2a3028e02d70bf63ca9ba2ea2ef1a1985a3e09b8d56b6697eee5529ddefb675d_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2a3028e02d70bf63ca9ba2ea2ef1a1985a3e09b8d56b6697eee5529ddefb675d_NeikiAnalytics.exe
Size

2.8MB
MD5

1f1b72f06cc37c9e855d4990a5783120
SHA1

9ed1edc8308e4a244b9c1ed42a15110293c85ad1
SHA256

2a3028e02d70bf63ca9ba2ea2ef1a1985a3e09b8d56b6697eee5529ddefb675d
SHA512

bafbcbeff51f9abb6cf5e20a917dacf84ea00437041591cc8dcc2b0214678a4dc07e7e4d0bf52ed8c5fb4ae81b5c9779ff57fb1adf10ccdb17b00b09e0ca47e5
SSDEEP

49152:yGtlqkrVwASOP/IU6iGIqfBFxUijE6zM3ubuvv2bZUeyVLiBM/lyC8uyP0Teq:TQ+CFxRDbMgDunTeq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a3028e02d70bf63ca9ba2ea2ef1a1985a3e09b8d56b6697eee5529ddefb675d_NeikiAnalytics.exe

Files

2a3028e02d70bf63ca9ba2ea2ef1a1985a3e09b8d56b6697eee5529ddefb675d_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

3e326ee397dcf0e5cd66c2a6d692631c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryGameEGS-SSL.pdb

Imports

factorygameegs-core

?Find@FString@@QEBAHPEB_WHW4Type@ESearchCase@@W42ESearchDir@@H@Z
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?EndsWith@FString@@QEBA_NPEB_WHW4Type@ESearchCase@@@Z
?ParseIntoArray@FString@@QEBAHAEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@PEB_W_N@Z
??0FName@@QEAA@PEBDW4EFindName@@@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?Param@FParse@@SA_NPEB_W0@Z
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
??0FScopedBootTiming@@QEAA@PEBD@Z
??1FScopedBootTiming@@QEAA@XZ
?IsInGameThread@@YA_NXZ
?StackWalkAndDump@FWindowsPlatformStackWalk@@SAXPEAD_KHPEAX@Z
?ThreadStackWalkAndDump@FWindowsPlatformStackWalk@@SAXPEAD_KHI@Z
?GetDestructionSentinelStackTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@PEAUFDestructionSentinel@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
?GetReadersTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@UFReaderNum@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
?ConcatFF@FString@@CA?AV1@$$QEAV1@AEBV1@@Z
?Get@IFileManager@@SAAEAV1@XZ
?EngineContentDir@FPaths@@SA?AVFString@@XZ
?ProjectContentDir@FPaths@@SA?AVFString@@XZ
?FileExists@FPaths@@SA_NAEBVFString@@@Z
?GetString@FConfigCacheIni@@QEAA_NPEB_W0AEAVFString@@AEBV2@@Z
?GetBool@FConfigCacheIni@@QEAA_NPEB_W0AEA_NAEBVFString@@@Z
?GetArray@FConfigCacheIni@@QEAAHPEB_W0AEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@AEBVFString@@@Z
?Get@FModuleManager@@SAAEAV1@XZ
?LoadModuleChecked@FModuleManager@@QEAAAEAVIModuleInterface@@VFName@@@Z
?Encode@FBase64@@SA?AVFString@@PEBEIW4EBase64Mode@@@Z
?GetDecodedDataSize@FBase64@@SAIAEBVFString@@@Z
??$Decode@_W@FBase64@@SA_NPEB_WIPEAEW4EBase64Mode@@@Z
?CpuChannel@@3AEAVFChannel@Trace@UE@@EA
?GConfig@@3PEAVFConfigCacheIni@@EA
?GEngineIni@@3VFString@@A
?RemoveAt@FString@@QEAAXHH_N@Z
?AssignRange@FString@@AEAAXPEB_WH@Z
??4FString@@QEAAAEAV0@PEB_W@Z
??0FString@@QEAA@PEB_W@Z
??0FString@@QEAA@PEBD@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?Free@FMemory@@SAXPEAX@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Malloc@FMemory@@SAPEAX_KI@Z
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
??0FName@@QEAA@PEB_WW4EFindName@@@Z
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?ConcatFC@FString@@CA?AV1@$$QEAV1@PEB_W@Z
?OutputEndEvent@FCpuProfilerTrace@@SAXXZ
?OutputBeginEvent@FCpuProfilerTrace@@SAXI@Z
?OutputEventType@FCpuProfilerTrace@@SAIPEBD0I@Z
?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
??1FLogCategoryBase@@QEAA@XZ
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
?Get@FCommandLine@@SAPEB_WXZ

