1b62899d7ad800b0f4a83486626b1a60b788c9f8fed8615bed671211ab32948a_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1b62899d7ad800b0f4a83486626b1a60b788c9f8fed8615bed671211ab32948a_NeikiAnalytics.exe
Size

49KB
MD5

a7d3828c5ffe9815dfc0d78f06c2ad70
SHA1

02b6fc12e6f90cdee153bd3c6fee40bc68d98720
SHA256

1b62899d7ad800b0f4a83486626b1a60b788c9f8fed8615bed671211ab32948a
SHA512

b3adbabd23e107e7e6bf748debf374e5c1c442882e35b50d0805aaac4e96baf93529193238e4702dbf57aae9d8eabc7520ec067534eaaae5f94a4ae500b4561d
SSDEEP

768:VlJ6g1xi4Y8FyfMKuzN6SJfW1Ph6NOQfjZMrNe:VP0uyf/uzLJfWBh6NOQfjZMrNe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b62899d7ad800b0f4a83486626b1a60b788c9f8fed8615bed671211ab32948a_NeikiAnalytics.exe

Files

1b62899d7ad800b0f4a83486626b1a60b788c9f8fed8615bed671211ab32948a_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

9a3245578151e8723a9117862762783e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

rdkixmolinterchange-88417e5099d2b0c3db17f15bc16638ee

??0JSONWriteParameters@MolInterchange@RDKix@@QEAA@XZ
??$MolsToJSONData@PEBVROMol@RDKix@@@MolInterchange@RDKix@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$vector@PEBVROMol@RDKix@@V?$allocator@PEBVROMol@RDKix@@@std@@@3@AEBUJSONWriteParameters@01@@Z
?JSONDataToMols@MolInterchange@RDKix@@YA?AV?$vector@V?$shared_ptr@VROMol@RDKix@@@boost@@V?$allocator@V?$shared_ptr@VROMol@RDKix@@@boost@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@AEBUJSONParseParameters@12@@Z
??0JSONParseParameters@MolInterchange@RDKix@@QEAA@XZ

python310

PyUnicode_Type
_Py_NoneStruct
PyTuple_Type
PyUnicode_FromStringAndSize
_Py_Dealloc
PyObject_IsTrue
PyBool_FromLong
PyBool_Type

boost_python310-1af5514d912006e39cb054c2dc3ff20c

?expected_from_python_type@registration@converter@python@boost@@QEBAPEBU_typeobject@@XZ
?to_python@registration@converter@python@boost@@QEBAPEAU_object@@PEDX@Z
?insert@registry@converter@python@boost@@YAXP6APEAXPEAU_object@@@ZP6AX0PEAUrvalue_from_python_stage1_data@234@@ZUtype_info@34@P6APEBU_typeobject@@XZ@Z
??0list_base@detail@python@boost@@IEAA@XZ
?lookup_shared_ptr@registry@converter@python@boost@@YAAEBUregistration@234@Utype_info@34@@Z
?lookup@registry@converter@python@boost@@YAAEBUregistration@234@Utype_info@34@@Z
?find_static_type@objects@python@boost@@YAPEAXPEAXUtype_info@23@1@Z
?append@list_base@detail@python@boost@@QEAAXAEBVobject@api@34@@Z
?scope_setattr_doc@detail@python@boost@@YAXPEBDAEBVobject@api@23@0@Z
?register_dynamic_id_aux@objects@python@boost@@YAXUtype_info@23@P6A?AU?$pair@PEAXUtype_info@python@boost@@@std@@PEAX@Z@Z
?function_object@objects@python@boost@@YA?AVobject@api@23@AEBUpy_function@123@@Z
?function_object@objects@python@boost@@YA?AVobject@api@23@AEBUpy_function@123@AEBU?$pair@PEBUkeyword@detail@python@boost@@PEBU1234@@std@@@Z
?setattr@api@python@boost@@YAXAEBVobject@123@PEBD0@Z
??1list_base@detail@python@boost@@QEAA@XZ
??1shared_ptr_deleter@converter@python@boost@@QEAA@XZ
?set_instance_size@class_base@objects@python@boost@@IEAAX_K@Z
?add_property@class_base@objects@python@boost@@IEAAXPEBDAEBVobject@api@34@10@Z
??0class_base@objects@python@boost@@QEAA@PEBD_KQEBUtype_info@23@0@Z
?add_to_namespace@objects@python@boost@@YAXAEBVobject@api@23@PEBD01@Z
??0py_function_impl_base@objects@python@boost@@QEAA@XZ
??1py_function_impl_base@objects@python@boost@@UEAA@XZ
?throw_no_pointer_from_python@converter@python@boost@@YAXPEAU_object@@AEBUregistration@123@@Z
?rvalue_from_python_stage2@converter@python@boost@@YAPEAXPEAU_object@@AEAUrvalue_from_python_stage1_data@123@AEBUregistration@123@@Z
?rvalue_from_python_stage1@converter@python@boost@@YA?AUrvalue_from_python_stage1_data@123@PEAU_object@@AEBUregistration@123@@Z
?current_scope@detail@python@boost@@3PEAU_object@@EA
?get_lvalue_from_python@converter@python@boost@@YAPEAXPEAU_object@@AEBUregistration@123@@Z
??0shared_ptr_deleter@converter@python@boost@@QEAA@V?$handle@U_object@@@23@@Z
?do_return_to_python@converter@python@boost@@YAPEAU_object@@PEBD@Z
??0shared_ptr_deleter@converter@python@boost@@QEAA@AEBU0123@@Z
??0stl_input_iterator_impl@objects@python@boost@@QEAA@$$QEAU0123@@Z
??0stl_input_iterator_impl@objects@python@boost@@QEAA@AEBU0123@@Z
??1stl_input_iterator_impl@objects@python@boost@@QEAA@XZ
?current@stl_input_iterator_impl@objects@python@boost@@QEBAAEBV?$handle@U_object@@@34@XZ
?equal@stl_input_iterator_impl@objects@python@boost@@QEBA_NAEBU1234@@Z
?increment@stl_input_iterator_impl@objects@python@boost@@QEAAXXZ
??0stl_input_iterator_impl@objects@python@boost@@QEAA@AEBVobject@api@23@@Z
??0stl_input_iterator_impl@objects@python@boost@@QEAA@XZ
?init_module@detail@python@boost@@YAPEAU_object@@AEAUPyModuleDef@@P6AXXZ@Z
??1tuple_base@detail@python@boost@@QEAA@XZ
??1class_base@objects@python@boost@@QEAA@XZ
??Rshared_ptr_deleter@converter@python@boost@@QEAAXPEBX@Z
??0tuple_base@detail@python@boost@@IEAA@AEBVobject@api@23@@Z
?query@registry@converter@python@boost@@YAPEBUregistration@234@Utype_info@34@@Z
?deallocate@instance_holder@python@boost@@SAXPEAU_object@@PEAX@Z
?allocate@instance_holder@python@boost@@SAPEAXPEAU_object@@_K11@Z
?install@instance_holder@python@boost@@QEAAXPEAU_object@@@Z
??1instance_holder@python@boost@@UEAA@XZ
??0instance_holder@python@boost@@QEAA@XZ
?get@?$handle@U_object@@@python@boost@@QEBAPEAU_object@@XZ
??4?$handle@U_object@@@python@boost@@QEAAAEAV012@AEBV012@@Z
??1?$handle@U_object@@@python@boost@@QEAA@XZ
??0?$handle@U_object@@@python@boost@@QEAA@XZ
?throw_error_already_set@python@boost@@YAXXZ
?max_arity@py_function_impl_base@objects@python@boost@@UEBAIXZ

msvcp140-be561e83758f43645adf1ed84070fa93

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_name
memset
__std_type_info_destroy_list
__current_exception_context
__current_exception
__C_specific_handler
memmove
memcpy
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

kernel32

IsDebuggerPresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW

Exports

Exports

PyInit_rdMolInterchange

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a3245578151e8723a9117862762783e

Headers

DLL Characteristics

File Characteristics

Imports

rdkixmolinterchange-88417e5099d2b0c3db17f15bc16638ee

python310

boost_python310-1af5514d912006e39cb054c2dc3ff20c

msvcp140-be561e83758f43645adf1ed84070fa93

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 344B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 344B