0c17ffc215d456f61fbf1d843fdcdf215025ebb04979ca2aed4572720d69aeaa_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0c17ffc215d456f61fbf1d843fdcdf215025ebb04979ca2aed4572720d69aeaa_NeikiAnalytics.exe
Size

1.8MB
MD5

4ab4bc6b587b5b627484cb3d333fd650
SHA1

b3a2581077117ad138c50e2b1186137219acdafc
SHA256

0c17ffc215d456f61fbf1d843fdcdf215025ebb04979ca2aed4572720d69aeaa
SHA512

b3ccde8a9bd08c3142bf38295667a99355dc386c34e59c64efc210e1b03110a19599ab7e56e098ffda9ef78dd5ba4f2989f732b9f181a28735ad7270d250c198
SSDEEP

49152:nKlcoV0rZqE2t8DKn/EktcfeANUlbhTJ0P:+Ldtjnvlb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c17ffc215d456f61fbf1d843fdcdf215025ebb04979ca2aed4572720d69aeaa_NeikiAnalytics.exe

Files

0c17ffc215d456f61fbf1d843fdcdf215025ebb04979ca2aed4572720d69aeaa_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

230d9f23652c54866a75af2bba56bb94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\lc0\build\lc0.pdb

Imports

kernel32

UnmapViewOfFile
GetLastError
CreateFileA
CloseHandle
CreateFileMappingA
GetFileSize
MapViewOfFile
GetStdHandle
SetConsoleMode
GetConsoleMode
GetFileAttributesExA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
LeaveCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

mimalloc-override

mi_version

dnnl

dnnl_primitive_attr_set_post_ops
dnnl_primitive_attr_set_scratchpad_mode
dnnl_post_ops_create
dnnl_primitive_desc_query_md
dnnl_primitive_attr_set_output_scales
dnnl_primitive_desc_iterator_create
dnnl_memory_desc_get_size
dnnl_primitive_attr_create
dnnl_memory_get_engine
dnnl_engine_get_kind
dnnl_primitive_create
dnnl_reorder_primitive_desc_create
dnnl_memory_desc_init_by_tag
dnnl_engine_destroy
dnnl_primitive_desc_destroy
dnnl_primitive_destroy
dnnl_primitive_attr_destroy
dnnl_get_effective_cpu_isa
dnnl_memory_get_memory_desc
dnnl_memory_destroy
dnnl_primitive_execute
dnnl_stream_create
dnnl_engine_create
dnnl_stream_wait
dnnl_memory_get_data_handle
dnnl_memory_desc_equal
dnnl_stream_destroy
dnnl_memory_create
dnnl_set_primitive_cache_capacity
dnnl_memory_desc_reshape
dnnl_convolution_forward_desc_init
dnnl_post_ops_append_binary
dnnl_primitive_desc_iterator_destroy
dnnl_primitive_desc_iterator_fetch
dnnl_inner_product_forward_desc_init
dnnl_pooling_forward_desc_init
dnnl_post_ops_append_sum
dnnl_binary_desc_init
dnnl_memory_desc_init_by_strides
dnnl_post_ops_append_eltwise
dnnl_eltwise_forward_desc_init
dnnl_memory_desc_init_submemory
dnnl_matmul_desc_init
dnnl_post_ops_destroy

msvcp140

?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_XGetLastError@std@@YAXXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_counter
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
_Thrd_yield
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Cnd_signal
_Cnd_init_in_situ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ
_Cnd_wait
_Mtx_unlock
_Cnd_broadcast
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Thrd_hardware_concurrency
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Random_device@std@@YAIXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Thrd_sleep
_Mtx_init
_Thrd_start
_Thrd_id
_Xtime_get_ticks
_Mtx_destroy
_Cnd_init
_Thrd_join
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?fail@ios_base@std@@QEBA_NXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?eof@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

vcomp140

omp_set_num_threads

vcruntime140

memset
_CxxThrowException
__C_specific_handler
__std_type_info_compare
_purecall
__std_terminate
memchr
__std_exception_destroy
__CxxFrameHandler3
memmove
memcpy
memcmp
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initterm_e
_seh_filter_exe
_errno
exit
terminate
_exit
__p___argc
_cexit
_crt_atexit
_initterm
__p___argv
_register_onexit_function
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
abort
strerror
_get_pgmptr
_get_initial_narrow_environment

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

logf
floor
powf
log10
expf
exp
sqrtf
lround
sqrt
coshf
ceil
erf
log
pow
copysignf
round
roundf
tan
__setusermatherr
log2

api-ms-win-crt-stdio-l1-1-0

_wopen
_lseeki64
ungetc
__stdio_common_vfprintf
__acrt_iob_func
_write
_close
_read
_open
_dup
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fseek
fopen
_fileno
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
fputc
setvbuf
fgetpos
_set_fmode
fwrite
fgetc
fclose
fflush
__p__commode

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtol
strtof
wcstombs

api-ms-win-crt-string-l1-1-0

isdigit
tolower
toupper
isupper
isspace
isalnum
islower

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 898KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

230d9f23652c54866a75af2bba56bb94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mimalloc-override

dnnl

msvcp140

vcomp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 405KB - Virtual size: 404KB

.data Size: 27KB - Virtual size: 898KB

.pdata Size: 43KB - Virtual size: 42KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 405KB - Virtual size: 404KB

.data
Size: 27KB - Virtual size: 898KB

.pdata
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB