2c530bd4fc5a40048bc6eca30a982de0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2c530bd4fc5a40048bc6eca30a982de0_NeikiAnalytics.exe
Size

248KB
MD5

2c530bd4fc5a40048bc6eca30a982de0
SHA1

eb22e74bc00180e54a03ef037cc61b79fa9c972f
SHA256

35326a367f9d52e3e4e51698267180d303993ec60952447a188f4fab54b0c587
SHA512

b35958873a0a23177a386b1e2b4088202087e66aa07123af8154a98c418c86ec77c6784d11c82ad63d080b64cfe78c454b13c746d6cd233a2e75dedfbc923b9b
SSDEEP

3072:E0HH28DFX0PG43y1zlBwNW1/adhRrSqZ2WKxjsTORgXCMTSVVO9caMFHt1BWg9Ri:E0nthX0Gl9aTORg7TSbRZUmR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c530bd4fc5a40048bc6eca30a982de0_NeikiAnalytics.exe

Files

2c530bd4fc5a40048bc6eca30a982de0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

9e72be60f18f52375454813b20e98791

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryServer-NullNetworkReplayStreaming.pdb

Imports

factoryserver-core

?HandleAtomicsFailure@FWindowsPlatformAtomics@@KAXPEB_WZZ
?Free@FMemory@@SAXPEAX@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FName@@QEAA@PEBDW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?DoSetup@FThreadSafeStaticStatBase@@IEBAPEBUTStatIdData@@PEBDPEB_W001_N2W4Type@EStatDataType@@22W4EMemoryCounterRegion@FWindowsPlatformMemory@@@Z
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?Memcpy@FGenericPlatformString@@CAPEAXPEAXPEBX_K@Z
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
?GetChangelist@FEngineVersionBase@@QEBAIXZ
??0FArchiveState@@AEAA@XZ
??1FArchiveState@@EEAA@XZ
??6@YAAEAVFArchive@@AEAV0@AEAVFString@@@Z
?SerializeByteOrderSwapped@FArchive@@AEAAAEAV1@AEAI@Z
??0FString@@QEAA@PEBD@Z
??0FString@@QEAA@PEB_W@Z
??0FString@@QEAA@HPEB_W@Z
??4FString@@QEAAAEAV0@PEB_W@Z
?AssignRange@FString@@AEAAXPEB_WH@Z
?Empty@FString@@QEAAXXZ
?Reset@FString@@QEAAXH@Z
?AppendChar@FString@@QEAAAEAV1@_W@Z
?ConcatFF@FString@@CA?AV1@AEBV1@$$QEAV1@@Z
?ConcatFC@FString@@CA?AV1@$$QEAV1@PEB_W@Z
?IsNumeric@FString@@QEBA_NXZ
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?ReplaceInline@FString@@QEAAHPEB_W0W4Type@ESearchCase@@@Z
?AppendInt@FString@@QEAAXH@Z
?ToBool@FString@@QEBA_NXZ
?SanitizeFloat@FString@@SA?AV1@NH@Z
?InlineCombineSurrogates@StringConv@@YAXAEAVFString@@@Z
??1?$TStringBuilderBase@D@@QEAA@XZ
?AppendfImpl@?$TStringBuilderBase@D@@CAAEAV1@AEAV1@PEBDZZ
??1?$TStringBuilderBase@_W@@QEAA@XZ
?AppendfImpl@?$TStringBuilderBase@_W@@CAAEAV1@AEAV1@PEB_WZZ
?Extend@?$TStringBuilderBase@_W@@IEAAX_K@Z
?FromValidEName@FNameEntryId@@CA?AU1@W4EName@@@Z
?ToString@FName@@QEBA?AVFString@@XZ
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?BasicFatalLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?StackWalkAndDump@FWindowsPlatformStackWalk@@SAXPEAD_KHPEAX@Z
