82aed5fc94a29ff8d5a7551bf962b3a0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

82aed5fc94a29ff8d5a7551bf962b3a0_NeikiAnalytics.exe
Size

322KB
MD5

82aed5fc94a29ff8d5a7551bf962b3a0
SHA1

c7f443a79802385546610c7425f38e718647a30d
SHA256

dc7cb03a90099070ff49b265ba21569c595e319f061e6afe1aff90fe85ac95ed
SHA512

c3debaa5a0fb0e45025338001cca9807208673433d59c5abce42a9007b2cf17f428843a587e31f481d431d37a921176b3c9380e55b690a6bf69077eafa3caa2a
SSDEEP

6144:IKfJvuduhJtobUtg2YeOaBHNdp40ocYOPivqVjP:ISJvudPUS2gax/rtEQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82aed5fc94a29ff8d5a7551bf962b3a0_NeikiAnalytics.exe

Files

82aed5fc94a29ff8d5a7551bf962b3a0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

2dcd18ff26b11f8afa708012abe34bac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\epyxid\epyxid\target\x86_64-pc-windows-msvc\release\deps\epyxid.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

kernel32

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
CloseHandle
Sleep
GetModuleHandleA
GetProcAddress
GetStdHandle
GetLastError
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetModuleHandleW
FormatMessageW
GetCurrentProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetLastError
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
GetEnvironmentVariableW
GetComputerNameExW
GetFullPathNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
IsProcessorFeaturePresent

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
NtReadFile
RtlNtStatusToDosError

python312

PyExc_BaseException
PyErr_PrintEx
PyExc_TypeError
PyErr_SetString
PyErr_SetObject
PyUnicode_AsEncodedString
PyErr_NewExceptionWithDoc
PyException_GetTraceback
PyGILState_Release
PyGILState_Ensure
PyObject_Repr
PyException_SetTraceback
PyException_GetCause
_Py_Dealloc
PyBaseObject_Type
PyObject_GenericGetDict
PyObject_GenericSetDict
PyType_FromSpec
PyObject_SetAttrString
PyExc_RuntimeError
PyModule_Create2
PyExc_ImportError
PyLong_FromSsize_t
PyObject_GetItem
PyObject_SetItem
PyObject_DelItem
PyErr_GetRaisedException
PyErr_Print
Py_IsInitialized
_Py_NotImplementedStruct
_Py_TrueStruct
_Py_FalseStruct
PyInterpreterState_GetID
PyExc_SystemError
PyLong_FromUnsignedLongLong
PyCapsule_Import
PyTuple_New
_Py_NoneStruct
PyFloat_FromDouble
PyLong_FromLong
PyBytes_FromStringAndSize
PyType_IsSubtype
PyBytes_Size
PyBytes_AsString
PyList_Append
PyList_New
PyErr_GivenExceptionMatches
PyExc_AttributeError
PyObject_GC_UnTrack
PyUnicode_AsUTF8AndSize
PyErr_WriteUnraisable
PyErr_SetRaisedException
PyExc_ValueError
PyType_GenericAlloc
PyObject_Str
PyObject_GetAttr
PyObject_SetAttr
PyUnicode_InternInPlace
PyException_SetCause
PyUnicode_FromStringAndSize
PyInterpreterState_Get

vcruntime140

memcmp
__CxxFrameHandler3
_CxxThrowException
memset
memmove
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_initialize_onexit_table
_configure_narrow_argv
_execute_onexit_table
_cexit
_initialize_narrow_environment
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit_epyxid

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dcd18ff26b11f8afa708012abe34bac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

bcrypt

ntdll

python312

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 226KB - Virtual size: 226KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 226KB - Virtual size: 226KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB