78a67e9241ff2ee9f2efdbba71618f00_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

78a67e9241ff2ee9f2efdbba71618f00_NeikiAnalytics.exe
Size

77KB
MD5

78a67e9241ff2ee9f2efdbba71618f00
SHA1

7e7096b69df87be860a5c32d8d524f882c73ce91
SHA256

ee677728009a11bedc8db02f3bb52a4dd11255a9979f2df4827c4652c50414a2
SHA512

f87ceadf65792af39bc5f0ea3da168780ec99fc4806589f174b741ba36eab3e42d2615eda51f2ec9256d69b6821d7a2aeacd5e55202d712be6b16d8aebe522ab
SSDEEP

768:0awTeEbThvXHiKAjns84FeUBcf7WJvksVSZkRNfhwKUBa64s00al1vCCCOo13T+f:XEFHiKAjnTYf07EksVfUYs00aLLRqy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78a67e9241ff2ee9f2efdbba71618f00_NeikiAnalytics.exe

Files

78a67e9241ff2ee9f2efdbba71618f00_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

de08c2b8302c5eb796db6402abc12f03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcmp
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_initialize_narrow_environment
_set_app_type
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

libgcc_s_dw2-1

__deregister_frame_info
__register_frame_info
__udivdi3
__udivmoddi4

libstdc++-6

_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE11_M_is_localEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findERKS4_j
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEcj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6substrEjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareERKS4_
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE8capacityEv
_ZNSt3_V215system_categoryEv
_ZNSt3_V216generic_categoryEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_S_copy_charsEPcPKcS7_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_S_copy_charsEPcS5_S5_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6insertEjRKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7_S_copyEPcPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt28__throw_bad_array_new_lengthv
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZdlPvj
_Znwj

libllvmaarch64desc

LLVMInitializeAArch64TargetMC

libllvmaarch64disassembler

LLVMInitializeAArch64Disassembler

libllvmaarch64info

LLVMInitializeAArch64TargetInfo

libllvmamdgpudesc

LLVMInitializeAMDGPUTargetMC

libllvmamdgpudisassembler

LLVMInitializeAMDGPUDisassembler

libllvmamdgpuinfo

LLVMInitializeAMDGPUTargetInfo

libllvmarmdesc

LLVMInitializeARMTargetMC

libllvmarmdisassembler

LLVMInitializeARMDisassembler

libllvmarminfo

LLVMInitializeARMTargetInfo

libllvmmc

_ZN4llvm14TargetRegistry12lookupTargetENS_9StringRefERNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN4llvm15MCTargetOptionsC1Ev
_ZN4llvm9MCContextC1ERKNS_6TripleEPKNS_9MCAsmInfoEPKNS_14MCRegisterInfoEPKNS_15MCSubtargetInfoEPKNS_9SourceMgrEPKNS_15MCTargetOptionsEbNS_9StringRefE
_ZN4llvm9MCContextD1Ev

libllvmnvptxdesc

LLVMInitializeNVPTXTargetMC

libllvmnvptxinfo

LLVMInitializeNVPTXTargetInfo

libllvmobject

_ZN4llvm6object12createBinaryENS_9StringRefEPNS_11LLVMContextEb
_ZN4llvm6object15object_categoryEv
_ZN4llvm6object23ExportDirectoryEntryRef8moveNextEv
_ZNK4llvm6object14COFFObjectFile12getImageBaseEv
_ZNK4llvm6object14COFFObjectFile18export_directoriesEv
_ZNK4llvm6object15MachOObjectFile12getSection64ERKNS1_15LoadCommandInfoEj
_ZNK4llvm6object15MachOObjectFile13load_commandsEv
_ZNK4llvm6object15MachOObjectFile16getSymbolByIndexEj
_ZNK4llvm6object15MachOObjectFile20getSymtabLoadCommandEv
_ZNK4llvm6object15MachOObjectFile22getDysymtabLoadCommandEv
_ZNK4llvm6object15MachOObjectFile23getSegment64LoadCommandERKNS1_15LoadCommandInfoE
_ZNK4llvm6object15MachOObjectFile27getIndirectSymbolTableEntryERKNS_5MachO16dysymtab_commandEj
_ZNK4llvm6object23ExportDirectoryEntryRef12getExportRVAERj
_ZNK4llvm6object23ExportDirectoryEntryRef13getSymbolNameERNS_9StringRefE
_ZNK4llvm6object23ExportDirectoryEntryRefeqERKS1_
_ZNK4llvm6object7Archive11child_beginERNS_5ErrorEb
_ZNK4llvm6object7Archive5Child11getAsBinaryEPNS_11LLVMContextE
_ZNK4llvm6object7Archive5Child7getNextEv
_ZNK4llvm6object7Archive9child_endEv

