5fcd09b50974933c490b0767b74fb340_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5fcd09b50974933c490b0767b74fb340_NeikiAnalytics.exe
Size

407KB
MD5

5fcd09b50974933c490b0767b74fb340
SHA1

26973a976d6dcf894105f400593e21d31c8b3158
SHA256

9d816555ab3b91cd187977c5e4d93d0b10719497c232a767b8ddf23e4dfda286
SHA512

68d0b3d9c108e3f0f9660e562b9f69cfc35c7ff4b988e0e75abc650262666fee8133b287d2f59148873379a7c5937f660d0695613c4b9712c9c572cda5e24774
SSDEEP

6144:lV96QgnyesRjbnAvofT6A8dhmF3yko2zKIc+flUYrPGK5N:b96QDe2XAwf+A8dhAlTcilUYKe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5fcd09b50974933c490b0767b74fb340_NeikiAnalytics.exe

Files

5fcd09b50974933c490b0767b74fb340_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

8ab82d29887844458443f9db10ca8f59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Park\Source\Repos\ZollJak-Test\Scatus Defence\Release\Scatus Defence.pdb

Imports

dsound

ord11

d2d1

ord1

dwrite

DWriteCreateFactory

d3d11

D3D11CreateDevice

winmm

mmioDescend
mmioOpenW
mmioRead
mmioClose
mmioAscend

d3dx11_43

D3DX11CreateShaderResourceViewFromFileW
D3DX11CreateTextureFromFileW

ws2_32

WSACleanup
closesocket
WSAGetLastError
WSASend
WSAStartup
htons
WSARecv
connect
inet_addr
WSAAsyncSelect
WSASocketW

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
AllocConsole
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageW
LocalFree
AttachConsole

user32

PostQuitMessage
UpdateWindow
LoadCursorW
SetCursor
GetClientRect
ShowCursor
SetCapture
ReleaseCapture
DefWindowProcW
MessageBoxW
CreateWindowExW
SetWindowTextW
ShowWindow
DispatchMessageW
PeekMessageW
RegisterClassW
AdjustWindowRect
TranslateMessage
LoadIconW
GetAsyncKeyState

gdi32

GetStockObject

ole32

CoCreateInstance
CoInitialize

msvcp140

??1_Locinfo@std@@QAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Xruntime_error@std@@YAXPBD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0_Locinfo@std@@QAE@HPBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140

memcpy
_except_handler4_common
memset
_CxxThrowException
__std_terminate
memmove
_purecall
__std_exception_destroy
__std_exception_copy
strstr
strchr
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vsprintf
freopen
_fseeki64
fgetc
fsetpos
ungetc
setvbuf
fgetpos
__acrt_iob_func
fwrite
_set_fmode
fflush
fputc
__p__commode
__stdio_common_vfprintf
_get_stream_buffer_pointers

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
exit
_configure_narrow_argv
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_invalid_parameter_noinfo_noreturn
terminate
_controlfp_s

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_wsetlocale
_configthreadlocale

api-ms-win-crt-string-l1-1-0

isspace
isdigit
_stricmp

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

floor
_libm_sse2_sqrt_precise
_CIatan2
__setusermatherr
_except1
_libm_sse2_tan_precise
_libm_sse2_sin_precise
_libm_sse2_cos_precise

d3dcompiler_43

D3DReflect
D3DGetInputSignatureBlob

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ab82d29887844458443f9db10ca8f59

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dsound

d2d1

dwrite

d3d11

winmm

d3dx11_43

ws2_32

kernel32

user32

gdi32

ole32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

d3dcompiler_43

Sections

.text Size: 280KB - Virtual size: 279KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 30KB - Virtual size: 32KB

.gfids Size: 512B - Virtual size: 92B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 30KB - Virtual size: 32KB

.gfids
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 24KB - Virtual size: 23KB