d7c95464d85e1cd230fbc31018223cd0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d7c95464d85e1cd230fbc31018223cd0_NeikiAnalytics
Size

171KB
MD5

d7c95464d85e1cd230fbc31018223cd0
SHA1

925b87406bb61f68ed7faaac3e14d8e48fcca30b
SHA256

0ec8f485b5b4ba218e4d1dd40d2978b21bfc05305bb1b39cd1c3d144ca5d0013
SHA512

b6f464cd7dfbde5fcbee1b7b02aeafb0d9568de4e351da5441b8065a211897540c94c6ebc013baa4f78873c675308856c0a1548922bfb860cbf43ebb70b1bf91
SSDEEP

3072:uz86uO4jvtT+THitVV+fpHJbu92lQBV+UdE+rECWp7hKfQ+:uz86u9jxqESHJqBV+UdvrEFp7hKF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7c95464d85e1cd230fbc31018223cd0_NeikiAnalytics

Files

d7c95464d85e1cd230fbc31018223cd0_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

2b425e09a34f8c9263851a2bba554709

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\AgileTrans\Src\SymbolTable\Release\COMSupport.pdb

Imports

ws_log

??1XMLParse@@UAE@XZ
?GetAttributeValue@XMLParse@@QBEHPAPAXPBG1@Z
?GetNamedNodeCount@XMLParse@@QBEHPAPAXPBG@Z
ord9
??0XMLParse@@QAE@XZ
ord2
?Load@XMLParse@@QAEHPBG@Z
?GetNode@XMLParse@@QBEPAPAXPAPAXPBGH@Z

kernel32

GetEnvironmentStringsW
CloseHandle
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetStringTypeW
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
LoadLibraryW
GetProcAddress
GetConsoleCP
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
HeapAlloc
SetLastError
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
LCMapStringW

ole32

CoTaskMemFree
StringFromCLSID

Exports

Exports

SetCOMProfile
WSCreateInstance

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b425e09a34f8c9263851a2bba554709

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws_log

kernel32

ole32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB