836546d1606467d84f5759f408359900_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

836546d1606467d84f5759f408359900_NeikiAnalytics
Size

337KB
MD5

836546d1606467d84f5759f408359900
SHA1

46812b2902fd800ace097d98b35c76eb9e683045
SHA256

d1676a43ba24e7ca5dc655dab46d9066c983dfb4c2cc253e6e7764a71707e43f
SHA512

3b6bb0d68e3cf02f82db2c937fffd52b66f44692f0d271fa6806694b0f7ca7e356ef6e44133ca5db2966fa84c3cdb689c2ed65255d3d1dee94cc6e732fbbd8c3
SSDEEP

6144:zgkLWUWG89FU3SR8no+aeEm8UZ/m7/e19gF+cN10ul2iNY+fxWUtEoSbm46nMXzN:TX5CzMS+WZnM3PJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
836546d1606467d84f5759f408359900_NeikiAnalytics

Files

836546d1606467d84f5759f408359900_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

cad7847933a533e7e76b658662ece40a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python312

PyBaseObject_Type
PyByteArray_AsString
PyByteArray_Size
PyByteArray_Type
PyBytes_AsString
PyBytes_AsStringAndSize
PyBytes_Size
PyCFunction_Type
PyCMethod_New
PyCapsule_GetContext
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetPointer
PyCapsule_Type
PyComplex_FromDoubles
PyDict_Copy
PyDict_DelItemString
PyDict_GetItemWithError
PyDict_New
PyDict_Next
PyDict_Size
PyDict_Type
PyErr_Clear
PyErr_Fetch
PyErr_Format
PyErr_NormalizeException
PyErr_Occurred
PyErr_Restore
PyErr_SetString
PyErr_WriteUnraisable
PyEval_AcquireThread
PyEval_SaveThread
PyExc_ImportError
PyExc_IndexError
PyExc_MemoryError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyException_SetCause
PyException_SetContext
PyException_SetTraceback
PyFloat_AsDouble
PyFloat_FromDouble
PyFloat_Type
PyFrame_GetBack
PyFrame_GetCode
PyFrame_GetLineNumber
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyImport_AddModule
PyIndex_Check
PyInstanceMethod_New
PyInstanceMethod_Type
PyInterpreterState_Get
PyInterpreterState_GetDict
PyIter_Next
PyList_Append
PyList_GetItem
PyList_New
PyList_Size
PyLong_AsLong
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_FromUnsignedLongLong
PyMem_Calloc
PyMem_Free
PyModule_AddObject
PyModule_Create2
PyModule_GetName
PyNumber_Check
PyNumber_Float
PyNumber_Long
PyObject_CallFunctionObjArgs
PyObject_CallObject
PyObject_ClearWeakRefs
PyObject_GC_UnTrack
PyObject_GenericGetDict
PyObject_GenericSetDict
PyObject_GetAttrString
PyObject_GetIter
PyObject_HasAttrString
PyObject_IsInstance
PyObject_Repr
PyObject_SetAttrString
PyObject_SetItem
PyObject_Str
PyProperty_Type
PySequence_Check
PySequence_GetItem
PySequence_List
PySequence_Size
PyThreadState_Clear
PyThreadState_DeleteCurrent
PyThreadState_Get
PyThreadState_New
PyThread_tss_create
PyThread_tss_get
PyThread_tss_set
PyTuple_GetItem
PyTuple_New
PyTuple_SetItem
PyTuple_Size
PyType_IsSubtype
PyType_Ready
PyType_Type
PyUnicode_AsEncodedString
PyUnicode_AsUTF8AndSize
PyUnicode_AsUTF8String
PyUnicode_FromString
PyWeakref_NewRef
Py_GetVersion
_PyObject_GetDictPtr
_PyThreadState_UncheckedGet
_PyType_Lookup
_Py_Dealloc
_Py_FalseStruct
_Py_NoneStruct
_Py_NotImplementedStruct
_Py_TrueStruct

msvcp140-e6c11a40bba2eabb6203d6aa0409c90c

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0ios_base@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1ios_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Random_device@std@@YAIXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Xtime_get_ticks

kernel32

AcquireSRWLockExclusive
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
UnhandledExceptionFilter
WakeAllConditionVariable

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__RTDynamicCast
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
_purecall
memchr
memcmp
memcpy
memmove
memset

api-ms-win-crt-math-l1-1-0

_dsign
ceilf
cos
fmod
nearbyint
round
sin
sqrt

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

_strdup
strcmp
strlen
strncmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

PyInit__qudits

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cad7847933a533e7e76b658662ece40a

Headers

DLL Characteristics

File Characteristics

Imports

python312

msvcp140-e6c11a40bba2eabb6203d6aa0409c90c

kernel32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 11KB - Virtual size: 11KB

.00cfg Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 512B - Virtual size: 292B

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 11KB - Virtual size: 11KB

.00cfg
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 512B - Virtual size: 292B