4d8c61ec6ebfab89d36d76f4d48e09e55e140089f940c5481338aca891728bc8_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4d8c61ec6ebfab89d36d76f4d48e09e55e140089f940c5481338aca891728bc8_NeikiAnalytics.exe
Size

94KB
MD5

80bf2943e6cdff6dd2e2f61d7c258e40
SHA1

80693e953415a3a6345727a3f3d7f5763ddfa8fa
SHA256

4d8c61ec6ebfab89d36d76f4d48e09e55e140089f940c5481338aca891728bc8
SHA512

218bf43ae49382cf1bc30a14899a09a5d737a57d07816f0861e536490fbf52b4d77333e909b13e8c8f316db0648047da5b652ec2da1cd390ae166ed8d8a0fd2a
SSDEEP

1536:L/V+PA2L4yzvT3sXO9esIXq9eFHUAf9HeIMTWmg9Ppki6EPAyVF:Lt+PA2LdzvTcXO9caMFHt1BWg9RkkBz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d8c61ec6ebfab89d36d76f4d48e09e55e140089f940c5481338aca891728bc8_NeikiAnalytics.exe

Files

4d8c61ec6ebfab89d36d76f4d48e09e55e140089f940c5481338aca891728bc8_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

100b8bd8460f5c4a55ce55c763d38a56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryGameEGS-Networking.pdb

Imports

factorygameegs-core

??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?bIsDisabled@FLowLevelMemTracker@@2_NA
?AddError@FAutomationTestBase@@UEAAXAEBVFString@@H@Z
?AddErrorIfFalse@FAutomationTestBase@@UEAA_N_NAEBVFString@@H@Z
?AddErrorS@FAutomationTestBase@@UEAAXAEBVFString@@0H@Z
?AddWarningS@FAutomationTestBase@@UEAAXAEBVFString@@0H@Z
?AddWarning@FAutomationTestBase@@UEAAXAEBVFString@@H@Z
?AddInfo@FAutomationTestBase@@UEAAXAEBVFString@@H_N@Z
?AddEvent@FAutomationTestBase@@UEAAXAEBUFAutomationEvent@@H_N@Z
?AddAnalyticsItem@FAutomationTestBase@@UEAAXAEBVFString@@@Z
?AddTelemetryData@FAutomationTestBase@@UEAAXAEBV?$TMap@VFString@@NVFDefaultSetAllocator@@U?$TDefaultMapHashableKeyFuncs@VFString@@N$0A@@@@@AEBVFString@@@Z
?AddTelemetryData@FAutomationTestBase@@UEAAXAEBVFString@@N0@Z
?SetTelemetryStorage@FAutomationTestBase@@UEAAXAEBVFString@@@Z
?bSuppressLogWarnings@FAutomationTestBase@@2_NA
?bSuppressLogErrors@FAutomationTestBase@@2_NA
?bElevateLogWarningsToErrors@FAutomationTestBase@@2_NA
?SuppressedLogCategories@FAutomationTestBase@@2V?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@A
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
??0FString@@QEAA@PEBD@Z
??0FString@@QEAA@PEB_W@Z
?AssignRange@FString@@AEAAXPEB_WH@Z
?Split@FString@@QEBA_NAEBV1@PEAV1@1W4Type@ESearchCase@@W42ESearchDir@@@Z
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?TrimStartAndEndInline@FString@@QEAAXXZ
?ParseIntoArray@FString@@QEBAHAEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@PEB_W_N@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?Resolve@FLazyName@@QEBA?AVFName@@XZ
??0FMemScope@@QEAA@AEBVFName@@_N@Z
??1FMemScope@@QEAA@XZ
?Init@FLLMScope@@IEAAXVFName@@_NW4ELLMTagSet@@W4ELLMTracker@@1@Z
?Destruct@FLLMScope@@IEAAXXZ
?Clear@FAutomationTestExecutionInfo@@QEAAXXZ
?Get@FAutomationTestFramework@@SAAEAV1@XZ
?RegisterAutomationTest@FAutomationTestFramework@@QEAA_NAEBVFString@@PEAVFAutomationTestBase@@@Z
?UnregisterAutomationTest@FAutomationTestFramework@@QEAA_NAEBVFString@@@Z
?TestFalse@FAutomationTestBase@@QEAA_NPEB_W_N@Z
?TestTrue@FAutomationTestBase@@QEAA_NPEB_W_N@Z

factorygameegs-sockets

?Get@ISocketSubsystem@@SAPEAV1@AEBVFName@@@Z
?IPv4@FNetworkProtocolTypes@@3VFLazyName@@B

kernel32

InitializeCriticalSection
SetCriticalSectionSpinCount
DeleteCriticalSection
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSListHead

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
__current_exception
__current_exception_context
memcpy
_purecall
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_configure_narrow_argv
terminate
_initterm_e
_initterm
_crt_atexit
_seh_filter_dll
_cexit

Exports

Exports

?Any@FIPv4Address@@2U1@B
?Any@FIPv4Endpoint@@2U1@B
?CachedSocketSubsystem@FIPv4Endpoint@@0PEAVISocketSubsystem@@EA
?FromHostAndPort@FIPv4Endpoint@@SA_NAEBVFString@@AEAU1@@Z
?Initialize@FIPv4Endpoint@@SAXXZ
?InternalLoopback@FIPv4Address@@2U1@B
?LanBroadcast@FIPv4Address@@2U1@B
?Parse@FIPv4Address@@SA_NAEBVFString@@AEAU1@@Z
?Parse@FIPv4Endpoint@@SA_NAEBVFString@@AEAU1@@Z
?Parse@FIPv4Subnet@@SA_NAEBVFString@@AEAU1@@Z
?Parse@FIPv4SubnetMask@@SA_NAEBVFString@@AEAU1@@Z
?ToString@FIPv4Address@@QEBA?AVFString@@XZ
?ToString@FIPv4Endpoint@@QEBA?AVFString@@XZ
?ToString@FIPv4Subnet@@QEBA?AVFString@@XZ
?ToString@FIPv4SubnetMask@@QEBA?AVFString@@XZ
?ToString@FSteamEndpoint@@QEBA?AVFString@@XZ
InitializeModule

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

100b8bd8460f5c4a55ce55c763d38a56

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factorygameegs-core

factorygameegs-sockets

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 592B

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 592B

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 264B