?ThreadStackWalkAndDump@FWindowsPlatformStackWalk@@SAXPEAD_KHI@Z
?GetDestructionSentinelStackTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@PEAUFDestructionSentinel@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
?GetReadersTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@UFReaderNum@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
?SystemTime@FWindowsPlatformTime@@SAXAEAH0000000@Z
?FromString@FText@@SA?AV1@$$QEAVFString@@@Z
?ToString@FText@@QEBAAEBVFString@@XZ
?ToIso8601@FDateTime@@QEBA?AVFString@@XZ
?ToString@FDateTime@@QEBA?AVFString@@XZ
?Now@FDateTime@@SA?AU1@XZ
?ParseIso8601@FDateTime@@SA_NPEB_WAEAU1@@Z
?Get@IFileManager@@SAAEAV1@XZ
?ProjectSavedDir@FPaths@@SAAEBVFString@@XZ
?DirectoryExists@FPaths@@SA_NAEBVFString@@@Z
?CombineInternal@FPaths@@KA?AVFString@@PEBV?$TStringView@_W@@H@Z
?Current@FEngineVersion@@SAAEBV1@XZ
?GetArchiveName@FArchiveState@@UEBA?AVFString@@XZ
?EngineNetVer@FArchiveState@@UEBAIXZ
?GameNetVer@FArchiveState@@UEBAIXZ
?GetCustomVersions@FArchiveState@@UEBAAEBVFCustomVersionContainer@@XZ
?SetCustomVersions@FArchiveState@@UEAAXAEBVFCustomVersionContainer@@@Z
?ResetCustomVersions@FArchiveState@@UEAAXXZ
?SetSerializedPropertyChain@FArchiveState@@UEAAXPEBUFArchiveSerializedPropertyChain@@PEAVFProperty@@@Z
?Reset@FArchiveState@@UEAAXXZ
?SetIsLoading@FArchiveState@@UEAAX_N@Z
?SetIsLoadingFromCookedPackage@FArchiveState@@UEAAX_N@Z
?SetIsSaving@FArchiveState@@UEAAX_N@Z
?SetIsTransacting@FArchiveState@@UEAAX_N@Z
?SetIsTextFormat@FArchiveState@@UEAAX_N@Z
?SetWantBinaryPropertySerialization@FArchiveState@@UEAAX_N@Z
?SetUseUnversionedPropertySerialization@FArchiveState@@UEAAX_N@Z
?SetForceUnicode@FArchiveState@@UEAAX_N@Z
?SetIsPersistent@FArchiveState@@UEAAX_N@Z
?SetUEVer@FArchiveState@@UEAAXUFPackageFileVersion@@@Z
?SetLicenseeUEVer@FArchiveState@@UEAAXH@Z
?SetEngineVer@FArchiveState@@UEAAXAEBVFEngineVersionBase@@@Z
?SetEngineNetVer@FArchiveState@@UEAAXI@Z
?SetGameNetVer@FArchiveState@@UEAAXI@Z
??6FArchive@@UEAAAEAV0@AEAUFWeakObjectPtr@@@Z
??6FArchive@@UEAAAEAV0@AEAUFSoftObjectPath@@@Z
??6FArchive@@UEAAAEAV0@AEAUFSoftObjectPtr@@@Z
??6FArchive@@UEAAAEAV0@AEAUFObjectPtr@@@Z
??6FArchive@@UEAAAEAV0@AEAUFLazyObjectPtr@@@Z
??6FArchive@@UEAAAEAV0@AEAVFText@@@Z
?SerializeIntPacked@FArchive@@UEAAXAEAI@Z
?SerializeIntPacked64@FArchive@@UEAAXAEA_K@Z
?UsingCustomVersion@FArchive@@UEAAXAEBUFGuid@@@Z
?PushSerializedProperty@FArchive@@UEAAXPEAVFProperty@@_N@Z
?PopSerializedProperty@FArchive@@UEAAXPEAVFProperty@@_N@Z
?CRCTable_DEPRECATED@FCrc@@2PAIA
?LogSerialization@@3UFLogCategoryLogSerialization@@A

