5314caa884f719dd3dca984ddc501000_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5314caa884f719dd3dca984ddc501000_NeikiAnalytics.exe
Size

341KB
MD5

5314caa884f719dd3dca984ddc501000
SHA1

600aa51eff18fcd5a793aa3b2833b72c9771db57
SHA256

992c598df1ca17da608ed939e9db4c271beb565ceb3f7971ed45b974195db515
SHA512

6474df8e6348ce6625d8d6f45e993f58e83dd3dc9bbc670753e3bd445a67d2621c3e25679e963fb7ae4bf5600cb905e61c706dc2eb4cff5c784f08f348920462
SSDEEP

6144:N1qW5pHdEp9I2viuPIWSchIOOO7OOOOOOOOOOOOOOOOOtOOOOOOOOOOOBOOOOOOq:N9p9i9I2vieIWKF35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5314caa884f719dd3dca984ddc501000_NeikiAnalytics.exe

Files

5314caa884f719dd3dca984ddc501000_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

e36bf8a44e9f9dbb4b11b046655c3e41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\h2\h2\target\x86_64-pc-windows-msvc\release\deps\jh2.pdb

Imports

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcess
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
GetCurrentDirectoryW
SetLastError
QueryPerformanceFrequency
HeapFree
RtlLookupFunctionEntry
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
HeapAlloc
RtlVirtualUnwind
RtlCaptureContext
AcquireSRWLockExclusive
QueryPerformanceCounter
GetConsoleMode
WaitForSingleObject
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
SetUnhandledExceptionFilter
CloseHandle
GetProcAddress
GetLastError
GetModuleHandleA
GetProcessHeap
Sleep
IsProcessorFeaturePresent

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtWriteFile

bcrypt

BCryptGenRandom

libpypy3-c

_PyPy_TrueStruct
_PyPy_FalseStruct
PyPyExc_TypeError
PyPyExc_Exception
PyPyType_IsSubtype
PyPyExc_SystemError
PyPyErr_WriteUnraisable
PyPyTuple_New
PyPyTuple_SetItem
PyPySequence_Check
PyPySequence_Size
PyPyUnicode_AsUTF8AndSize
PyPyBaseObject_Type
PyPyUnicode_FromStringAndSize
_PyPy_Dealloc
PyPyUnicode_InternInPlace
PyPyUnicode_AsEncodedString
PyPyObject_Repr
PyPyObject_Str
PyPyErr_Restore
PyPyExc_ValueError
PyPyExc_RuntimeError
PyPyException_GetTraceback
PyPyException_SetTraceback
PyPyErr_Fetch
PyPyErr_PrintEx
PyPyErr_NewExceptionWithDoc
PyPyException_GetCause
PyPyException_SetCause
PyPyGILState_Release
PyPyErr_Print
PyPy_IsInitialized
PyPyGILState_Ensure
PyPyBytes_AsString
PyPyErr_NormalizeException
PyPyErr_SetString
PyPyErr_SetObject
PyPyObject_GetAttr
PyPyExc_BaseException
PyPyModule_Create2
PyPyTuple_Size
PyPyTuple_GetItem
PyPyLong_FromUnsignedLongLong
PyPyErr_GivenExceptionMatches
PyPyObject_SetAttr
PyPyObject_GetItem
PyPyObject_SetItem
PyPyObject_DelItem
PyPyBool_Type
PyPyObject_GetIter
PyPyIter_Next
PyPyObject_SetAttrString
PyPyBytes_FromStringAndSize
PyPyList_New
PyPyList_Append
PyPyNumber_Index
PyPyExc_OverflowError
PyPyLong_AsUnsignedLongLong
PyPyLong_FromSsize_t
PyPyDict_Size
PyPyDict_Next
PyPyType_FromSpec
PyPyType_GenericAlloc
PyPyBytes_Size
_PyPy_NoneStruct
PyPyUnicode_Check
PyPyExc_AttributeError

vcruntime140

__CxxFrameHandler3
memcmp
memmove
memset
_CxxThrowException
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_cexit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit__hazmat

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e36bf8a44e9f9dbb4b11b046655c3e41

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

bcrypt

libpypy3-c

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 11KB - Virtual size: 10KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 11KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 1KB