ws2_32

send
recv
accept
bind
closesocket
connect
listen
setsockopt
socket
WSACleanup
WSASetLastError
WSAGetLastError
WSAStartup
ntohs
gethostbyname
getaddrinfo
freeaddrinfo
getnameinfo
getsockopt
getsockname
ioctlsocket

kernel32

SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
RtlVirtualUnwind
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetLastError
SetLastError
GetCurrentThreadId
ReleaseSRWLockExclusive
InitializeSListHead
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
DisableThreadLibraryCalls
GetSystemTime
AcquireSRWLockExclusive

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptSignHashW
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyHash

crypt32

CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreW
CertGetNameStringW
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore

bcrypt

BCryptGenRandom

vcruntime140

memmove
strchr
__std_type_info_destroy_list
__current_exception_context
__current_exception
memset
__C_specific_handler
wcsstr
strrchr
_purecall
strstr
memcmp
memcpy
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vfprintf
__acrt_iob_func
fopen
__stdio_common_vswprintf
__stdio_common_vsscanf
_setmode
fwrite
ftell
fseek
_fileno
fgets
fflush
ferror
feof
fclose
fputs
_wfopen
fread

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s

api-ms-win-crt-string-l1-1-0

_stricmp
strncmp
_strnicmp
_strdup
isspace
strspn
strcspn
strcmp
strncpy

api-ms-win-crt-runtime-l1-1-0

_initterm_e
terminate
_execute_onexit_table
_register_onexit_function
_cexit
_initterm
_exit
_initialize_onexit_table
raise
_crt_at_quick_exit
_errno
strerror_s
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
signal
_crt_atexit

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtol

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

??0FSslManager@@IEAA@XZ
?CreateSslContext@FSslManager@@UEAAPEAUssl_ctx_st@@AEBUFSslContextCreateOptions@@@Z
?DestroySslContext@FSslManager@@UEAAXPEAUssl_ctx_st@@@Z
?Get@FSslModule@@SAAEAV1@XZ
?InitializeSsl@FSslManager@@UEAA_NXZ
?LogSsl@@3UFLogCategoryLogSsl@@A
?ShutdownSsl@FSslManager@@UEAAXXZ
?VerifySslCertificates@FSslCertificateDelegates@@2V?$TDelegate@$$A6A_NAEBVFString@@AEBV?$TArray@UFCertInfo@FSslCertificateDelegates@@V?$TSizedDefaultAllocator@$0CA@@@@@@ZUFDefaultDelegateUserPolicy@@@@A
InitializeModule

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e326ee397dcf0e5cd66c2a6d692631c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factorygameegs-core

ws2_32

kernel32

user32

advapi32

crypt32

bcrypt

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.uedbg Size: 3KB - Virtual size: 3KB

.rdata Size: 648KB - Virtual size: 648KB

.data Size: 22KB - Virtual size: 38KB

.pdata Size: 114KB - Virtual size: 114KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.uedbg
Size: 3KB - Virtual size: 3KB

.rdata
Size: 648KB - Virtual size: 648KB

.data
Size: 22KB - Virtual size: 38KB

.pdata
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 24KB - Virtual size: 23KB