factoryserver-engine

??1FTickableGameObject@@UEAA@XZ
??0FTickableGameObject@@QEAA@XZ

factoryserver-networkreplaystreaming

?HasError@INetworkReplayStreamer@@UEBA_NXZ
?HandleLastError@INetworkReplayStreamer@@UEAA?AW4EHandleNetResult@Net@UE@@AEAVFNetResultManager@34@@Z
?SetExtendedError@INetworkReplayStreamer@@UEAAX$$QEAUFNetResult@Net@UE@@@Z
?AppendCommonReplayAttributes@INetworkReplayStreamer@@UEBA?AV?$TArray@UFAnalyticsEventAttribute@@V?$TSizedDefaultAllocator@$0CA@@@@@$$QEAV2@@Z
?GetMaxNumberOfAutomaticReplays@FNetworkReplayStreaming@@SAHXZ
?GetLastError@INetworkReplayStreamer@@UEBA?AW4Type@ENetworkReplayError@@XZ

factoryserver-json

?LogJson@@3UFLogCategoryLogJson@@A
?TryGetNumber@FJsonValue@@UEBA_NAEAH@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAM@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAC@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAF@Z
?TryGetNumber@FJsonValue@@UEBA_NAEA_J@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAE@Z
?AsNumber@FJsonValue@@QEBANXZ
?AsString@FJsonValue@@QEBA?AVFString@@XZ
?AsArray@FJsonValue@@QEBAAEBV?$TArray@V?$TSharedPtr@VFJsonValue@@$00@@V?$TSizedDefaultAllocator@$0CA@@@@@XZ
?SetField@FJsonObject@@QEAAXAEBVFString@@AEBV?$TSharedPtr@VFJsonValue@@$00@@@Z
?GetNumberField@FJsonObject@@QEBANAEBVFString@@@Z
?TryGetNumberField@FJsonObject@@QEBA_NAEBVFString@@AEAH@Z
?TryGetNumberField@FJsonObject@@QEBA_NAEBVFString@@AEA_J@Z
?TryGetNumberField@FJsonObject@@QEBA_NAEBVFString@@AEAI@Z
?GetStringField@FJsonObject@@QEBA?AVFString@@AEBV2@@Z
?GetBoolField@FJsonObject@@QEBA_NAEBVFString@@@Z
?GetArrayField@FJsonObject@@QEBAAEBV?$TArray@V?$TSharedPtr@VFJsonValue@@$00@@V?$TSizedDefaultAllocator@$0CA@@@@@AEBVFString@@@Z
?GetObjectField@FJsonObject@@QEBAAEBV?$TSharedPtr@VFJsonObject@@$00@@AEBVFString@@@Z
?AsObject@FJsonValue@@UEBAAEBV?$TSharedPtr@VFJsonObject@@$00@@XZ
?TryGetNumber@FJsonValue@@UEBA_NAEA_K@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAI@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAG@Z

kernel32

GetCurrentThreadId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
InitializeSListHead
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

vcruntime140

__C_specific_handler
_purecall
memcpy
memmove
memset
__current_exception
__std_type_info_destroy_list
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

iswspace

api-ms-win-crt-convert-l1-1-0

wcstod
_wtof
_wtoi
_wtoi64
_wcstoui64

api-ms-win-crt-math-l1-1-0

powf
_finite

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
terminate
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_seh_filter_dll

Exports

Exports

InitializeModule

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e72be60f18f52375454813b20e98791

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factoryserver-core

factoryserver-engine

factoryserver-networkreplaystreaming

factoryserver-json

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.uedbg Size: 1KB - Virtual size: 1KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 130KB - Virtual size: 129KB

.uedbg
Size: 1KB - Virtual size: 1KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 2KB - Virtual size: 2KB