d4ab106ea674815add9a1fdc6eb53da0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d4ab106ea674815add9a1fdc6eb53da0_NeikiAnalytics
Size

1.1MB
MD5

d4ab106ea674815add9a1fdc6eb53da0
SHA1

29e06e850783b2988b1b3c65a33f5ee32b4134b0
SHA256

9598040b22374a616568960a45835da6dc6e4888ade4a00012b3d4638875f3cc
SHA512

9fdf8c63c005e9584cf5c2a66cb5c6828913d0457eb2f501789ebb3f19c878971b80270eecea3f7d70c1e2e17fb830556ce8a9fb55571fcd366458ffbae74aad
SSDEEP

24576:ikUK/WUKU7KEfF7xn8DuZ8Ua6GSZaDGD3Y:iNKutU7JtWDudtGSZ2k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4ab106ea674815add9a1fdc6eb53da0_NeikiAnalytics

Files

d4ab106ea674815add9a1fdc6eb53da0_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

c7e4340fc721d598b2070b85eb60bfcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Wolcen\Umbra\Code\Tools\Wolcen\CrashReporterPrototype\build\output\x64\Release\WolcenCrashReporter.pdb

Imports

kernel32

LocalFree
WaitForSingleObject
CloseHandle
GetTickCount
GetExitCodeProcess
FormatMessageA
GetFileAttributesA
GetLastError
FindFirstFileA
FindNextFileA
FindClose
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA

user32

EndPaint
FillRect
GetSysColor
BeginPaint
DefWindowProcA
EnableWindow
SetTimer
DestroyWindow
SetWindowTextA
SendMessageA
GetClientRect
UpdateWindow
ShowWindow
GetWindowRect
GetDesktopWindow
LoadImageA
RegisterClassExA
CreateWindowExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
MessageBoxA
PostQuitMessage
LoadStringA
LoadAcceleratorsA

gdi32

CreateSolidBrush
DeleteObject
GetObjectA

shell32

SHFileOperationA
CommandLineToArgvW

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

vcruntime140

__CxxFrameHandler3
memcmp
memset
_CxxThrowException
__std_exception_copy
__C_specific_handler
memmove
__std_terminate
__std_exception_destroy
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s
_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
exit
_exit
_invalid_parameter_noinfo_noreturn
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
terminate
_wassert
_cexit
_initterm_e
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strcat_s
_stricmp
strcpy_s

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7e4340fc721d598b2070b85eb60bfcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 56B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 512B - Virtual size: 92B

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 56B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 512B - Virtual size: 92B