8392dddafe859d89ffe858d0b2898080_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8392dddafe859d89ffe858d0b2898080_NeikiAnalytics.exe
Size

54KB
MD5

8392dddafe859d89ffe858d0b2898080
SHA1

d668be0782cd0fe374f1907ae6a3eccc59431f41
SHA256

8da101bc54cc32c47eafe0b4bdc4b1731e70bf54f66df55f131140c99b8d6a3b
SHA512

f2237448fd0e65a9d4c74b982898715bb133675a0b0ce8ff36b4c3150ad5a178239f99673393b2a12adbeb0999190c99d1a66167f0b0aa95ba6e3949feaf8531
SSDEEP

1536:Sa2WnCu5gZ186IdjHtpX8gqrbaig9RM6vC2iiHE7YJt/TzpR/Df2JJ:R2Wni8ntpsNp1qt/Tv2JJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8392dddafe859d89ffe858d0b2898080_NeikiAnalytics.exe

Files

8392dddafe859d89ffe858d0b2898080_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

d00da2e543385e58dbfca07f28f6beca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\tb-c-cen-w32-ntly-000000000000\build\objdir-tb\mfbt\tests\TestMacroArgs.pdb

Imports

kernel32

TerminateProcess
GetCurrentProcess
GetSystemInfo
VirtualAlloc
VirtualFree
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

msvcr120

_invoke_watson
__crtSetUnhandledExceptionFilter
memmove
_except_handler4_common
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
ceil
_controlfp_s
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
memset
memcpy
?terminate@@YAXXZ

msvcp120

?_Syserror_map@std@@YAPBDH@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
_Nan
_Inf
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

Exports

Exports

??0Decimal@WebCore@@QAE@ABV01@@Z
??0Decimal@WebCore@@QAE@ABVEncodedData@01@@Z
??0Decimal@WebCore@@QAE@H@Z
??0Decimal@WebCore@@QAE@W4Sign@01@H_K@Z
??0SHA1Sum@mozilla@@QAE@XZ
??4Decimal@WebCore@@QAEAAV01@ABV01@@Z
??8Decimal@WebCore@@QBE_NABV01@@Z
??9Decimal@WebCore@@QBE_NABV01@@Z
??DDecimal@WebCore@@QBE?AV01@ABV01@@Z
??GDecimal@WebCore@@QBE?AV01@ABV01@@Z
??GDecimal@WebCore@@QBE?AV01@XZ
??HDecimal@WebCore@@QBE?AV01@ABV01@@Z
??KDecimal@WebCore@@QBE?AV01@ABV01@@Z
??MDecimal@WebCore@@QBE_NABV01@@Z
??NDecimal@WebCore@@QBE_NABV01@@Z
??ODecimal@WebCore@@QBE_NABV01@@Z
??PDecimal@WebCore@@QBE_NABV01@@Z
??XDecimal@WebCore@@QAEAAV01@ABV01@@Z
??YDecimal@WebCore@@QAEAAV01@ABV01@@Z
??ZDecimal@WebCore@@QAEAAV01@ABV01@@Z
??_0Decimal@WebCore@@QAEAAV01@ABV01@@Z
??_FDecimal@WebCore@@QAEXXZ
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z
?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z
?HashBytes@mozilla@@YAIPBXI@Z
?IsFloat32Representable@mozilla@@YA_NN@Z
?ToExponential@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z
?ToFixed@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPA_NPAVStringBuilder@2@@Z
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z
?abs@Decimal@WebCore@@QBE?AV12@XZ
?alignOperands@Decimal@WebCore@@CA?AUAlignedOperands@12@ABV12@0@Z
?ceiling@Decimal@WebCore@@QBE?AV12@XZ
?compareTo@Decimal@WebCore@@ABE?AV12@ABV12@@Z
?compress@LZ4@Compression@mozilla@@SAIPBDIPAD@Z
?compressLimitedOutput@LZ4@Compression@mozilla@@SAIPBDIPADI@Z
?decompress@LZ4@Compression@mozilla@@SA_NPBDIPADIPAI@Z
?decompress@LZ4@Compression@mozilla@@SA_NPBDPADI@Z
?finish@SHA1Sum@mozilla@@QAEXAAY0BE@E@Z
?floor@Decimal@WebCore@@QBE?AV12@XZ
?fromDouble@Decimal@WebCore@@SA?AV12@N@Z
?fromString@Decimal@WebCore@@SA?AV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?gTwoCharEscapes@detail@mozilla@@3QBDB
?infinity@Decimal@WebCore@@SA?AV12@W4Sign@12@@Z
?kBase10MaximalLength@DoubleToStringConverter@double_conversion@@2HB
?nan@Decimal@WebCore@@SA?AV12@XZ
?remainder@Decimal@WebCore@@QBE?AV12@ABV12@@Z
?round@Decimal@WebCore@@QBE?AV12@XZ
?toDouble@Decimal@WebCore@@QBENXZ
?toString@Decimal@WebCore@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?toString@Decimal@WebCore@@QBE_NPADI@Z
?unused@mozilla@@3Uunused_t@1@B
?update@SHA1Sum@mozilla@@QAEXPBXI@Z
?zero@Decimal@WebCore@@SA?AV12@W4Sign@12@@Z
gMozillaPoisonBase
gMozillaPoisonSize
gMozillaPoisonValue
mozPoisonValueInit

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d00da2e543385e58dbfca07f28f6beca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr120

msvcp120

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 988B

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 988B

.reloc
Size: 1024B - Virtual size: 984B