6d16db77056b0e2f60aa94fdb67e2ac0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6d16db77056b0e2f60aa94fdb67e2ac0_NeikiAnalytics.exe
Size

2.6MB
MD5

6d16db77056b0e2f60aa94fdb67e2ac0
SHA1

dd941eee480978b8c34c222462d26dc4a86ee9b4
SHA256

0da23d6c3a820ed8489ab3dba4af75eb6cadbd9054a892106eef7c185db75b41
SHA512

f12d6d0d4f02c8919cd1320c76d5884d900f2d1c339c9653f5b44cc1e84337804c481182e4437db43f8a84c8c341773b84d633b7cf17cbc2e22f55fa13b1326f
SSDEEP

24576:B14fw0wMsiKYABfBH/v0jfHdkkkkkkkkkkJmR5qdKgRI9R1jVWMqOQTMy8N8nj:rnYSfB/c5KgGRXtu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d16db77056b0e2f60aa94fdb67e2ac0_NeikiAnalytics.exe

Files

6d16db77056b0e2f60aa94fdb67e2ac0_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

b4bc8009761a5fd436c00f63a9fa9ca1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

python39

PyObject_Str
PyExc_TypeError
PyUnicode_AsUTF8String
PyNumber_Long
PyTuple_Pack
PyList_SetItem
PyNumber_Check
PyUnicode_FromString
PyObject_CallObject
PyDict_GetItem
PyBuffer_Release
PyObject_IsInstance
PyList_GetItem
PyDict_New
PyBytes_Size
PyList_Append
_PyObject_CallMethod_SizeT
PyBool_FromLong
PyObject_GetAttrString
PyType_Ready
PyModule_Create2
PyList_New
PyObject_GetBuffer
PyLong_AsLong
_PyArg_ParseTuple_SizeT
PyObject_CheckBuffer
PyModule_AddObject
PyObject_Free
PyModule_GetDict
_Py_Dealloc
PyType_IsSubtype
PyType_Type
PyFloat_Type
PyDict_Type
PyBytes_FromStringAndSize
PyErr_Format
PyErr_NewException
_PyArg_ParseTupleAndKeywords_SizeT
PyDict_Next
PyObject_GetIter
PyIter_Next
PyErr_SetString
PyList_Size
PyFloat_FromDouble
PyDict_SetItemString
_Py_NoneStruct
PyBytes_FromString
PyFloat_AsDouble
PyLong_FromLong
PyExc_IOError
PyBytes_AsString
PyImport_ImportModule
PyType_GenericNew
_Py_BuildValue_SizeT

msvcp140

_Thrd_yield
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?uncaught_exception@std@@YA_NXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

kernel32

GetSystemTimeAsFileTime
MultiByteToWideChar
CreateSemaphoreA
FormatMessageA
LocalFree
WaitForSingleObject
ReleaseSemaphore
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
DebugBreak
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW

vcruntime140

memset
_except_handler4_common
__RTDynamicCast
memmove
memcpy
_CxxThrowException
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memchr
__std_type_info_destroy_list
_purecall

api-ms-win-crt-stdio-l1-1-0

fsetpos
ungetc
setvbuf
fgetpos
fputc
__stdio_common_vsprintf
__acrt_iob_func
fflush
fclose
fgetc
__stdio_common_vfprintf
_get_stream_buffer_pointers
_fseeki64
fwrite
fread

api-ms-win-crt-heap-l1-1-0

malloc
_aligned_free
_aligned_malloc
free
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_execute_onexit_table
strerror
_errno
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_configure_narrow_argv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

tolower
strncpy
strncmp

api-ms-win-crt-math-l1-1-0

floor
ceil
_libm_sse2_cos_precise
_fdclass

Exports

Exports

PyInit_OpenEXR

Sections

.text
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4bc8009761a5fd436c00f63a9fa9ca1

Headers

DLL Characteristics

File Characteristics

Imports

python39

msvcp140

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 363KB - Virtual size: 362KB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 363KB - Virtual size: 362KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 20KB - Virtual size: 20KB