61fcd2fe6f12b73d76f5fe94ee5bd4b0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

61fcd2fe6f12b73d76f5fe94ee5bd4b0_NeikiAnalytics.exe
Size

146KB
MD5

61fcd2fe6f12b73d76f5fe94ee5bd4b0
SHA1

637214970024f1533c503b3eafc260c4390d6ef4
SHA256

ade4902bbb595e896f2e43969bce43532f2f271929c9275205a5bb871a60aac5
SHA512

aef0c7c622f59de666b08768579657e2663693d40ee5d0b38b21ecb67ade6afd0ab413c629c25b67e9c8896761841a2fc8a992631b62c71ea16bbd36a60dce52
SSDEEP

3072:wn3xVzT4EQMFwLZqBNSjul9zMMFnkOUDBcLPJ:+j3/Fw0NTl9z7nkO5PJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61fcd2fe6f12b73d76f5fe94ee5bd4b0_NeikiAnalytics.exe

Files

61fcd2fe6f12b73d76f5fe94ee5bd4b0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

122971c35521a65a87fe51bd006f8fd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\gtk-build\build\x64\release\cairo\_gvsbuild-meson\util\cairo-script\cairo-script-interpreter-2.pdb

Imports

cairo-2

cairo_font_options_create
cairo_font_options_destroy
cairo_font_options_set_antialias
cairo_font_options_set_subpixel_order
cairo_font_options_set_hint_style
cairo_font_options_set_hint_metrics
cairo_select_font_face
cairo_set_font_size
cairo_set_font_matrix
cairo_set_font_options
cairo_set_font_face
cairo_get_font_face
cairo_set_scaled_font
cairo_get_scaled_font
cairo_show_text
cairo_show_glyphs
cairo_show_text_glyphs
cairo_text_path
cairo_glyph_path
cairo_font_face_get_user_data
cairo_font_face_set_user_data
cairo_scaled_font_create
cairo_scaled_font_status
cairo_scaled_font_get_user_data
cairo_scaled_font_set_user_data
cairo_scaled_font_glyph_extents
cairo_scaled_font_get_font_face
cairo_user_font_face_create
cairo_user_font_face_set_init_func
cairo_user_font_face_set_render_glyph_func
cairo_user_font_face_set_unicode_to_glyph_func
cairo_get_source
cairo_get_current_point
cairo_get_target
cairo_get_group_target
cairo_status
cairo_device_destroy
cairo_surface_create_similar
cairo_surface_create_similar_image
cairo_surface_map_to_image
cairo_surface_unmap_image
cairo_surface_create_for_rectangle
cairo_surface_get_reference_count
cairo_surface_status
cairo_surface_get_type
cairo_surface_get_content
cairo_surface_write_to_png
cairo_surface_get_user_data
cairo_push_group_with_content
cairo_surface_set_mime_data
cairo_surface_flush
cairo_surface_mark_dirty
cairo_surface_set_device_scale
cairo_clip_preserve
cairo_surface_set_fallback_resolution
cairo_surface_copy_page
cairo_surface_show_page
cairo_image_surface_create
cairo_format_stride_for_width
cairo_image_surface_create_for_data
cairo_image_surface_get_data
cairo_image_surface_get_format
cairo_image_surface_get_width
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_image_surface_create_from_png_stream
cairo_recording_surface_create
cairo_pattern_create_rgb
cairo_pattern_create_rgba
cairo_pattern_create_for_surface
cairo_pattern_create_linear
cairo_pattern_create_radial
cairo_pattern_create_mesh
cairo_pattern_get_user_data
cairo_pattern_get_type
cairo_pattern_add_color_stop_rgba
cairo_mesh_pattern_begin_patch
cairo_mesh_pattern_end_patch
cairo_mesh_pattern_curve_to
cairo_mesh_pattern_line_to
cairo_mesh_pattern_move_to
cairo_mesh_pattern_set_control_point
cairo_mesh_pattern_set_corner_color_rgba
cairo_pattern_set_matrix
cairo_pattern_get_matrix
cairo_pattern_set_extend
cairo_pattern_get_extend
cairo_pattern_set_filter
cairo_pattern_get_filter
cairo_matrix_translate
cairo_matrix_scale
cairo_matrix_rotate
cairo_matrix_invert
cairo_matrix_multiply
cairo_script_create
cairo_script_from_recording_surface
cairo_ft_font_face_create_for_ft_face
cairo_restore
cairo_save
cairo_set_user_data
cairo_get_user_data
cairo_create
cairo_matrix_init_identity
cairo_matrix_init
cairo_pattern_destroy
cairo_pattern_reference
cairo_surface_destroy
cairo_clip
cairo_reset_clip
cairo_show_page
cairo_copy_page
cairo_fill_preserve
cairo_fill
cairo_stroke_preserve
cairo_stroke
cairo_mask
cairo_paint_with_alpha
cairo_paint
cairo_close_path
cairo_rectangle
cairo_rel_curve_to
cairo_rel_line_to
cairo_rel_move_to
cairo_arc_negative
cairo_arc
cairo_curve_to
cairo_line_to
cairo_new_sub_path
cairo_move_to
cairo_new_path
cairo_set_matrix
cairo_transform
cairo_rotate
cairo_scale
cairo_translate
cairo_set_miter_limit
cairo_set_dash
cairo_set_line_join
cairo_set_line_cap
cairo_set_hairline
cairo_set_line_width
cairo_set_fill_rule
cairo_set_antialias
cairo_set_tolerance
cairo_set_source_surface
cairo_set_source_rgba
cairo_set_source_rgb
cairo_set_source
cairo_set_operator
cairo_surface_set_device_offset
cairo_pop_group
cairo_surface_reference
cairo_scaled_font_destroy
cairo_scaled_font_reference
cairo_font_face_destroy
cairo_font_face_reference
cairo_destroy
cairo_surface_set_user_data
cairo_reference

zlib1

inflateEnd
inflate
inflateInit_
uncompress

freetype-6

FT_Init_FreeType
FT_New_Memory_Face
FT_Done_Face

vcruntime140

memcpy
memmove
__current_exception_context
memcmp
memset
strchr
longjmp
__intrinsic_setjmp
__C_specific_handler
__std_type_info_destroy_list
__current_exception

api-ms-win-crt-stdio-l1-1-0

fread
fopen
__acrt_iob_func
fclose
__stdio_common_vsprintf
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_cexit
_wassert
_crt_at_quick_exit
_initterm
_initterm_e
_seh_filter_dll
_crt_atexit
_execute_onexit_table
terminate
_configure_narrow_argv
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

floor
ceil
pow

api-ms-win-crt-string-l1-1-0

strcmp

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW

Exports

Exports

cairo_script_interpreter_create
cairo_script_interpreter_destroy
cairo_script_interpreter_feed_stream
cairo_script_interpreter_feed_string
cairo_script_interpreter_finish
cairo_script_interpreter_get_line_number
cairo_script_interpreter_install_hooks
cairo_script_interpreter_reference
cairo_script_interpreter_run
cairo_script_interpreter_translate_stream

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

122971c35521a65a87fe51bd006f8fd4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cairo-2

zlib1

freetype-6

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 956B

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 956B