eb8d52a789191469a4c5628bef988500_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

eb8d52a789191469a4c5628bef988500_NeikiAnalytics.exe
Size

346KB
MD5

eb8d52a789191469a4c5628bef988500
SHA1

bd98ad0c40a5e6283720d68f1f22217b368d7773
SHA256

d42c45d549b1ec739adac5db08aab0b4ffad6d67ec04ba034968ca44d26a1e27
SHA512

bdf3e5d3835fd5efbc93b15016058263532a30b1620df900e9a2b29da2b7927fb22f3d8cf59312c462f734bbe5c383e592470a5075ea71cb4f6c01a6f8461d75
SSDEEP

3072:D1zvzhn4elyZ9eDeeYPLl0NosIdIqM5RR42ASEdzdtaR7DvR47Vie5j7PflfYfv9:DbpyZ9T5uJN9EftiO/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb8d52a789191469a4c5628bef988500_NeikiAnalytics.exe

Files

eb8d52a789191469a4c5628bef988500_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

9fabd92eebaca428adde7d490e12bf71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python38

PyImport_GetModuleDict
PyImport_AddModule
PyImport_ImportModule
PyImport_ImportModuleLevelObject
PyObject_Call
PyObject_CallObject
PyObject_GetItem
PyNumber_InPlaceAdd
PyObject_IsSubclass
PyEval_EvalCodeEx
PyFrame_New
PyBaseObject_Type
_Py_NoneStruct
PyUnicode_Type
PyLong_Type
_Py_FalseStruct
_Py_CheckRecursiveCall
PyTuple_Type
PyCFunction_Type
PyFunction_Type
PyMethod_Type
PyTraceBack_Type
PyExc_AttributeError
PyExc_ImportError
PyExc_KeyError
PyExc_NameError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyExc_DeprecationWarning
_Py_CheckRecursionLimit
PyFrame_Type
Py_GetVersion
PyErr_PrintEx
PyCode_New
PyModule_AddObject
PyOS_snprintf
PyErr_WriteUnraisable
PyErr_Format
PyException_SetCause
PyException_SetTraceback
PyErr_NormalizeException
PyErr_ExceptionMatches
PyErr_GivenExceptionMatches
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyErr_WarnFormat
PyEval_EvalFrameEx
PyErr_WarnEx
_PyThreadState_UncheckedGet
PyGILState_Release
PyGILState_Ensure
PyThreadState_Get
PyInterpreterState_GetID
PyTraceBack_Here
PyCapsule_GetPointer
PyCapsule_New
PyModuleDef_Init
PyModule_GetDict
PyModule_NewObject
PyCFunction_NewEx
_PyDict_GetItem_KnownHash
PyDict_SetItemString
PyDict_GetItemString
PyDict_Size
PyDict_Next
PyDict_DelItem
PyDict_SetItem
PyDict_GetItemWithError
PyDict_GetItem
PyDict_New
PyList_Append
PyList_New
PyTuple_Pack
PyTuple_New
_PyLong_AsByteArray
_PyLong_FromByteArray
PyLong_AsUnsignedLongLong
PyLong_AsLongLong
PyLong_FromUnsignedLongLong
PyLong_FromLongLong
PyLong_AsUnsignedLong
PyLong_AsLong
PyLong_FromSsize_t
PyLong_FromUnsignedLong
PyLong_FromLong
PyUnicode_Format
PyUnicode_Compare
PyUnicode_Concat
PyUnicode_Decode
PyUnicode_InternFromString
PyUnicode_FromFormat
PyUnicode_FromString
PyUnicode_FromStringAndSize
PyBytes_FromStringAndSize
PyObject_GC_UnTrack
_PyObject_GenericGetAttrWithDict
PyObject_CallFinalizerFromDealloc
_PyObject_GetDictPtr
_PyType_Lookup
_Py_Dealloc
PyObject_Not
PyObject_IsTrue
PyObject_Hash
PyObject_GenericGetAttr
PyObject_SetAttr
PyObject_GetAttr
PyObject_SetAttrString
PyObject_GetAttrString
PyObject_RichCompareBool
PyType_Modified
PyType_Ready
PyMem_Realloc
_Py_TrueStruct
PyMem_Malloc

kernel32

SetFilePointerEx
GetFileSizeEx
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
OutputDebugStringW
WriteFile
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
InterlockedFlushSList
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateFileW
CloseHandle

Exports

Exports

PyInit_internal

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fabd92eebaca428adde7d490e12bf71

Headers

DLL Characteristics

File Characteristics

Imports

python38

kernel32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 240KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 48KB - Virtual size: 63KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 240KB - Virtual size: 240KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 48KB - Virtual size: 63KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 2KB - Virtual size: 1KB