3db5cef063350319a291ebd29208c86bf8c6493a025f7cf802abb058f196f5b5_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

3db5cef063350319a291ebd29208c86bf8c6493a025f7cf802abb058f196f5b5_NeikiAnalytics
Size

6.9MB
MD5

d1ca5795e2dd46b41d0a7a0231e095b0
SHA1

3171321b4525572b5ca0b7070eb24fc2a5f91f20
SHA256

3db5cef063350319a291ebd29208c86bf8c6493a025f7cf802abb058f196f5b5
SHA512

aa2d7bdb0a93e2965062ac44fc647475625fc6ab2afcbd7ec307a016826a9b7a5d5931ab82b2043ad11cac5433f6434127a56aff3e2919d8ee5812d9c3c6dabc
SSDEEP

49152:yyepSzXTVGSM0L6weARKnNqPwcEpVM+XhY018Om84r30h71BsGWPp4eGA3fFrRRr:BJPsgD018Ocg71+kT38Ku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3db5cef063350319a291ebd29208c86bf8c6493a025f7cf802abb058f196f5b5_NeikiAnalytics

Files

3db5cef063350319a291ebd29208c86bf8c6493a025f7cf802abb058f196f5b5_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

d2880a95164e9fb683eab85c7acb090d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\neverland\source\repos\TPH_Launcher\x64\Debug\TPH_Launcher.pdb

Imports

shell32

ShellExecuteA

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

winmm

sndPlaySoundA

normaliz

IdnToAscii
IdnToUnicode

ws2_32

ntohs
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
getsockopt
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
bind
WSAGetLastError
WSASetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send

wldap32

ord35
ord301
ord200
ord30
ord32
ord143
ord33
ord79
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217

crypt32

CertFreeCertificateChainEngine
CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore

advapi32

CryptCreateHash
RegOpenKeyA
RegGetValueA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
RegCloseKey
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetKeyValueA

user32

CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
ShowWindow
PostQuitMessage
SetProcessDPIAware
MonitorFromWindow
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
SetWindowPos
GetDC
GetForegroundWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetMessageExtraInfo
TrackMouseEvent
GetKeyboardLayout
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetSystemMetrics
GetWindowThreadProcessId
EnumWindows
MessageBoxA
DestroyWindow
UpdateWindow
GetWindowRect
ReleaseDC

kernel32

FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
WriteConsoleW
GetModuleHandleExW
GetSystemInfo
HeapValidate
HeapSize
SystemTimeToTzSpecificLocalTime
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
WriteFile
GetDriveTypeW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetCurrentThread
HeapReAlloc
HeapQueryInformation
OutputDebugStringW
SetConsoleCtrlHandler
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
DeleteFileW
TlsFree
LeaveCriticalSection
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetStartupInfoW
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
LCMapStringEx
DecodePointer
GetModuleFileNameA
GetFullPathNameA
CloseHandle
GetLastError
GetCurrentProcessId
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
CreateToolhelp32Snapshot
Process32First
Process32Next
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
GetLocaleInfoA
CreateProcessA
FreeResource
LoadResource
LockResource
FindResourceA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
RtlUnwind
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
GetSystemDirectoryA
Sleep
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
FormatMessageA
LocalFree
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
GetModuleHandleW
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
EncodePointer

imm32

ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow
DwmGetColorizationColor
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

bcrypt

BCryptGenRandom

Sections

.textbss
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 190KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 863B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2880a95164e9fb683eab85c7acb090d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

d3d9

d3dx9_43

winmm

normaliz

ws2_32

wldap32

crypt32

advapi32

user32

kernel32

imm32

gdi32

dwmapi

bcrypt

Sections

.textbss Size: - Virtual size: 2.3MB

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 190KB - Virtual size: 234KB

.pdata Size: 196KB - Virtual size: 195KB

.idata Size: 16KB - Virtual size: 15KB

.msvcjmc Size: 5KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 863B

.rsrc Size: 374KB - Virtual size: 373KB

.reloc Size: 42KB - Virtual size: 42KB

.textbss
Size: - Virtual size: 2.3MB

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 190KB - Virtual size: 234KB

.pdata
Size: 196KB - Virtual size: 195KB

.idata
Size: 16KB - Virtual size: 15KB

.msvcjmc
Size: 5KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 863B

.rsrc
Size: 374KB - Virtual size: 373KB

.reloc
Size: 42KB - Virtual size: 42KB