libllvmoption

_ZN4llvm3opt12InputArgList13releaseMemoryEv
_ZN4llvm3opt15GenericOptTableC2ENS_8ArrayRefINS0_8OptTable4InfoEEEb
_ZN4llvm3opt8OptTableD2Ev
_ZNK4llvm3opt6Option7matchesENS0_12OptSpecifierE
_ZNK4llvm3opt7ArgList15getLastArgValueENS0_12OptSpecifierENS_9StringRefE
_ZNK4llvm3opt7ArgList7hasFlagENS0_12OptSpecifierES2_b
_ZNK4llvm3opt7ArgList8getRangeESt16initializer_listINS0_12OptSpecifierEE
_ZNK4llvm3opt8OptTable9parseArgsEiPKPcNS0_12OptSpecifierERNS_11StringSaverESt8functionIFvNS_9StringRefEEE
_ZNK4llvm3opt8OptTable9printHelpERNS_11raw_ostreamEPKcS5_bbNS0_10VisibilityE
_ZTVN4llvm3opt12InputArgListE

libllvmsupport

_ZN4llvm11raw_ostream5writeEPKcj
_ZN4llvm11raw_ostream5writeEh
_ZN4llvm11raw_ostream9write_hexEy
_ZN4llvm11raw_ostreamlsEl
_ZN4llvm11raw_ostreamlsEm
_ZN4llvm12MemoryBuffer12getMemBufferENS_9StringRefES1_b
_ZN4llvm12MemoryBuffer7getFileERKNS_5TwineEbbbSt8optionalINS_5AlignEE
_ZN4llvm15MemoryBufferRefC1ERKNS_12MemoryBufferE
_ZN4llvm15SmallVectorBaseIjE13mallocForGrowEPvjjRj
_ZN4llvm15SmallVectorBaseIjE8grow_podEPvjj
_ZN4llvm15SpecialCaseList11createOrDieERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EERNS_3vfs10FileSystemE
_ZN4llvm15SpecialCaseList6createEPKNS_12MemoryBufferERNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN4llvm15SpecialCaseListD1Ev
_ZN4llvm17deallocate_bufferEPvjj
_ZN4llvm21logAllUnhandledErrorsENS_5ErrorERNS_11raw_ostreamENS_5TwineE
_ZN4llvm2cl19PrintVersionMessageEv
_ZN4llvm3sys4path11remove_dotsERNS_15SmallVectorImplIcEEbNS1_5StyleE
_ZN4llvm3sys4path16convert_to_slashB5cxx11ENS_9StringRefENS1_5StyleE
_ZN4llvm3sys4path8filenameENS_9StringRefENS1_5StyleE
_ZN4llvm3vfs17getRealFileSystemEv
_ZN4llvm4SHA14initEv
_ZN4llvm4SHA15finalEv
_ZN4llvm4SHA16updateENS_9StringRefE
_ZN4llvm4errsEv
_ZN4llvm4json5Value7destroyEv
_ZN4llvm4json6isUTF8ENS_9StringRefEPj
_ZN4llvm4json7OStream10arrayBeginEv
_ZN4llvm4json7OStream11objectBeginEv
_ZN4llvm4json7OStream12attributeEndEv
_ZN4llvm4json7OStream14attributeBeginENS_9StringRefE
_ZN4llvm4json7OStream5valueERKNS0_5ValueE
_ZN4llvm4json7OStream8arrayEndEv
_ZN4llvm4json7OStream9objectEndEv
_ZN4llvm4json7fixUTF8B5cxx11ENS_9StringRefE
_ZN4llvm4outsEv
_ZN4llvm4yaml11MappingNode9incrementEv
_ZN4llvm4yaml12KeyValueNode6getKeyEv
_ZN4llvm4yaml12KeyValueNode8getValueEv
_ZN4llvm4yaml12SequenceNode9incrementEv
_ZN4llvm4yaml6Stream3endEv
_ZN4llvm4yaml6Stream5beginEv
_ZN4llvm4yaml6StreamC1ENS_15MemoryBufferRefERNS_9SourceMgrEbPSt10error_code
_ZN4llvm4yaml6StreamD1Ev
_ZN4llvm4yaml8Document14parseBlockNodeEv
_ZN4llvm5RegexC1ENS_9StringRefENS0_10RegexFlagsE
_ZN4llvm5RegexD1Ev
_ZN4llvm5nullsEv
_ZN4llvm8InitLLVMC1ERiRPPKcb
_ZN4llvm8InitLLVMD1Ev
_ZN4llvm9SourceMgr9SrcBufferD1Ev
_ZNK4llvm15SpecialCaseList9inSectionENS_9StringRefES1_S1_S1_
_ZNK4llvm4yaml10ScalarNode8getValueERNS_15SmallVectorImplIcEE
_ZNK4llvm5Regex5matchENS_9StringRefEPNS_15SmallVectorImplIS1_EEPNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNK4llvm5Twine3strB5cxx11Ev
_ZNK4llvm5Twine5printERNS_11raw_ostreamE

