4d8a2245aef949da6a07f2f9eb9f9940_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4d8a2245aef949da6a07f2f9eb9f9940_NeikiAnalytics.exe
Size

769KB
MD5

4d8a2245aef949da6a07f2f9eb9f9940
SHA1

5207e734f41d2a0e6565a4bfc1ed893831da66e8
SHA256

0833cde667d0f369aaeb7b2a7bbde76b29f1fc8195f99e30ce738a36476df6d7
SHA512

a94fd2cbeb81157801cd099a21f6a0523317695567bea31ddb49d117ad6bfe1abea3bebd17cea0c77a34e895f2fb9fd135834b7d8f7a215e103b37680fe8028c
SSDEEP

24576:1kCplfnhR2mCwTepLMgLJGTD+zsccVS7VwdmDp/8Z:tlvz2m0aqGTizsccVS7VHDp0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d8a2245aef949da6a07f2f9eb9f9940_NeikiAnalytics.exe

Files

4d8a2245aef949da6a07f2f9eb9f9940_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

ab5d62a08bfea2f85c90a761790f5c8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmSetWindowAttribute

isar_flutter_libs_plugin

IsarFlutterLibsPluginRegisterWithRegistrar

media_kit_libs_windows_video_plugin

MediaKitLibsWindowsVideoPluginCApiRegisterWithRegistrar

media_kit_video_plugin

MediaKitVideoPluginCApiRegisterWithRegistrar

nsd_windows_plugin

NsdWindowsPluginCApiRegisterWithRegistrar

open_dir_windows_plugin

OpenDirWindowsPluginCApiRegisterWithRegistrar

screen_brightness_windows_plugin

ScreenBrightnessWindowsPluginRegisterWithRegistrar

screen_retriever_plugin

ScreenRetrieverPluginRegisterWithRegistrar

share_plus_plugin

SharePlusWindowsPluginCApiRegisterWithRegistrar

url_launcher_windows_plugin

UrlLauncherWindowsRegisterWithRegistrar

window_manager_plugin

WindowManagerPluginRegisterWithRegistrar

advapi32

RegGetValueW

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx

flutter_windows

FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopViewGetHWND
FlutterDesktopResyncOutputStreams
FlutterDesktopGetDpiForMonitor
FlutterDesktopEngineCreate
FlutterDesktopEngineDestroy
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineGetMessenger
FlutterDesktopEngineSetNextFrameCallback
FlutterDesktopViewControllerCreate
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerForceRedraw
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerRelease
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerLock
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerSendWithReply
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopPluginRegistrarGetView
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopPluginRegistrarSetDestructionHandler

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
MultiByteToWideChar
GetLastError
GetFileAttributesW
CreateDirectoryW
RtlVirtualUnwind
GetStartupInfoW
GetFullPathNameA
GetTickCount64
OutputDebugStringA
CreateMutexA
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
CloseHandle
LoadLibraryA
GetProcAddress
GetModuleHandleW
FreeLibrary
AllocConsole
WideCharToMultiByte
LocalFree
GetCommandLineW
AttachConsole
IsDebuggerPresent

user32

MonitorFromPoint
LoadIconW
LoadCursorW
SetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
SetFocus
SetWindowPos
MoveWindow
GetMessageW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
ShowWindow

shell32

CommandLineToArgvW
SHGetKnownFolderPath

msvcp140

??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
_Strcoll
_Thrd_id
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?bad@ios_base@std@@QEBA_NXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Thrd_detach
_Thrd_join
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??1_Locinfo@std@@QEAA@XZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setf@ios_base@std@@QEAAHHH@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?_Xbad_function_call@std@@YAXXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
memset
__std_terminate
memmove
__std_type_info_compare
memcmp
__std_exception_copy
__std_exception_destroy
memcpy
_CxxThrowException
memchr
__current_exception_context
__current_exception
__C_specific_handler
strchr

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_invoke_watson
_exit
_c_exit
exit
_beginthreadex
_initterm_e
_initterm
_errno
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
terminate
_register_thread_local_exe_atexit_callback
abort
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

setvbuf
fwrite
__stdio_common_vsprintf
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
__stdio_common_vfprintf
fclose
ungetc
_get_stream_buffer_pointers
_fileno
freopen_s
__acrt_iob_func
__p__commode
_set_fmode
_dup2

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
realloc
free

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_unlock_file
_lock_file
_stat64i32

api-ms-win-crt-string-l1-1-0

strpbrk
strncmp
strncpy
strtok_s
strcmp
toupper

api-ms-win-crt-time-l1-1-0

_difftime64
_time64
_gmtime64

api-ms-win-crt-convert-l1-1-0

strtod
atoi
_strtof_l
_strtod_l
_strtoi64_l
_strtoui64_l
strtol

api-ms-win-crt-math-l1-1-0

tan
asin
atan
__setusermatherr
sin
cos
acos

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_free_locale
_create_locale
setlocale

Exports

Exports

?FirebaseCorePluginCApiRegisterWithRegistrar@@YAXPEAUFlutterDesktopPluginRegistrar@@@Z

Sections

.text
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab5d62a08bfea2f85c90a761790f5c8b

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

isar_flutter_libs_plugin

media_kit_libs_windows_video_plugin

media_kit_video_plugin

nsd_windows_plugin

open_dir_windows_plugin

screen_brightness_windows_plugin

screen_retriever_plugin

share_plus_plugin

url_launcher_windows_plugin

window_manager_plugin

advapi32

ole32

flutter_windows

kernel32

user32

shell32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 559KB - Virtual size: 558KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 11KB - Virtual size: 14KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 559KB - Virtual size: 558KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 11KB - Virtual size: 14KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 2KB - Virtual size: 1KB