General

Malware Config

Signatures

Files

• 5118d6d7cfaeda5be142af8581348270_NeikiAnalytics.exe

  .dll windows:6 windows x64 arch:x64

  617016b6095ef96ef5be397321bf0720

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  C:\KWT\EtoRevamp-SR\x64\Release\Revamp.pdb

  Imports

  kernel32

  GetModuleFileNameW

  SetLastError

  FormatMessageA

  LocalFree

  EnterCriticalSection

  LeaveCriticalSection

  SleepEx

  GetSystemDirectoryA

  VerifyVersionInfoA

  GetTickCount

  MoveFileExA

  WaitForSingleObjectEx

  GetEnvironmentVariableA

  GetFileType

  ReadFile

  PeekNamedPipe

  WaitForMultipleObjects

  CreateFileA

  GetFileSizeEx

  SetThreadContext

  FlushInstructionCache

  VirtualAlloc

  VirtualFree

  VirtualQuery

  GetLocaleInfoEx

  GetCurrentDirectoryW

  CreateDirectoryW

  FindClose

  FindFirstFileW

  GetCurrentProcess

  Sleep

  DeleteCriticalSection

  InitializeCriticalSectionEx

  GetProcessHeap

  HeapSize

  GetFileAttributesExW

  HeapFree

  HeapReAlloc

  HeapAlloc

  HeapDestroy

  GetLastError

  CreateFileW

  GetModuleHandleW

  FindResourceW

  LoadResource

  LockResource

  FreeResource

  SizeofResource

  GetConsoleMode

  SetConsoleMode

  AllocConsole

  ExitProcess

  QueryPerformanceCounter

  FreeLibrary

  VerSetConditionMask

  GetProcAddress

  QueryPerformanceFrequency

  AreFileApisANSI

  GetFileInformationByHandleEx

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  WakeAllConditionVariable

  SleepConditionVariableSRW

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  LoadLibraryA

  GetLocaleInfoA

  GlobalUnlock

  WideCharToMultiByte

  GlobalLock

  GlobalFree

  GlobalAlloc

  MultiByteToWideChar

  GetCurrentThread

  OpenThread

  GetCurrentProcessId

  CloseHandle

  CreateToolhelp32Snapshot

  GetModuleHandleA

  ResumeThread

  SuspendThread

  GetCurrentThreadId

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetSystemTimeAsFileTime

  InitializeSListHead

  Thread32First

  Thread32Next

  GetModuleFileNameA

  GetStdHandle

  SetConsoleTextAttribute

  VirtualProtect

  CreateThread

  OutputDebugStringW

  GetThreadContext

  user32

  SetCapture

  ReleaseCapture

  SetCursorPos

  GetCursorPos

  OpenClipboard

  SetCursor

  GetClientRect

  SetProcessDPIAware

  MessageBoxA

  DefWindowProcW

  CallWindowProcW

  SetWindowLongPtrW

  CreateWindowExA

  RegisterClassExA

  GetKeyState

  GetMessageExtraInfo

  CloseClipboard

  IsWindowUnicode

  EmptyClipboard

  GetClipboardData

  SetClipboardData

  TrackMouseEvent

  ScreenToClient

  LoadCursorW

  ClientToScreen

  GetCapture

  GetKeyboardLayout

  GetForegroundWindow

  advapi32

  CryptDestroyKey

  OpenProcessToken

  CopySid

  GetLengthSid

  GetTokenInformation

  CryptAcquireContextA

  CryptReleaseContext

  CryptGetHashParam

  CryptGenRandom

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  IsValidSid

  CryptImportKey

  CryptEncrypt

  ConvertSidToStringSidA

  shell32

  ShellExecuteA

  msvcp140

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

  ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z

  ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  _Query_perf_frequency

  _Query_perf_counter

  ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A

  ?id@?$ctype@D@std@@2V0locale@2@A

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ

  ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?_Syserror_map@std@@YAPEBDH@Z

  ?_Winerror_map@std@@YAHH@Z

  ?setf@ios_base@std@@QEAAHHH@Z

  ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

  ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z

  ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z

  ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Xbad_function_call@std@@YAXXZ

  ?_Xout_of_range@std@@YAXPEBD@Z

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ??1_Lockit@std@@QEAA@XZ

  ??Bid@locale@std@@QEAA_KXZ

  ?_Xlength_error@std@@YAXPEBD@Z

  ?uncaught_exceptions@std@@YAHXZ

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?good@ios_base@std@@QEBA_NXZ

  ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z

  d3d11

  D3D11CreateDeviceAndSwapChain

  imm32

  ImmSetCompositionWindow

  ImmReleaseContext

  ImmGetContext

  ImmSetCandidateWindow

  d3dcompiler_47

  D3DCompile

  normaliz

  IdnToAscii

  wldap32

  ord143

  ord200

  ord217

  ord46

  ord211

  ord60

  ord45

  ord50

  ord41

  ord22

  ord26

  ord27

  ord32

  ord33

  ord35

  ord79

  ord301

  ord30

  crypt32

  CertFreeCertificateChainEngine

  CertGetCertificateChain

  CertFreeCertificateChain

  CertOpenStore

  CertCreateCertificateChainEngine

  CertGetNameStringA

  CertFindExtension

  CertAddCertificateContextToStore

  CryptDecodeObjectEx

  PFXImportCertStore

  CryptStringToBinaryA

  CertFreeCertificateContext

  CertFindCertificateInStore

  CertEnumCertificatesInStore

  CertCloseStore

  CryptQueryObject

  ws2_32

  socket

  WSASetLastError

  WSAIoctl

  ntohl

  gethostname

  sendto

  recvfrom

  freeaddrinfo

  getaddrinfo

  select

  __WSAFDIsSet

  accept

  closesocket

  ioctlsocket

  recv

  listen

  send

  WSAGetLastError

  setsockopt

  bind

  htonl

  WSAStartup

  ntohs

  htons

  WSACleanup

  connect

  getpeername

  getsockname

  getsockopt

  shlwapi

  PathFindFileNameW

  rpcrt4

  UuidCreate

  UuidToStringA

  RpcStringFreeA

  userenv

  UnloadUserProfile

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __std_type_info_destroy_list

  __current_exception

  __current_exception_context

  __std_exception_destroy

  __std_exception_copy

  __std_terminate

  __C_specific_handler

  strstr

  strchr

  _CxxThrowException

  memchr

  memcmp

  memcpy

  memmove

  memset

  strrchr

  api-ms-win-crt-heap-l1-1-0

  calloc

  malloc

  realloc

  _callnewh

  free

  api-ms-win-crt-runtime-l1-1-0

  _initterm

  _cexit

  _execute_onexit_table

  _errno

  _register_onexit_function

  _initialize_onexit_table

  _initialize_narrow_environment

  _configure_narrow_argv

  _initterm_e

  _seh_filter_dll

  terminate

  abort

  _getpid

  exit

  _beginthreadex

  _invalid_parameter_noinfo_noreturn

  system

  strerror

  __sys_nerr

  _invalid_parameter_noinfo

  _resetstkoflw

  _crt_atexit

  api-ms-win-crt-stdio-l1-1-0

  fgetc

  fflush

  fwrite

  fputc

  __stdio_common_vfprintf

  __acrt_iob_func

  __stdio_common_vsprintf

  fgetpos

  setvbuf

  ungetc

  fsetpos

  fclose

  _open

  _write

  _read

  fread

  _fseeki64

  _get_stream_buffer_pointers

  ftell

  _lseeki64

  fseek

  _wfopen

  __stdio_common_vsscanf

  freopen

  feof

  fputs

  fopen

  fgets

  _close

  _pclose

  _popen

  api-ms-win-crt-math-l1-1-0

  _dsign

  _dclass

  ceilf

  pow

  acosf

  sqrt

  sqrtf

  sinf

  fmodf

  cosf

  api-ms-win-crt-convert-l1-1-0

  atoi

  strtoul

  strtol

  strtod

  strtoull

  atof

  strtoll

  api-ms-win-crt-filesystem-l1-1-0

  _lock_file

  _unlock_file

  _access

  _stat64

  _fstat64

  _unlink

  api-ms-win-crt-locale-l1-1-0

  localeconv

  ___lc_codepage_func

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-string-l1-1-0

  strcspn

  strspn

  tolower

  strncmp

  strpbrk

  isupper

  strcmp

  _strdup

  strncpy

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-time-l1-1-0

  _time64

  strftime

  _localtime64

  _gmtime64

  Sections

  .text

  Size: 893KB - Virtual size: 893KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 218KB - Virtual size: 218KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .detourc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .detourd

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 119KB - Virtual size: 119KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