626fd08fc7bafe2f67492a564c78f550_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

626fd08fc7bafe2f67492a564c78f550_NeikiAnalytics
Size

94KB
MD5

626fd08fc7bafe2f67492a564c78f550
SHA1

ac2f4216f37a35fab5c0eb9b9db2f3f5ea8d3644
SHA256

02d0f8ab627fcf928abd87e1e2a0acc68d20b69426564fcadaf4d9ed9dff324b
SHA512

97365da9a2339243ba97d5b24f9285a42ff57958b341cf87b26633dac6dd0af556adae7726a93c23c21523a00d4f4f426a651a8948c5aac1ae481150c8fb404e
SSDEEP

1536:3K40r5TTjEdDumj2LhIdb/DLIh2Gu2JB/xftVeYzGWst0I2IgQPGM:R0rBTjW2uDLIxn/JtVeYJsiTIgQPG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
626fd08fc7bafe2f67492a564c78f550_NeikiAnalytics

Files

626fd08fc7bafe2f67492a564c78f550_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

3d3ad634bce631f7a670170c68594b31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\adang\Desktop\MiscProgramming\PythonWin7\Python-3.11.1\PCbuild\win32\_ctypes.pdb

Imports

libffi-8

ffi_type_sint8
ffi_type_uint8
ffi_type_float
ffi_type_uint64
ffi_type_uint32
ffi_type_double
ffi_type_uint16
ffi_type_sint32
ffi_call
ffi_type_sint64
ffi_type_void
ffi_prep_cif
ffi_prep_closure
ffi_type_sint16
ffi_type_pointer

ole32

ProgIDFromCLSID

oleaut32

SysFreeString
GetErrorInfo
SysAllocStringLen
SysStringLen

kernel32

GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
LoadLibraryExW
FreeLibrary
LocalFree
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
DisableThreadLibraryCalls
GetLastError
SetLastError
GetProcAddress
InitializeSListHead

python311

PyUnicode_New
PyUnicode_FromWideChar
_Py_CheckFunctionResult
PyErr_SetString
_PyObject_LookupAttrId
PyExc_ValueError
_Py_CheckRecursiveCall
PyDict_Next
PyErr_Format
PyDict_Type
PyModule_AddType
PyType_IsSubtype
PyExc_OverflowError
_Py_Dealloc
PyLong_AsUnsignedLongMask
PyTuple_GetItem
PySequence_GetSlice
PyDescr_NewGetSet
PyErr_ExceptionMatches
_PyUnicode_FromId
PyModule_AddObjectRef
PySequence_SetItem
_PyArg_ParseTuple_SizeT
PyObject_CallFunctionObjArgs
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyObject_GetBuffer
PySys_Audit
PyList_New
PyModule_Create2
PyType_Ready
PyObject_GetAttrString
PyErr_NewException
PyErr_Clear
_PyDict_GetItemIdWithError
PyObject_GenericSetAttr
PyDict_SetItem
PyDict_New
_PyLong_Sign
PyObject_VectorcallMethod
PyObject_IsInstance
PyMem_Free
PyLong_FromVoidPtr
PyUnicode_AsWideChar
PyErr_NoMemory
_PyRuntime
PyLong_AsVoidPtr
PyObject_CallObject
PyIndex_Check
PyBytes_FromStringAndSize
PyDict_DelItem
PyDict_SetItemString
_PyObject_MakeTpCall
PyObject_IsSubclass
_PyWeakref_ProxyType
PyExc_TypeError
PyTuple_Pack
PyCallable_Check
PyMem_Malloc
PyExc_IndexError
PyArg_UnpackTuple
PyUnicode_FromString
PyBuffer_Release
PyType_Type
PySequence_Tuple
PyEval_RestoreThread
PyUnicode_FromStringAndSize
PyErr_WarnEx
PyExc_RuntimeWarning
PyOS_vsnprintf
PyImport_ImportModule
PyObject_GC_UnTrack
PySys_GetObject
PyGILState_Release
PyErr_WriteUnraisable
Py_Initialize
PyObject_GC_Del
PyLong_AsLong
PyObject_Vectorcall
Py_IsInitialized
PyFile_WriteString
PyObject_GC_Track
PyGILState_Ensure
_PyObject_GC_NewVar
PyErr_Print
PyTuple_GetSlice
PyErr_SetObject
PyObject_CallOneArg
PyLong_AsUnsignedLong
PyType_GetName
PyCapsule_IsValid
PyBytes_AsString
PyErr_NormalizeException
PyUnicode_AppendAndDel
Py_BuildValue
PyErr_SetFromWindowsErr
PyUnicode_FromFormatV
PyFloat_FromDouble
PyObject_CallFunction
PyTuple_Type
PyObject_Free
PyCapsule_GetPointer
PyErr_Fetch
PyUnicode_AsWideCharString
_PyObject_GetAttrId
PyThreadState_GetDict
PyCapsule_New
PyUnicode_Type
_PyTraceback_Add
_PyUnicode_IsPrintable
PyExc_OSError
_PyObject_New
PyMem_Realloc
PyObject_Str
PyExc_FileNotFoundError
PyObject_Call
PyArg_ParseTuple
PyBool_FromLong
PyLong_FromUnsignedLongLong
PyFloat_AsDouble
PyLong_FromLongLong
PyLong_FromUnsignedLong
PyLong_AsUnsignedLongLongMask
PyFloat_Unpack4
PyFloat_Pack4
PyObject_IsTrue
PyFloat_Pack8
PyByteArray_Type
PyFloat_Unpack8
PyObject_GetAttr
PySequence_Fast
PyTuple_Size
_PyDict_SizeOf
_PyLong_AsInt
PyExc_AttributeError
PyTuple_New
_PyDict_ContainsId
_Py_NoneStruct
PyDict_Contains
PyDict_GetItemWithError
_PyDict_SetItemId
_PyErr_WriteUnraisableMsg
PyBuffer_IsContiguous
PyUnicode_Concat
PySlice_Unpack
PyLong_FromLong
PyObject_SetAttrString
PyExc_RuntimeError
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
_PyWeakref_CallableProxyType
_PyUnicode_EqualToASCIIString
PyLong_FromSsize_t
PyWeakref_NewProxy
PyErr_Occurred
PyDict_Update
PySequence_GetItem
PySlice_Type
PyLong_AsSsize_t
_PyArg_NoKeywords
PyType_GenericNew
_PyObject_SetAttrId
_PyObject_CallFunction_SizeT
_Py_BuildValue_SizeT
PyExc_Exception
PySlice_AdjustIndices
PyDescr_NewClassMethod
PyUnicode_InternFromString
PyObject_SetAttr
PySequence_Size
Py_GenericAlias
PyMem_Calloc
PyMemoryView_FromObject
PyNumber_AsSsize_t

vcruntime140

_except_handler4_common
strchr
memset
__std_type_info_destroy_list
memcpy
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_errno
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

api-ms-win-crt-string-l1-1-0

iswctype

Exports

Exports

DllCanUnloadNow
DllGetClassObject
PyInit__ctypes

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d3ad634bce631f7a670170c68594b31

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libffi-8

ole32

oleaut32

kernel32

python311

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB