e281aa4e4ff97637a54fd73b74e6e600_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

e281aa4e4ff97637a54fd73b74e6e600_NeikiAnalytics
Size

443KB
MD5

e281aa4e4ff97637a54fd73b74e6e600
SHA1

67fd6bf48be553bedf85915eba17583052664409
SHA256

2aa508b175163f1d43ee761896150aba96e49716f86b8829ec0ab605f64a9d09
SHA512

67ac93b1ca9003ce62626c1aa06f513a44d499eab097049bac3dfca2bba8c2d760e8689678a3bbbe30b3cff28c0f6cd2bf8249d524539e734acacc90f6c6e8ec
SSDEEP

12288:F5XwIjvPgzGgQChM5u/7Y6eaYArytfqYsgzel57CPZUeVBjvrEH7O:Cj/eTArytfqYsgal5WPRbrEH7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e281aa4e4ff97637a54fd73b74e6e600_NeikiAnalytics

Files

e281aa4e4ff97637a54fd73b74e6e600_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

8e0a1f2284a5f7dab96c697a66241e4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Andrew\Desktop\lcms\lcms2-2.9\bin\lcms2.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
WaitForSingleObject
InterlockedCompareExchange
ReleaseMutex
CloseHandle
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RtlUnwind
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
Sleep
ExitProcess
GetModuleFileNameA
SetFilePointer
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LoadLibraryA
GetModuleHandleA
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

__cmsComputeInterpParams@24
__cmsFloat2Half@4
__cmsFreeInterpParams@4
__cmsGetFormatter@16
__cmsHalf2Float@4
__cmsQuantizeVal@12
__cmsReadDevicelinkLUT@8
__cmsReadInputLUT@8
__cmsReadOutputLUT@8
__cmsStageAllocIdentityCLut@8
__cmsStageAllocIdentityCurves@8
__cmsStageAllocLab2XYZ@4
__cmsStageAllocLabV2ToV4@4
__cmsStageAllocLabV4ToV2@4
__cmsStageAllocNamedColor@8
__cmsStageAllocXYZ2Lab@4
_cms15Fixed16toDouble
_cms8Fixed8toDouble
_cmsAdjustEndianess16
_cmsAdjustEndianess32
_cmsAdjustEndianess64
_cmsCalloc
_cmsCreateMutex
_cmsDecodeDateTimeNumber
_cmsDefaultICCintents
_cmsDestroyMutex
_cmsDoTransformLineStride@36
_cmsDoubleTo15Fixed16
_cmsDoubleTo8Fixed8
_cmsDupMem
_cmsEncodeDateTimeNumber
_cmsFree
_cmsGetTransformFormatters16
_cmsGetTransformFormattersFloat
_cmsGetTransformUserData
_cmsICCcolorSpace
_cmsIOPrintf
_cmsLCMScolorSpace
_cmsLockMutex
_cmsMAT3eval
_cmsMAT3identity
_cmsMAT3inverse
_cmsMAT3isIdentity
_cmsMAT3per
_cmsMAT3solve
_cmsMalloc
_cmsMallocZero
_cmsOpenProfileFromIOhandler2THR@12
_cmsPipelineSetOptimizationParameters
_cmsRead15Fixed16Number
_cmsReadAlignment
_cmsReadFloat32Number
_cmsReadTypeBase
_cmsReadUInt16Array
_cmsReadUInt16Number
_cmsReadUInt32Number
_cmsReadUInt64Number
_cmsReadUInt8Number
_cmsReadXYZNumber
_cmsRealloc
_cmsSetTransformUserData
_cmsStageAllocPlaceholder
_cmsUnlockMutex
_cmsVEC3cross
_cmsVEC3distance
_cmsVEC3dot
_cmsVEC3init
_cmsVEC3length
_cmsVEC3minus
_cmsWrite15Fixed16Number
_cmsWriteAlignment
_cmsWriteFloat32Number
_cmsWriteTypeBase
_cmsWriteUInt16Array
_cmsWriteUInt16Number
_cmsWriteUInt32Number
_cmsWriteUInt64Number
_cmsWriteUInt8Number
_cmsWriteXYZNumber
cmsAdaptToIlluminant
cmsAllocNamedColorList
cmsAllocProfileSequenceDescription
cmsAppendNamedColor
cmsBFDdeltaE
cmsBuildGamma
cmsBuildParametricToneCurve
cmsBuildSegmentedToneCurve
cmsBuildTabulatedToneCurve16
cmsBuildTabulatedToneCurveFloat
cmsCIE2000DeltaE
cmsCIE94DeltaE
cmsCIECAM02Done
cmsCIECAM02Forward
cmsCIECAM02Init
cmsCIECAM02Reverse
cmsCMCdeltaE
cmsChangeBuffersFormat
cmsChannelsOf
cmsCloseIOhandler
cmsCloseProfile
cmsCreateBCHSWabstractProfile
cmsCreateBCHSWabstractProfileTHR
cmsCreateContext
cmsCreateExtendedTransform
cmsCreateGrayProfile
cmsCreateGrayProfileTHR
cmsCreateInkLimitingDeviceLink
cmsCreateInkLimitingDeviceLinkTHR
cmsCreateLab2Profile
cmsCreateLab2ProfileTHR
cmsCreateLab4Profile
cmsCreateLab4ProfileTHR
cmsCreateLinearizationDeviceLink
cmsCreateLinearizationDeviceLinkTHR
cmsCreateMultiprofileTransform
cmsCreateMultiprofileTransformTHR
cmsCreateNULLProfile
cmsCreateNULLProfileTHR
cmsCreateProfilePlaceholder
cmsCreateProofingTransform
cmsCreateProofingTransformTHR
cmsCreateRGBProfile
cmsCreateRGBProfileTHR
cmsCreateTransform
cmsCreateTransformTHR
cmsCreateXYZProfile
cmsCreateXYZProfileTHR
cmsCreate_sRGBProfile
cmsCreate_sRGBProfileTHR
cmsD50_XYZ
cmsD50_xyY
cmsDeleteContext
cmsDeleteTransform
cmsDeltaE
cmsDesaturateLab
cmsDetectBlackPoint
cmsDetectDestinationBlackPoint
cmsDetectTAC
cmsDictAddEntry
cmsDictAlloc
cmsDictDup
cmsDictFree
cmsDictGetEntryList
cmsDictNextEntry
cmsDoTransform
cmsDoTransformStride
cmsDupContext
cmsDupNamedColorList
cmsDupProfileSequenceDescription
cmsDupToneCurve
cmsEstimateGamma
cmsEvalToneCurve16
cmsEvalToneCurveFloat
cmsFloat2LabEncoded
cmsFloat2LabEncodedV2
cmsFloat2XYZEncoded
cmsFormatterForColorspaceOfProfile
cmsFormatterForPCSOfProfile
cmsFreeNamedColorList
cmsFreeProfileSequenceDescription
cmsFreeToneCurve
cmsFreeToneCurveTriple
cmsGBDAlloc
cmsGBDFree
cmsGDBAddPoint
cmsGDBCheckPoint
cmsGDBCompute
cmsGetAlarmCodes
cmsGetAlarmCodesTHR
cmsGetColorSpace
cmsGetContextUserData
cmsGetDeviceClass
cmsGetEncodedCMMversion
cmsGetEncodedICCversion
cmsGetHeaderAttributes
cmsGetHeaderCreationDateTime
cmsGetHeaderCreator
cmsGetHeaderFlags
cmsGetHeaderManufacturer
cmsGetHeaderModel
cmsGetHeaderProfileID
cmsGetHeaderRenderingIntent
cmsGetNamedColorList
cmsGetPCS
