36f9f8d6cd14e5ceb5254150
SHA1

39050adec28832605c750398d9bf03547c9f53b0
SHA256

7909e9683d5fa61ca5916781b2d2dac843b82a814b2ff34fd49376697c59f732
SHA512

9ac2e44fea47507d8e5529ac98d91dccc9b6b0506d2f4a51a927b2a76dc949cb73c7bee2665bdb45ce4ae7980f50a4ec476c65fd610a67deec1a1cd62b41c200
SSDEEP

49152:4ZtmV8q0xKXEmfc38fYNQUMNp0lSSMgNZEU5eKvsfGw2w:MmkxKXj5BpjJ6Y9Ff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc03fcae36f9f8d6cd14e5ceb5254150_NeikiAnalytics

Files

cc03fcae36f9f8d6cd14e5ceb5254150_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

4f4c3a2ea52edf298c1e5d0a7ed5757e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\danish\Documents\Git\Github\maplebot\Bin\client_manager.pdb

Imports

sdl2

SDL_SetClipboardText
SDL_GetClipboardText
SDL_GetCurrentVideoDriver
SDL_GetWindowFlags
SDL_GetWindowPosition
SDL_GetWindowSize
SDL_GL_GetDrawableSize
SDL_GetKeyboardFocus
SDL_GetGlobalMouseState
SDL_WarpMouseInWindow
SDL_CaptureMouse
SDL_CreateSystemCursor
SDL_SetCursor
SDL_FreeCursor
SDL_ShowCursor
SDL_GameControllerOpen
SDL_GameControllerGetAxis
SDL_GameControllerGetButton
SDL_SetHint
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetWindowWMInfo
SDL_GetError
SDL_free
SDL_CreateWindow
SDL_GetWindowID
SDL_DestroyWindow
SDL_PollEvent
SDL_Init
SDL_Quit

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
WaitForSingleObjectEx
QueryPerformanceCounter
GetLocaleInfoEx
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ResetEvent
GetCurrentProcess
IsProcessorFeaturePresent
VerifyVersionInfoW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
ReadFile
WriteFile
CloseHandle
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
CreateThread
PostQueuedCompletionStatus
DeleteCriticalSection
TlsAlloc
TlsFree
GetLocalTime
GetTickCount64
GetModuleFileNameW
LocalFree
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
DeviceIoControl
GetSystemInfo
LocalAlloc
WaitForSingleObject
CreateRemoteThread
GetCurrentThread
CreateProcessW
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
GetModuleHandleW
GetProcAddress
LoadLibraryW
K32EnumProcessModulesEx
K32GetModuleBaseNameA
K32GetModuleInformation
InitializeCriticalSection
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SetEvent
SleepEx
CreateEventW
SetWaitableTimer
Sleep
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserAPC
TerminateThread
TlsGetValue
GetModuleHandleA
TlsSetValue

user32

EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
MessageBoxW
wsprintfW

advapi32

LookupPrivilegeValueW
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantClear

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
?toupper@?$ctype@D@std@@QBEDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?classic@locale@std@@SAABV12@XZ
??Bid@locale@std@@QAEIXZ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Query_perf_counter
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ

ws2_32

ntohs
getsockopt
select
setsockopt
shutdown
ntohl
WSASocketW
WSAAddressToStringW
getaddrinfo
freeaddrinfo
htons
htonl
WSASend
getsockname
WSAIoctl
WSAGetLastError
WSASetLastError
gethostname
getpeername
WSARecv
inet_ntoa
listen
gethostbyname
WSAStartup
WSACleanup
__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

d3dcompiler_47

D3DCompile

shlwapi

PathRemoveFileSpecW

imm32

ImmReleaseContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

vcruntime140

_except_handler4_common
__current_exception_context
__current_exception
_except_handler3
__std_type_info_compare
_purecall
strstr
memchr
__std_terminate
memmove
memcpy
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset

api-ms-win-crt-runtime-l1-1-0

system
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_controlfp_s
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_exit
_errno
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
_set_fmode
__stdio_common_vfprintf
fflush
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vfwprintf
_wfopen
fclose
fopen
fread
fseek
ftell
fwrite

