3699f9bd260976bc90c3545680be2390_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3699f9bd260976bc90c3545680be2390_NeikiAnalytics.exe
Size

761KB
MD5

3699f9bd260976bc90c3545680be2390
SHA1

f85f20d8dece71b0bc151d8dbffd4305bc317210
SHA256

703fa4c68455672f1809a77c5e1cf321a7745ab1bb51140968366ecd9c67fe7c
SHA512

975f276be1616935c8da2c2aef7ee71b37f24672f4dad0ddfa08b5e939ed9d06938562da8b8df2359857d93ad3d8d9bac8aa24b6ad529525322f8c721edaf63d
SSDEEP

12288:/poLW3KppO/xBNJaTkXzHZ1psLtV9NCmGP7Zl07FG2MMho+1hp:/q10gzNCT07kKaop

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3699f9bd260976bc90c3545680be2390_NeikiAnalytics.exe

Files

3699f9bd260976bc90c3545680be2390_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

1eac7f7a7977e7c221bcc119cbcee488

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

llama

?llama_sample_token_with_rng@@YAHPEAUllama_context@@PEAUllama_token_data_array@@AEAV?$mersenne_twister_engine@I$0CA@$0CHA@$0BIN@$0BP@$0JJAILANP@$0L@$0PPPPPPPP@$06$0JNCMFGIA@$0P@$0OPMGAAAA@$0BC@$0GMAHIJGF@@std@@@Z
ggml_cpu_has_arm_fma
ggml_cpu_has_avx
ggml_cpu_has_avx2
ggml_cpu_has_avx512
ggml_cpu_has_avx512_vbmi
ggml_cpu_has_avx512_vnni
ggml_cpu_has_avx_vnni
ggml_cpu_has_blas
ggml_cpu_has_clblast
ggml_cpu_has_cuda
ggml_cpu_has_f16c
ggml_cpu_has_fma
ggml_cpu_has_fp16_va
ggml_cpu_has_gpublas
ggml_cpu_has_kompute
ggml_cpu_has_matmul_int8
ggml_cpu_has_neon
ggml_cpu_has_sse3
ggml_cpu_has_vsx
ggml_cpu_has_vulkan
ggml_cpu_has_wasm_simd
ggml_free
ggml_get_tensor
ggml_graph_overhead
ggml_init
ggml_n_dims
ggml_nbytes
ggml_nelements
ggml_print_backtrace
ggml_tensor_overhead
ggml_time_ms
ggml_time_us
gguf_free
gguf_get_n_tensors
gguf_get_tensor_name
gguf_init_from_file
llama_add_bos_token
llama_backend_free
llama_backend_init
llama_batch_free
llama_batch_get_one
llama_batch_init
llama_context_default_params
llama_control_vector_apply
llama_decode
llama_free
llama_free_model
llama_get_logits_ith
llama_get_model
llama_grammar_accept_token
llama_grammar_copy
llama_grammar_free
llama_grammar_init
llama_kv_cache_clear
llama_kv_cache_seq_rm
llama_kv_cache_view_init
llama_kv_cache_view_update
llama_load_model_from_file
llama_max_devices
llama_model_apply_lora_from_file
llama_model_default_params
llama_n_ctx
llama_n_layer
llama_n_vocab
llama_new_context_with_model
llama_numa_init
llama_print_system_info
llama_print_timings
llama_reset_timings
llama_sample_apply_guidance
llama_sample_entropy
llama_sample_grammar
llama_sample_min_p
llama_sample_repetition_penalties
llama_sample_softmax
llama_sample_tail_free
llama_sample_temp
llama_sample_token_greedy
llama_sample_token_mirostat
llama_sample_token_mirostat_v2
llama_sample_top_k
llama_sample_top_p
llama_sample_typical
llama_supports_gpu_offload
llama_supports_mlock
llama_supports_mmap
llama_synchronize
llama_token_bos
llama_token_eos
llama_token_is_eog
llama_token_nl
llama_token_to_piece
llama_tokenize
llama_vocab_type

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0facet@locale@std@@IEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?do_always_noconv@?$codecvt@_UDU_Mbstatet@@@std@@MEBA_NXZ
?do_encoding@?$codecvt@_UDU_Mbstatet@@@std@@MEBAHXZ
?do_in@?$codecvt@_UDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_U3AEAPEA_U@Z
?do_length@?$codecvt@_UDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_max_length@?$codecvt@_UDU_Mbstatet@@@std@@MEBAHXZ
?do_out@?$codecvt@_UDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEB_U1AEAPEB_UPEAD3AEAPEAD@Z
?do_unshift@?$codecvt@_UDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?eof@ios_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Strcoll
_Strxfrm
_Thrd_hardware_concurrency
_Thrd_id
_Xtime_get_ticks

kernel32

AcquireSRWLockExclusive
CreateDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetLastError
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
UnhandledExceptionFilter
WakeAllConditionVariable

msvcp140_codecvt_ids

?id@?$codecvt@_UDU_Mbstatet@@@std@@2V0locale@2@A

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
__std_terminate
memchr
memcmp
memcpy
memmove
memset
strchr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsprintf
_fseeki64
_get_stream_buffer_pointers
_set_fmode
fclose
fflush
fgetc
fgetpos
fopen
fputc
fread
fsetpos
fwrite
putchar
puts
setvbuf
ungetc

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dsign
_dtest
sqrt

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
abort
exit
strerror
terminate

api-ms-win-crt-time-l1-1-0

_localtime64
strftime

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

atof
atol
strtod
strtof
strtol
strtoll
strtoul
strtoull

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
realloc

api-ms-win-crt-string-l1-1-0

isprint
isspace
strcmp
strlen
strncmp
strncpy

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1eac7f7a7977e7c221bcc119cbcee488

Headers

DLL Characteristics

File Characteristics

Imports

llama

msvcp140

kernel32

msvcp140_codecvt_ids

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 531KB - Virtual size: 530KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 12KB - Virtual size: 14KB

.pdata Size: 30KB - Virtual size: 30KB

.00cfg Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 1024B - Virtual size: 972B

.text
Size: 531KB - Virtual size: 530KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 30KB - Virtual size: 30KB

.00cfg
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 1024B - Virtual size: 972B