46c155b007b97e16b73619ece9f80b50_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

46c155b007b97e16b73619ece9f80b50_NeikiAnalytics.exe
Size

90KB
MD5

46c155b007b97e16b73619ece9f80b50
SHA1

bb6580ff095a52bb34b0a857a6ffa519d0fa28dc
SHA256

87c16f9b7a92162becd1cc5f4d6f1d757d81bfd213d6aa30716b938fd1db40ee
SHA512

a4a871878bae1429797b5de1b2cffbfdd1ed3f366087213af363a222dd3c95d132467a2396436163db996c0e56f91ccf0fceefc38d66f0e01224fd2121b9e82f
SSDEEP

1536:xR6GY6M8McOSYnklieGdX8w/383rHb2zCE2SYvCInWkA/EJA6s/2JJB7XI/d:xEGHM8MWiv83r7fDS7cs/2JJB7XA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46c155b007b97e16b73619ece9f80b50_NeikiAnalytics.exe

Files

46c155b007b97e16b73619ece9f80b50_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

3409b310776fe5c7cda4fafb30bfee13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\m-in-w32-d-0000000000000000000\build\src\obj-firefox\mfbt\tests\TestRollingMean.pdb

Imports

kernel32

TerminateProcess
GetCurrentProcess
GetSystemInfo
VirtualAlloc
VirtualFree
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

msvcp140

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memset
memmove
__std_exception_copy
__std_exception_destroy
_except_handler4_common
memcpy
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vfprintf
fflush
__acrt_iob_func
__p__commode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
calloc
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_exit
exit
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
__p___argv
_seh_filter_exe
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-math-l1-1-0

_except1
ceil
__setusermatherr
_dtest

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

??0Decimal@blink@@QAE@ABV01@@Z
??0Decimal@blink@@QAE@ABVEncodedData@01@@Z
??0Decimal@blink@@QAE@H@Z
??0Decimal@blink@@QAE@W4Sign@01@H_K@Z
??0SHA1Sum@mozilla@@QAE@XZ
??4Decimal@blink@@QAEAAV01@ABV01@@Z
??8Decimal@blink@@QBE_NABV01@@Z
??9Decimal@blink@@QBE_NABV01@@Z
??DDecimal@blink@@QBE?AV01@ABV01@@Z
??GDecimal@blink@@QBE?AV01@ABV01@@Z
??GDecimal@blink@@QBE?AV01@XZ
??HDecimal@blink@@QBE?AV01@ABV01@@Z
??KDecimal@blink@@QBE?AV01@ABV01@@Z
??MDecimal@blink@@QBE_NABV01@@Z
??NDecimal@blink@@QBE_NABV01@@Z
??ODecimal@blink@@QBE_NABV01@@Z
??PDecimal@blink@@QBE_NABV01@@Z
??XDecimal@blink@@QAEAAV01@ABV01@@Z
??YDecimal@blink@@QAEAAV01@ABV01@@Z
??ZDecimal@blink@@QAEAAV01@ABV01@@Z
??_0Decimal@blink@@QAEAAV01@ABV01@@Z
??_FDecimal@blink@@QAEXXZ
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z
?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z
?HashBytes@mozilla@@YAIPBXI@Z
?IsFloat32Representable@mozilla@@YA_NN@Z
?ToExponential@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z
?ToFixed@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPA_NPAVStringBuilder@2@@Z
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z
?Unused@mozilla@@3Uunused_t@1@B
?abs@Decimal@blink@@QBE?AV12@XZ
?alignOperands@Decimal@blink@@CA?AUAlignedOperands@12@ABV12@0@Z
?ceil@Decimal@blink@@QBE?AV12@XZ
?compareTo@Decimal@blink@@ABE?AV12@ABV12@@Z
?compress@LZ4@Compression@mozilla@@SAIPBDIPAD@Z
?compressLimitedOutput@LZ4@Compression@mozilla@@SAIPBDIPADI@Z
?decompress@LZ4@Compression@mozilla@@SA_NPBDIPADIPAI@Z
?decompress@LZ4@Compression@mozilla@@SA_NPBDPADI@Z
?finish@SHA1Sum@mozilla@@QAEXAAY0BE@E@Z
?floor@Decimal@blink@@QBE?AV12@XZ
?fromDouble@Decimal@blink@@SA?AV12@N@Z
?fromString@Decimal@blink@@SA?AV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?gChaosFeatures@detail@mozilla@@3W4ChaosFeature@2@A
?gChaosModeCounter@detail@mozilla@@3V?$Atomic@I$01X@2@A
?gTwoCharEscapes@detail@mozilla@@3QBDB
?infinity@Decimal@blink@@SA?AV12@W4Sign@12@@Z
?kBase10MaximalLength@DoubleToStringConverter@double_conversion@@2HB
?nan@Decimal@blink@@SA?AV12@XZ
?remainder@Decimal@blink@@QBE?AV12@ABV12@@Z
?round@Decimal@blink@@QBE?AV12@XZ
?toDouble@Decimal@blink@@QBENXZ
?toString@Decimal@blink@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?toString@Decimal@blink@@QBE_NPADI@Z
?update@SHA1Sum@mozilla@@QAEXPBXI@Z
?zero@Decimal@blink@@SA?AV12@W4Sign@12@@Z
gMozCrashReason
gMozillaPoisonBase
gMozillaPoisonSize
gMozillaPoisonValue
mozPoisonValueInit

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3409b310776fe5c7cda4fafb30bfee13

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 2B

.gfids Size: 512B - Virtual size: 84B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 2B

.gfids
Size: 512B - Virtual size: 84B

.reloc
Size: 2KB - Virtual size: 2KB