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-string-l1-1-0

strncmp
tolower
strncpy
toupper

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
asctime
_localtime64_s
strftime

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul
strtod

api-ms-win-crt-math-l1-1-0

_CIfmod
_libm_sse2_sqrt_precise
__setusermatherr
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_acos_precise
ceil
_dclass

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

_cJSON_AddArrayToObject@8
_cJSON_AddBoolToObject@12
_cJSON_AddFalseToObject@8
_cJSON_AddItemReferenceToArray@8
_cJSON_AddItemReferenceToObject@12
_cJSON_AddItemToArray@8
_cJSON_AddItemToObject@12
_cJSON_AddItemToObjectCS@12
_cJSON_AddNullToObject@8
_cJSON_AddNumberToObject@16
_cJSON_AddObjectToObject@8
_cJSON_AddRawToObject@12
_cJSON_AddStringToObject@12
_cJSON_AddTrueToObject@8
_cJSON_Compare@12
_cJSON_CreateArray@0
_cJSON_CreateArrayReference@4
_cJSON_CreateBool@4
_cJSON_CreateDoubleArray@8
_cJSON_CreateFalse@0
_cJSON_CreateFloatArray@8
_cJSON_CreateIntArray@8
_cJSON_CreateNull@0
_cJSON_CreateNumber@8
_cJSON_CreateObject@0
_cJSON_CreateObjectReference@4
_cJSON_CreateRaw@4
_cJSON_CreateString@4
_cJSON_CreateStringArray@8
_cJSON_CreateStringReference@4
_cJSON_CreateTrue@0
_cJSON_Delete@4
_cJSON_DeleteItemFromArray@8
_cJSON_DeleteItemFromObject@8
_cJSON_DeleteItemFromObjectCaseSensitive@8
_cJSON_DetachItemFromArray@8
_cJSON_DetachItemFromObject@8
_cJSON_DetachItemFromObjectCaseSensitive@8
_cJSON_DetachItemViaPointer@8
_cJSON_Duplicate@8
_cJSON_GetArrayItem@8
_cJSON_GetArraySize@4
_cJSON_GetErrorPtr@0
_cJSON_GetNumberValue@4
_cJSON_GetObjectItem@8
_cJSON_GetObjectItemCaseSensitive@8
_cJSON_GetStringValue@4
_cJSON_HasObjectItem@8
_cJSON_InitHooks@4
_cJSON_InsertItemInArray@12
_cJSON_IsArray@4
_cJSON_IsBool@4
_cJSON_IsFalse@4
_cJSON_IsInvalid@4
_cJSON_IsNull@4
_cJSON_IsNumber@4
_cJSON_IsObject@4
_cJSON_IsRaw@4
_cJSON_IsString@4
_cJSON_IsTrue@4
_cJSON_Minify@4
_cJSON_Parse@4
_cJSON_ParseWithLength@8
_cJSON_ParseWithLengthOpts@16
_cJSON_ParseWithOpts@12
_cJSON_Print@4
_cJSON_PrintBuffered@12
_cJSON_PrintPreallocated@16
_cJSON_PrintUnformatted@4
_cJSON_ReplaceItemInArray@12
_cJSON_ReplaceItemInObject@12
_cJSON_ReplaceItemInObjectCaseSensitive@12
_cJSON_ReplaceItemViaPointer@12
_cJSON_SetNumberHelper@12
_cJSON_SetValuestring@8
_cJSON_Version@0
_cJSON_free@4
_cJSON_malloc@4

Sections

.text
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f4c3a2ea52edf298c1e5d0a7ed5757e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sdl2

d3d11

kernel32

user32

advapi32

ole32

oleaut32

msvcp140

ws2_32

api-ms-win-core-path-l1-1-0

setupapi

d3dcompiler_47

shlwapi

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 585KB - Virtual size: 584KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 8KB

0 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 22KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: 585KB - Virtual size: 584KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 8KB

0
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 469B