dfe7f0a025345d22aac80e27220fac30_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dfe7f0a025345d22aac80e27220fac30_NeikiAnalytics
Size

623KB
MD5

dfe7f0a025345d22aac80e27220fac30
SHA1

a42f858d5b55e8d2a29f602e9fece04938a6518e
SHA256

172b3c5bdb817e140e0068281715b0cfcb910549353dc9cb05e696bb97e87d15
SHA512

a7a7f19c9b14a978b80750b772573a5bad95fc3bb071e2a6102ab645fa6a5f1dbe3fcdaee417daef6247dc8ecbb9ba7dd428f45cb1fec5ef67eebdd7036fcf0a
SSDEEP

12288:MuBqhdC0LmS1qFX9ESl19Zp3/hSvlqIvnhyq7xt/880LP:Mup0qFtE49ZNIJyUxF8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfe7f0a025345d22aac80e27220fac30_NeikiAnalytics

Files

dfe7f0a025345d22aac80e27220fac30_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

8c7549fc1fc8b540cf8c93aaac8fb456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqlite.pdb

Imports

kernel32

WriteFile
WideCharToMultiByte
UnmapViewOfFile
UnlockFileEx
UnlockFile
SystemTimeToFileTime
Sleep
SetFilePointer
SetEndOfFile
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
MapViewOfFile
LockFileEx
LockFile
LocalFree
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetProcAddress
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
CloseHandle
AreFileApisANSI
GetModuleHandleA
GetModuleHandleW
GetVersion
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentThreadId

msvcr100

_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
realloc
malloc
strftime
memcmp
strcmp
memcpy
memset
_msize
free
_gmtime64
_except_handler4_common

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_text
sqlite3_column_type
sqlite3_commit_hook
sqlite3_complete
sqlite3_create_collation
sqlite3_create_function
sqlite3_data_count
sqlite3_db_handle
sqlite3_enable_load_extension
sqlite3_errcode
sqlite3_errmsg
sqlite3_exec
sqlite3_expired
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_mprintf
sqlite3_open
sqlite3_open_v2
sqlite3_prepare
sqlite3_prepare_v2
sqlite3_reset
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_value
sqlite3_set_auxdata
sqlite3_snprintf
sqlite3_step
sqlite3_total_changes
sqlite3_transfer_bindings
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_type
sqlite3_vmprintf

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 330KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c7549fc1fc8b540cf8c93aaac8fb456

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr100

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 252KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 330KB - Virtual size: 332KB

.text
Size: 252KB - Virtual size: 252KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 330KB - Virtual size: 332KB