ede3ccb6bc8f5650aabb7200cb368230_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ede3ccb6bc8f5650aabb7200cb368230_NeikiAnalytics.exe
Size

1.6MB
MD5

ede3ccb6bc8f5650aabb7200cb368230
SHA1

037c8a2b08c791ceadebac1ac580ba59751635dc
SHA256

4becdff4ea87e7c992aa0dda95c1b29e5b8085489dc81551e48be47719640ddf
SHA512

072054b90bb382de4ab22665369dd9a55fd79e96cdfd1fb7771e3209308fa3afe56c25dc1d19c9842845eacac74f0807eca737d379c771047116ae07d5aae4ec
SSDEEP

49152:xZUtdPClOkvVXvChAeAqrykCAZzUP6FqVmL0n7L:G6DVX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ede3ccb6bc8f5650aabb7200cb368230_NeikiAnalytics.exe

Files

ede3ccb6bc8f5650aabb7200cb368230_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

ae54d2e8f1551382227c9facd922168c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build\output\unity\fmod\artifacts\FSBTool\release_Win_x64_VS2022_Win7_nonlump\FSBTool64.pdb

Imports

ws2_32

inet_addr
recv
connect
closesocket
htons
__WSAFDIsSet
ioctlsocket
select
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAGetLastError
WSACleanup
listen
htonl
bind
accept
WSAStartup
socket
send

shell32

CommandLineToArgvW

winmm

waveInGetDevCapsW
waveInGetDevCapsA
waveInGetNumDevs
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveInOpen
waveOutClose
waveOutOpen
waveOutGetDevCapsW
waveOutGetDevCapsA
waveOutGetNumDevs
timeGetTime
waveInReset
waveInAddBuffer
waveInClose
waveInUnprepareHeader
waveInPrepareHeader
waveOutPrepareHeader
waveInStart

user32

GetDesktopWindow

ole32

CoTaskMemFree
CoInitialize
PropVariantClear
CoInitializeEx
CoUninitialize
CoCreateInstance

shlwapi

ord219

kernel32

CreateWaitableTimerA
HeapSize
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetStdHandle
GetCurrentDirectoryW
FlushFileBuffers
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
MoveFileExW
DeleteFileW
GetFileType
GetDriveTypeW
CreateDirectoryW
GetModuleHandleExW
ExitProcess
RtlUnwind
LoadLibraryExW
TlsFree
CloseHandle
GetLastError
HeapSetInformation
SetEvent
WaitForSingleObject
CreateEventW
GetProcAddress
LoadLibraryA
CreateFileW
GetFileSizeEx
GetTempFileNameW
WideCharToMultiByte
GetCommandLineW
CreateFileA
GetFileSize
ReadFile
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerExW
Sleep
GetCurrentThreadId
SetThreadPriority
FreeLibrary
LoadLibraryW
GetSystemInfo
SetLastError
ResetEvent
CreateEventA
WriteConsoleW
GetSystemDirectoryA
MultiByteToWideChar
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
TlsSetValue
RtlPcToFileHeader
RaiseException
RtlUnwindEx
TlsAlloc
TlsGetValue

Exports

Exports

FSBank_Build
FSBank_BuildCancel
FSBank_FetchNextProgressItem
FSBank_Init
FSBank_MemoryGetStats
FSBank_MemoryInit
FSBank_Release
FSBank_ReleaseProgressItem
FSBank_SetLibraryPath

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae54d2e8f1551382227c9facd922168c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

shell32

winmm

user32

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 58KB - Virtual size: 323KB

.pdata Size: 42KB - Virtual size: 42KB

_RDATA Size: 68KB - Virtual size: 68KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 58KB - Virtual size: 323KB

.pdata
Size: 42KB - Virtual size: 42KB

_RDATA
Size: 68KB - Virtual size: 68KB

.reloc
Size: 6KB - Virtual size: 5KB