694b78040843185764a8043107f28d90_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

694b78040843185764a8043107f28d90_NeikiAnalytics.exe
Size

1.7MB
MD5

694b78040843185764a8043107f28d90
SHA1

f674a30ac6c0c294260702596044bd27d1782b23
SHA256

b9139e1920c2e55b9c1998f15280e5ab95332395874738698871176d45f24fbb
SHA512

a1b7f5af2329df75aba4eb71a3f5dd6effebe5d9bbeaefc18a6716e9eaeac62c1131eba94fc5fbde42622d99ad4339d10604ad043aa65aa388aef65d8846d216
SSDEEP

24576:55HiacBOaFVTjY0ALhuPWfBAUZLY/fJbbTn0filzu/v0Gavkg3NyT:55HFcbcNuPWfBAUZLYn50wK30GaX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
694b78040843185764a8043107f28d90_NeikiAnalytics.exe

Files

694b78040843185764a8043107f28d90_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

2636d171b5a2d427fb08d653d86422ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

closesocket
connect
ioctlsocket
getsockopt
htonl
htons
inet_addr
inet_ntoa
ntohs
recv
select
send
socket
gethostbyaddr
gethostbyname
getservbyport
getservbyname
inet_ntop
listen
getsockname
bind
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet

libpypy3.9-c

PyPyThreadState_Get
PyPyType_Ready
PyPyByteArray_Size
PyPyNumber_Negative
PyPyCapsule_GetName
PyPyFloat_AsDouble
PyPyDict_New
PyPyExc_SystemError
PyPyErr_Clear
PyPyDict_GetItemString
PyPyExc_StopIteration
PyPyModule_GetDict
PyPyBytes_FromStringAndSize
PyPyCMethod_New
PyPyCallable_Check
PyPyCapsule_IsValid
PyPyDict_Contains
PyPyErr_GivenExceptionMatches
PyPyUnicode_Decode
PyPyMem_Free
PyPyObject_SetAttr
PyPy_GetVersion
PyPyDict_Next
PyPyDict_Size
_PyPy_NotImplementedStruct
PyPyList_Sort
PyPyExc_ImportError
PyPyNumber_Absolute
PyPyList_Insert
PyPyImport_ImportModule
PyPyTuple_SetItem
PyPyImport_AddModule
PyPyTuple_New
PyPyObject_Call
PyPyUnicode_DecodeUTF8
PyPyCode_NewEmpty
PyPyObject_CallFinalizerFromDealloc
PyPyNumber_FloorDivide
PyPyMapping_Check
PyPyList_Append
PyPySequence_DelItem
PyPyModule_NewObject
PyPyNumber_Or
PyPySequence_ITEM
PyPyExc_RuntimeWarning
PyPyErr_NoMemory
_PyPy_FalseStruct
PyPyDict_Type
PyPyNumber_Add
PyPyErr_Restore
PyPyExc_RuntimeError
PyPyUnicode_FromStringAndSize
PyPyObject_RichCompareBool
PyPyObject_Repr
PyPyUnicode_AsUTF8String
PyPyBytes_AsStringAndSize
PyPyFloat_FromString
PyPyUnicode_Compare
PyPyObject_VectorcallDict
PyPyDict_Copy
PyPyException_SetTraceback
PyPyTuple_Size
PyPyModule_GetName
PyPyExc_ValueError
PyPyList_GET_SIZE
PyPySet_Add
PyPyUnicode_FromString
PyPyObject_SetItem
PyPyCode_New
PyPyDict_DelItem
PyPyUnicode_Type
PyPySet_Contains
PyPyList_Size
PyPySlice_New
PyPySlice_Type
PyPyDict_GetItemWithError
PyPyNumber_InPlaceAdd
PyPyExc_BaseException
PyPySet_Check
PyPyTraceBack_Here
PyPyImport_ImportModuleLevelObject
_PyPy_TrueStruct
PyPyErr_Format
PyPyNumber_Subtract
PyPyLong_FromSsize_t
PyPyErr_SetExcInfo
PyPyExc_ModuleNotFoundError
PyPyErr_GetExcInfo
PyPyNumber_Xor
PyPyMem_Malloc
PyPyTuple_GetItem
PyPyBytes_Type
PyPyObject_RichCompare
PyPyLong_AsDouble
PyPyType_IsSubtype
PyPyObject_GC_Del
PyPyFrozenSet_Type
PyPyCapsule_GetPointer
_PyPy_Dealloc
PyPyObject_IsTrue
PyPyUnicode_Format
PyPyDict_SetItemString
PyPyObject_GetAttr
PyPyUnicode_FromOrdinal
PyPyObject_DelAttr
PyPyList_New
PyPyObject_GenericGetAttr
PyPyDict_Clear
PyPyBaseObject_Type
PyPyObject_DelItem
PyPyErr_ExceptionMatches
PyPySequence_Tuple
PyPyErr_WarnEx
PyPyExc_AttributeError
PyPyObject_ClearWeakRefs
PyPyImport_GetModule
PyPyObject_GetAttrString
PyPyObject_SetAttrString
_PyPy_NoneStruct
PyPyObject_Free
PyPyUnicode_FromFormat
PyPyModuleDef_Init
PyPyObject_GetItem
PyPyErr_Occurred
_PyPyObject_GC_New
PyPyBool_Type
PyPyOS_string_to_double
PyPy_UNICODE_ISSPACE
PyPySequence_List
PyPyNumber_Float
PyPyType_Modified
PyPyFloat_Type
PyPyImport_GetModuleDict
PyPyNumber_Multiply
PyPyExc_NameError
PyPyLong_AsSsize_t
PyPyTuple_GetSlice
PyPyUnicode_AsUnicode
PyPyExc_TypeError
PyPyNumber_Positive
PyPyIter_Next
PyPyOS_snprintf
PyPyObject_IsInstance
PyPySequence_GetSlice
PyPyUnicode_InternFromString
PyPyObject_Format
PyPyFrame_New
PyPyCapsule_New
PyPyNumber_TrueDivide
PyPyTuple_Type
PyPyNumber_Lshift
PyPyMethod_New
PyPyMem_Realloc
PyPyNumber_Index
PyPyFloat_FromDouble
PyPyByteArray_AsString
PyPyUnicode_DecodeASCII
PyPyUnicode_Concat
PyPyLong_FromLong
PyPyUnicode_Join
PyPyObject_Hash
PyPyUnicode_AsUTF8
_PyPyUnicode_Ready
PyPyExc_NotImplementedError
PyPyNumber_And
PyPyTuple_Pack
PyPySequence_GetItem
PyPyList_SetItem
PyPyNumber_Divmod
PyPyErr_SetString
PyPyErr_NormalizeException
PyPyErr_SetObject
PyPyNumber_Long
PyPyNumber_Power
PyPyBytes_Size
PyPyNumber_Rshift
PyPySet_New
PyPyNumber_Remainder
PyPyBytes_FromString
PyPyObject_Size
PyPyFloat_AS_DOUBLE
PyPyObject_GetIter
PyPyErr_Fetch
PyPySequence_Contains
PyPyComplex_Type
PyPyLong_Type
PyPyInterpreterState_GetID
PyPyBytes_AS_STRING
PyPyObject_CallObject
PyPyList_Type
PyPyDict_SetItem
PyPyByteArray_CheckExact
PyPyObject_Str
PyPyNumber_Invert
PyPySequence_Size
PyPyObject_IsSubclass

kernel32

CloseHandle
DuplicateHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetACP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

vcruntime140

strchr
strrchr
memcpy
memmove
memset
strstr
__std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__acrt_iob_func
_open
_fileno
_getcwd
_write
_read
_dup
_close
_lseeki64
__stdio_common_vsprintf_s
fwrite
__stdio_common_vfprintf
_wopen
_wfopen
fclose
__stdio_common_vsprintf
ferror
fread
fopen
fflush

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s
strncpy_s
strncmp
strcmp
isspace
strncpy
toupper
tolower

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
strerror
abort
_execute_onexit_table
_cexit
_initterm_e
_errno
_endthread
_beginthread

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_stat64i32

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

mbrtowc
strtoul
wcstombs
strtol

api-ms-win-crt-locale-l1-1-0

setlocale

Exports

Exports

PyInit_objectify

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 978KB - Virtual size: 978KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2636d171b5a2d427fb08d653d86422ec

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

libpypy3.9-c

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 671KB - Virtual size: 670KB

.rdata Size: 978KB - Virtual size: 978KB

.data Size: 51KB - Virtual size: 61KB

.pdata Size: 27KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 671KB - Virtual size: 670KB

.rdata
Size: 978KB - Virtual size: 978KB

.data
Size: 51KB - Virtual size: 61KB

.pdata
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 8KB - Virtual size: 8KB