libllvmsymbolize

_ZN4llvm9symbolize14LLVMSymbolizer13symbolizeCodeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_6object16SectionedAddressE
_ZN4llvm9symbolize14LLVMSymbolizer20symbolizeInlinedCodeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEENS_6object16SectionedAddressE
_ZN4llvm9symbolize14LLVMSymbolizerC1ERKNS1_7OptionsE
_ZN4llvm9symbolize14LLVMSymbolizerD1Ev

libllvmtargetparser

_ZN4llvm6Triple7setArchENS0_8ArchTypeENS0_11SubArchTypeE
_ZN4llvm6TripleC1ERKNS_5TwineE

libllvmwebassemblydesc

LLVMInitializeWebAssemblyTargetMC

libllvmwebassemblydisassembler

LLVMInitializeWebAssemblyDisassembler

libllvmwebassemblyinfo

LLVMInitializeWebAssemblyTargetInfo

libllvmx86desc

LLVMInitializeX86TargetMC

libllvmx86disassembler

LLVMInitializeX86Disassembler

libllvmx86info

LLVMInitializeX86TargetInfo

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 168B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de08c2b8302c5eb796db6402abc12f03

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

libgcc_s_dw2-1

libstdc++-6

libllvmaarch64desc

libllvmaarch64disassembler

libllvmaarch64info

libllvmamdgpudesc

libllvmamdgpudisassembler

libllvmamdgpuinfo

libllvmarmdesc

libllvmarmdisassembler

libllvmarminfo

libllvmmc

libllvmnvptxdesc

libllvmnvptxinfo

libllvmobject

libllvmoption

libllvmsupport

libllvmsymbolize

libllvmtargetparser

libllvmwebassemblydesc

libllvmwebassemblydisassembler

libllvmwebassemblyinfo

libllvmx86desc

libllvmx86disassembler

libllvmx86info

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 512B - Virtual size: 188B

.rdata Size: 6KB - Virtual size: 6KB

/4 Size: 9KB - Virtual size: 9KB

.bss Size: - Virtual size: 168B

.idata Size: 13KB - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 512B - Virtual size: 188B

.rdata
Size: 6KB - Virtual size: 6KB

/4
Size: 9KB - Virtual size: 9KB

.bss
Size: - Virtual size: 168B

.idata
Size: 13KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 2KB - Virtual size: 1KB