cmsGetPipelineContextID
cmsGetPostScriptCRD
cmsGetPostScriptCSA
cmsGetPostScriptColorResource
cmsGetProfileContextID
cmsGetProfileIOhandler
cmsGetProfileInfo
cmsGetProfileInfoASCII
cmsGetProfileVersion
cmsGetSupportedIntents
cmsGetSupportedIntentsTHR
cmsGetTagCount
cmsGetTagSignature
cmsGetToneCurveEstimatedTable
cmsGetToneCurveEstimatedTableEntries
cmsGetToneCurveParametricType
cmsGetTransformContextID
cmsGetTransformInputFormat
cmsGetTransformOutputFormat
cmsIT8Alloc
cmsIT8DefineDblFormat
cmsIT8EnumDataFormat
cmsIT8EnumProperties
cmsIT8EnumPropertyMulti
cmsIT8FindDataFormat
cmsIT8Free
cmsIT8GetData
cmsIT8GetDataDbl
cmsIT8GetDataRowCol
cmsIT8GetDataRowColDbl
cmsIT8GetPatchByName
cmsIT8GetPatchName
cmsIT8GetProperty
cmsIT8GetPropertyDbl
cmsIT8GetPropertyMulti
cmsIT8GetSheetType
cmsIT8LoadFromFile
cmsIT8LoadFromMem
cmsIT8SaveToFile
cmsIT8SaveToMem
cmsIT8SetComment
cmsIT8SetData
cmsIT8SetDataDbl
cmsIT8SetDataFormat
cmsIT8SetDataRowCol
cmsIT8SetDataRowColDbl
cmsIT8SetIndexColumn
cmsIT8SetPropertyDbl
cmsIT8SetPropertyHex
cmsIT8SetPropertyMulti
cmsIT8SetPropertyStr
cmsIT8SetPropertyUncooked
cmsIT8SetSheetType
cmsIT8SetTable
cmsIT8SetTableByLabel
cmsIT8TableCount
cmsIsCLUT
cmsIsIntentSupported
cmsIsMatrixShaper
cmsIsTag
cmsIsToneCurveDescending
cmsIsToneCurveLinear
cmsIsToneCurveMonotonic
cmsIsToneCurveMultisegment
cmsJoinToneCurve
cmsLCh2Lab
cmsLab2LCh
cmsLab2XYZ
cmsLabEncoded2Float
cmsLabEncoded2FloatV2
cmsLinkTag
cmsMD5computeID
cmsMLUalloc
cmsMLUdup
cmsMLUfree
cmsMLUgetASCII
cmsMLUgetTranslation
cmsMLUgetWide
cmsMLUsetASCII
cmsMLUsetWide
cmsMLUtranslationsCodes
cmsMLUtranslationsCount
cmsNamedColorCount
cmsNamedColorIndex
cmsNamedColorInfo
cmsOpenIOhandlerFromFile
cmsOpenIOhandlerFromMem
cmsOpenIOhandlerFromNULL
cmsOpenIOhandlerFromStream
cmsOpenProfileFromFile
cmsOpenProfileFromFileTHR
cmsOpenProfileFromIOhandlerTHR
cmsOpenProfileFromMem
cmsOpenProfileFromMemTHR
cmsOpenProfileFromStream
cmsOpenProfileFromStreamTHR
cmsPipelineAlloc
cmsPipelineCat
cmsPipelineCheckAndRetreiveStages
cmsPipelineDup
cmsPipelineEval16
cmsPipelineEvalFloat
cmsPipelineEvalReverseFloat
cmsPipelineFree
cmsPipelineGetPtrToFirstStage
cmsPipelineGetPtrToLastStage
cmsPipelineInputChannels
cmsPipelineInsertStage
cmsPipelineOutputChannels
cmsPipelineSetSaveAs8bitsFlag
cmsPipelineStageCount
cmsPipelineUnlinkStage
cmsPlugin
cmsPluginTHR
cmsReadRawTag
cmsReadTag
cmsReverseToneCurve
cmsReverseToneCurveEx
cmsSaveProfileToFile
cmsSaveProfileToIOhandler
cmsSaveProfileToMem
cmsSaveProfileToStream
cmsSetAdaptationState
cmsSetAdaptationStateTHR
cmsSetAlarmCodes
cmsSetAlarmCodesTHR
cmsSetColorSpace
cmsSetDeviceClass
cmsSetEncodedICCversion
cmsSetHeaderAttributes
cmsSetHeaderFlags
cmsSetHeaderManufacturer
cmsSetHeaderModel
cmsSetHeaderProfileID
cmsSetHeaderRenderingIntent
cmsSetLogErrorHandler
cmsSetLogErrorHandlerTHR
cmsSetPCS
cmsSetProfileVersion
cmsSignalError
cmsSliceSpace16
cmsSliceSpaceFloat
cmsSmoothToneCurve
cmsStageAllocCLut16bit
cmsStageAllocCLut16bitGranular
cmsStageAllocCLutFloat
cmsStageAllocCLutFloatGranular
cmsStageAllocIdentity
cmsStageAllocMatrix
cmsStageAllocToneCurves
cmsStageData
cmsStageDup
cmsStageFree
cmsStageInputChannels
cmsStageNext
cmsStageOutputChannels
cmsStageSampleCLut16bit
cmsStageSampleCLutFloat
cmsStageType
cmsTagLinkedTo
cmsTempFromWhitePoint
cmsTransform2DeviceLink
cmsUnregisterPlugins
cmsUnregisterPluginsTHR
cmsWhitePointFromTemp
cmsWriteRawTag
cmsWriteTag
cmsXYZ2Lab
cmsXYZ2xyY
cmsXYZEncoded2Float
cmsfilelength
cmsstrcasecmp
cmsxyY2XYZ

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e0a1f2284a5f7dab96c697a66241e4a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 262KB - Virtual size: 261KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 26KB - Virtual size: 34KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 26KB - Virtual size: 34KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB