d6214424f93bbf7bcf6ee6582d8087b0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d6214424f93bbf7bcf6ee6582d8087b0_NeikiAnalytics
Size

15KB
MD5

d6214424f93bbf7bcf6ee6582d8087b0
SHA1

adb8046e8a1d156e0c563a0f6f38eb537b3939d5
SHA256

b9d379a9c03b2a78504873544cba6914d56fbf1b9638c0b40074b85b48a9d26b
SHA512

ef1390ec1b112045fc35ff3a0ff24dda6fa88f6016c25977ab02580945e3a094056e1f63c0fbbc443b637d3c9c568818f01a1052b62671b41346e3c173b4f0a9
SSDEEP

192:UAsRf0jDc08CmCFL4iwZWiS5+kIc0Q81mI2DKM5U/ZW3Oqy:of0Hv6iAWpcBQ9I2P5cW+qy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6214424f93bbf7bcf6ee6582d8087b0_NeikiAnalytics

Files

d6214424f93bbf7bcf6ee6582d8087b0_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

3a34c0e85ae264927da7accbd578731d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\VC16\Win64\httpd-2.4\x64\Release\mod_cern_meta.pdb

Imports

libhttpd

ap_set_content_type
ap_hook_fixups
ap_destroy_sub_req
ap_sub_req_lookup_file
ap_log_rerror_
ap_content_type_tolower

libapr-1

apr_palloc
apr_file_gets
apr_file_close
apr_file_open
apr_table_overlap
apr_table_set
apr_table_make
apr_pstrcat
apr_pstrdup

vcruntime140

strrchr
__C_specific_handler
__std_type_info_destroy_list
memset
strchr

api-ms-win-crt-string-l1-1-0

isspace
_stricmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RtlCaptureContext
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

cern_meta_module

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a34c0e85ae264927da7accbd578731d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libhttpd

libapr-1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 552B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 76B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 552B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 76B