70887ce4fa761baeb82a7202a15fa930_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

70887ce4fa761baeb82a7202a15fa930_NeikiAnalytics.exe
Size

109KB
MD5

70887ce4fa761baeb82a7202a15fa930
SHA1

127fb86ec5d6c6162ce6d556b2bfa05419537da2
SHA256

c1a97e64cc9ab639ef93f7c09d81f7ccf5d3de3bac9ca151bdb40e3dc13d10fb
SHA512

7320d093b4bb8b2cae7f8658dccbedf999893cb470873fe561f3c60b1d5c1940fee8bfaae07731dc32422b0933a80e412cfd14c40b8773b4cbb6231dc2efde55
SSDEEP

3072:tbBAtLbc8MeWoNbVWrI2WouI4qWo5npRWoCyJOpWofQqvWoEWoOWoDsM0Woi3hf3:tmo8Me9WrI2UI4qPpRAyJOpBQqv+cf0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70887ce4fa761baeb82a7202a15fa930_NeikiAnalytics.exe

Files

70887ce4fa761baeb82a7202a15fa930_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

dc1b1aefbb13a013f7368ea71d9564d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\CX-App_release_1.7.2\source\CapFrameX.RTSSInterface\x64\Release\CapFrameX.RTSSInterface.pdb

Imports

kernel32

InitializeCriticalSectionEx
DecodePointer
LocalFree
LocalAlloc
UnmapViewOfFile
CloseHandle
MapViewOfFile
OpenFileMappingA
Sleep
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
CreateEventW
DeleteCriticalSection
OutputDebugStringW
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetLastError
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter

mfc140

ord2358
ord2260
ord2155
ord2332
ord962
ord1425
ord2342
ord1504
ord12879
ord1639
ord2229
ord7862
ord1674
ord5656
ord1032
ord310
ord13955
ord1670
ord316
ord4648
ord8025
ord1488
ord2899
ord5691
ord305
ord13872
ord2917
ord4502
ord8418
ord2216
ord274
ord1506
ord1030
ord2244
ord2203
ord473
ord2369
ord2334
ord12782
ord6569
ord2370
ord2367
ord1037
ord323
ord2207
ord1507
ord2321
ord1038
ord3720
ord300
ord324

vcruntime140

__CxxQueryExceptionSize
__CxxFrameHandler3
memset
__CxxExceptionFilter
__FrameUnwindFilter
__std_exception_destroy
_CxxThrowException
__current_exception
__CxxRegisterExceptionObject
__CxxDetectRethrow
__current_exception_context
__C_specific_handler
__CxxUnregisterExceptionObject
__std_type_info_destroy_list
memmove
memcpy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcat_s
_stricmp
strcmp
strcpy_s
strncpy_s

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_register_onexit_function
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_seh_filter_dll
terminate
abort
_initterm_e

user32

FindWindowA
PostMessageA

shlwapi

PathRemoveFileSpecA

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-filesystem-l1-1-0

_access

mscoree

_CorDllMain

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc1b1aefbb13a013f7368ea71d9564d0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mfc140

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

user32

shlwapi

advapi32

msvcp140

api-ms-win-crt-filesystem-l1-1-0

mscoree

Sections

.text Size: 37KB - Virtual size: 36KB

.nep Size: 512B - Virtual size: 160B

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 900B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 512B - Virtual size: 148B

.text
Size: 37KB - Virtual size: 36KB

.nep
Size: 512B - Virtual size: 160B

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 900B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 512B - Virtual size: 148B