117dde5c8292df2c4305c5899b22a970_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

117dde5c8292df2c4305c5899b22a970_NeikiAnalytics.exe
Size

78KB
MD5

117dde5c8292df2c4305c5899b22a970
SHA1

e91487e84f6abbf1b55c9fd58df94ac6386d7ada
SHA256

0a9164db5143909c64c6e6b4ae473800c1cff56e7ca8e7c4121bae69e067c190
SHA512

445d60553a2d6e44707503849890bfedb5612d1c8638016d10f96cbd0d935dc67d1a1df38128df98cc1e9f44eea81deaa0dc4b8307ab36d96f1e15cdb31d8c6c
SSDEEP

1536:KIxLIbLPlQBJgQuuuBcnToIfkIOcIOj0g28sVC:JxLwpQBGGswTBfKSj0g28sVC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
117dde5c8292df2c4305c5899b22a970_NeikiAnalytics.exe

Files

117dde5c8292df2c4305c5899b22a970_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

e1f4496d984d67564a9abc7c3f25bca9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\code\kodi-deps\Build\win10-x64\zlib-prefix\src\zlib-build\RelWithDebInfo\zlib.pdb

Imports

vcruntime140_app

memset
memchr
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

_open
_lseeki64
_wopen
_read
_write
__stdio_common_vsprintf
_close

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_cexit
_configure_narrow_argv
_initterm
_seh_filter_dll
_initialize_onexit_table
_initterm_e
_errno
strerror

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1f4496d984d67564a9abc7c3f25bca9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140_app

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-interlocked-l1-1-0

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 88B

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 88B