D:\a\weasel\weasel\ARM\Release\weaselARM.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2c2100d0cdfa0c106afb121e3fc865b0_NeikiAnalytics.dll
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2c2100d0cdfa0c106afb121e3fc865b0_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
2c2100d0cdfa0c106afb121e3fc865b0_NeikiAnalytics.exe
-
Size
874KB
-
MD5
2c2100d0cdfa0c106afb121e3fc865b0
-
SHA1
358c71d0c4abb459ae2d2be38226ee2594b01cb2
-
SHA256
ee5350c35a103ccbec54783148a3a471e5b551651ca660fc6af325c9004d5c87
-
SHA512
f1c38440a37dfff7ed43e52202528edbcf8f4ece961b0874635fed4163c29833b07212fb0ee951235b04a9e34f6e72b6874c5656af99bc4b2b574623888e74fa
-
SSDEEP
12288:vSDtRv69QPErMRyKC6joRRGiZQ6ZPcVEvp4QnbpnzANmGUW:aDLbgV68ZQ6Rvp4qbpniFUW
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2c2100d0cdfa0c106afb121e3fc865b0_NeikiAnalytics.exe
Files
-
2c2100d0cdfa0c106afb121e3fc865b0_NeikiAnalytics.exe.dll regsvr32 windows:6 windows
f39b0909b4d81f511ecd80bcd45db41e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetEnvironmentVariableW
GetModuleFileNameW
GetCurrentThreadId
lstrcpyW
ExitProcess
GetLastError
GetSystemWow64DirectoryW
ExpandEnvironmentStringsW
DeleteCriticalSection
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionEx
GetACP
IsValidCodePage
GetTimeZoneInformation
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
TerminateProcess
FreeLibraryAndExitThread
FreeLibrary
ExitThread
CreateThread
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
IsDebuggerPresent
GetProcAddress
GetOEMCP
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
WideCharToMultiByte
FormatMessageA
LocalFree
CreateEventA
CloseHandle
SetEvent
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
CreateFileW
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ReadFile
RaiseException
SetLastError
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
DecodePointer
GetProcessHeap
WaitForSingleObjectEx
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
TryEnterCriticalSection
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
InitOnceBeginInitialize
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeSListHead
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
ResetEvent
OpenEventA
TlsAlloc
TlsGetValue
user32
ToUnicodeEx
GetKeyboardState
GetMenuItemCount
GetMenuItemInfoW
SetRect
CallWindowProcW
EndPaint
BeginPaint
DefWindowProcW
DestroyIcon
DrawIconEx
MessageBoxW
GetMonitorInfoW
CopyRect
GetCursorPos
UpdateLayeredWindow
GetClientRect
GetWindowRect
InvalidateRect
TrackMouseEvent
PtInRect
InflateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
OffsetRect
IsRectEmpty
RedrawWindow
ReleaseDC
SetWindowPos
GetDC
MonitorFromRect
CreateWindowExW
GetForegroundWindow
SendInput
GetFocus
SetWindowLongW
DestroyWindow
GetCaretPos
GetWindowLongW
LoadCursorW
GetWindowThreadProcessId
GetSystemMetrics
LoadImageW
DestroyMenu
TrackPopupMenuEx
GetSubMenu
LoadMenuW
IsWindow
KillTimer
ShowWindow
SetTimer
UnregisterClassW
RegisterClassExW
GetClassInfoExW
advapi32
RegEnumKeyExA
RegGetValueW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
GetUserNameW
RegOpenKeyA
RegCloseKey
RegQueryValueExW
shell32
ShellExecuteW
ole32
CoCreateInstance
oleaut32
SysAllocString
SysAllocStringLen
gdiplus
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipDeletePen
GdipSetPenColor
GdipCreatePath
GdipAlloc
GdipAddPathRectangleI
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawPath
GdipFillPath
GdipDrawImageI
GdipDeletePath
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipAddPathLineI
GdipAddPathArcI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateRegionPath
GdipDeleteRegion
GdipCloneRegion
GdipCombineRegionRegion
GdipIsEmptyRegion
GdipFree
GdipCloneImage
d2d1
ord1
dwrite
DWriteCreateFactory
api-ms-win-shcore-scaling-l1-1-1
GetDpiForMonitor
gdi32
DeleteObject
CreateCompatibleBitmap
SelectObject
BitBlt
SetViewportOrgEx
CreateCompatibleDC
DeleteDC
StretchBlt
Exports
Exports
??0?$codecvt_null@_W@archive@boost@@QAA@I@Z
??0?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IAA@XZ
??1?$codecvt_null@_W@archive@boost@@UAA@XZ
??_F?$codecvt_null@_W@archive@boost@@QAAXXZ
?do_always_noconv@?$codecvt_null@_W@archive@boost@@EBA_NXZ
?do_encoding@?$codecvt_null@_W@archive@boost@@EBAHXZ
?do_in@?$codecvt_null@_W@archive@boost@@EBAHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?do_max_length@?$codecvt_null@_W@archive@boost@@EBAHXZ
?do_out@?$codecvt_null@_W@archive@boost@@EBAHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UCandidateInfo@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UText@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UTextAttribute@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UTextRange@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UUIStyle@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AAAAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAA_NXZ
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAAAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAAXXZ
?unlock@singleton_module@serialization@boost@@QAAXXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 449KB - Virtual size: 449KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 193KB - Virtual size: 193KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 170KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