8b3c436349d0930faacf4cdbf56f82a0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8b3c436349d0930faacf4cdbf56f82a0_NeikiAnalytics.exe
Size

204KB
MD5

8b3c436349d0930faacf4cdbf56f82a0
SHA1

fc7097a8427331ea5865b260290629603e3b2415
SHA256

eef3656091d4718225a4a772fa734a3376ab60fc2e7698955478c5d611b5178d
SHA512

fed5f9f6e48208d6208f40cb1dccc87cb02fb0e86c1c37fc866603f19f467da5bdb735508595b7ea339dc9593fcc951d35d3e2df9c8f6ead753862ff30b51dc6
SSDEEP

6144:cq2RqPTQx3bkzpE/sQhI68YOuq6xO3XMW5gAiDNk:cqdPTQx3bk9E/s168L0DNk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b3c436349d0930faacf4cdbf56f82a0_NeikiAnalytics.exe

Files

8b3c436349d0930faacf4cdbf56f82a0_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

f74c0feb3053296e4f8dac9b4909dd37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Fm\source\repos\Python-3.8.19\PCbuild\win32\_decimal.pdb

Imports

python38

PyDict_SetItem
PyDict_New
PyList_GetItem
_PyUnicode_IsWhitespace
PyObject_CallMethod
PyObject_IsInstance
PyMem_Free
PyErr_NoMemory
PyDict_GetItemString
PyObject_CallObject
PyComplex_Type
_Py_NotImplementedStruct
PyUnicode_Compare
PyArg_ParseTupleAndKeywords
_PyObject_New
PyExc_TypeError
PyExc_ValueError
PyObject_IsTrue
PyUnicode_AsUTF8String
PyTuple_Pack
PyObject_HashNotImplemented
_PyUnicode_Ready
PyMem_Malloc
PyList_AsTuple
PyObject_GenericSetAttr
PyUnicode_FromString
_PyLong_GCD
PyUnicode_CompareWithASCIIString
PyType_Type
PyArg_ParseTuple
PyContextVar_New
PyFloat_FromString
PyContextVar_Set
PyObject_CallFunction
PyExc_ZeroDivisionError
PyErr_SetString
PyUnicode_FromWideChar
PyList_Size
PyUnicode_New
PyExc_AttributeError
_PyLong_New
_PyUnicode_ToDecimalDigit
PyTuple_Size
PyList_Append
PyErr_Clear
PyErr_NewException
PyObject_GetAttrString
PyType_Ready
PyModule_Create2
PyFloat_FromDouble
PyList_New
PyDict_Size
PyUnicode_FromFormat
PyLong_AsLong
PyDict_SetItemString
PyTuple_New
_Py_NoneStruct
PyFloat_AsDouble
PyObject_CallFunctionObjArgs
PyModule_AddObject
PyComplex_AsCComplex
PyObject_Free
_Py_Dealloc
PyExc_OverflowError
PyType_IsSubtype
PyLong_Type
PyFloat_Type
_Py_FalseStruct
PyTuple_Type
PyModule_AddStringConstant
PyExc_ArithmeticError
PyComplex_FromDoubles
PyDict_GetItemWithError
PyErr_Format
_Py_TrueStruct
PyLong_FromUnsignedLong
Py_BuildValue
PyContextVar_Get
PyLong_FromLong
PyExc_RuntimeError
PyUnicode_AsUTF8AndSize
PyObject_GenericGetAttr
PyUnicode_DecodeUTF8
PyLong_FromSsize_t
PyErr_Occurred
PyImport_ImportModule
PyExc_KeyError
PyLong_AsSsize_t
_Py_ascii_whitespace
PyType_GenericNew
PyModule_AddIntConstant
PyBool_FromLong
PyErr_SetObject
PyUnicode_InternFromString
PyMem_Realloc
PyBaseObject_Type

vcruntime140

memmove
memcpy
_except_handler4_common
memset
__std_type_info_destroy_list

api-ms-win-crt-math-l1-1-0

_finite
copysign
ceil
_isnan
_CIlog10

api-ms-win-crt-convert-l1-1-0

mbstowcs
strtol

api-ms-win-crt-stdio-l1-1-0

fputs
fputc
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

abort
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
__control87_2
raise
_errno

api-ms-win-crt-string-l1-1-0

tolower
isupper
isdigit

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
realloc

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Exports

Exports

PyInit__decimal

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f74c0feb3053296e4f8dac9b4909dd37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python38

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 28B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 28B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 8KB