53de3aa70f6219ea9dfe219f84db2a90_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

53de3aa70f6219ea9dfe219f84db2a90_NeikiAnalytics.exe
Size

2.2MB
MD5

53de3aa70f6219ea9dfe219f84db2a90
SHA1

46447e74af36c9627a5dea122fbca7222f72d526
SHA256

369620eb46e853a0dba5ae4bc18e86459b52f1f8a45b7f0c8b3630ef455c9bc5
SHA512

c590bbc67a3f30740b76cf273c336f979ef05e5168c10628190f70a6279c272114d535cb9df9baab0f1be0959c28370838a600e3de7fceb5ab35911e1a8a8151
SSDEEP

49152:QL9Ob/WTjorKGvOzTsiOzZJmDmQd2bxx1GeldwuG2P:4hHorKGvOzY/JmS02P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53de3aa70f6219ea9dfe219f84db2a90_NeikiAnalytics.exe

Files

53de3aa70f6219ea9dfe219f84db2a90_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

68625e21f8184f17ea8ee7f74c3e4a2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\User\RustroverProjects\svg_to_pdf_python_lib\target\release\deps\svg_to_pdf.pdb

Imports

kernel32

QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetCurrentProcessId
FindFirstFileW
DisableThreadLibraryCalls
GetStdHandle
GetCurrentThreadId
GetConsoleMode
InitializeSListHead
GetModuleHandleW
FormatMessageW
GetFullPathNameW
IsDebuggerPresent
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
SetFileInformationByHandle
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
UnhandledExceptionFilter
GetCurrentProcess
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
WaitForSingleObject
SwitchToThread
SetThreadStackGuarantee
GetLastError
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
Sleep
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsProcessorFeaturePresent

advapi32

SystemFunction036

ntdll

NtReadFile
RtlNtStatusToDosError
NtWriteFile

bcrypt

BCryptGenRandom

python3

PyExc_TypeError
PyException_GetTraceback
PyException_SetTraceback
PyErr_Fetch
PyObject_Str
PyErr_Restore
PyErr_PrintEx
PyErr_NewExceptionWithDoc
PyException_GetCause
PyException_SetCause
PyErr_Print
Py_IsInitialized
PyGILState_Ensure
PyList_Append
PyObject_Repr
PyErr_WriteUnraisable
PyErr_NormalizeException
PyErr_SetString
PyErr_SetObject
PyCFunction_NewEx
PyTuple_Size
PyTuple_GetItem
PyLong_FromLong
PyExc_AttributeError
PyModule_GetName
PyUnicode_InternInPlace
PyUnicode_AsEncodedString
PyExc_ImportError
PyModule_Create2
PyExc_BaseException
PyDict_Next
PyObject_GetAttr
PyObject_SetAttr
PyGILState_Release
PyErr_GivenExceptionMatches
PyUnicode_FromStringAndSize
PyTuple_SetItem
PyTuple_New
PyList_SetItem
PyList_New
PyBytes_Size
PyBytes_AsString
PyUnicode_AsUTF8String
PyExc_SystemError
PyType_GetFlags
_Py_NoneStruct
PyExc_ValueError
PyExc_IOError
_Py_Dealloc
PyDict_Size

vcruntime140

__CxxFrameHandler3
memcmp
memmove
memset
_CxxThrowException
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-math-l1-1-0

floor
ceil
powf
round
cos
sin
truncf
acos
fmodf
pow
acosf
tan
sinf
cosf
fmod
atan2
_hypot
ceilf
roundf
floorf
atan2f

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm
_initterm_e
_cexit
_seh_filter_dll
_configure_narrow_argv
_execute_onexit_table
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit_svg_to_pdf

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68625e21f8184f17ea8ee7f74c3e4a2b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

bcrypt

python3

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 460KB - Virtual size: 460KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 53KB - Virtual size: 52KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 460KB - Virtual size: 460KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 53KB - Virtual size: 52KB

.reloc
Size: 9KB - Virtual size: 8KB