50e42ea9ce30568b13917a2a26c8349006a1d52eeb4b1add001efd913083f71e_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

50e42ea9ce30568b13917a2a26c8349006a1d52eeb4b1add001efd913083f71e_NeikiAnalytics.exe
Size

98KB
MD5

687d6f5b97b6409d6074a1c4dc3ceb00
SHA1

a96ea97848b8d66860c3e9cac115da848d51aac3
SHA256

50e42ea9ce30568b13917a2a26c8349006a1d52eeb4b1add001efd913083f71e
SHA512

3bfd51778f047a4d0686309ae40907383d2138bf29dfceeae9ce4b31a8f288bdaf8d6a8b79f1daab075901395b93b4f4566e18262b557cc966ecd69b2121a991
SSDEEP

1536:IPLGvuLxqsUFRyLBEKf57BRZ2xL6EiphR22fWkjiLuvNgdI78PaD:OLGWLxFUjyLBff57BR4ohR2Se5dJU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50e42ea9ce30568b13917a2a26c8349006a1d52eeb4b1add001efd913083f71e_NeikiAnalytics.exe

Files

50e42ea9ce30568b13917a2a26c8349006a1d52eeb4b1add001efd913083f71e_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

90d969d49375624e44bb8a584202ce46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UE4Editor-OnlineSubsystemRedpointOculus.pdb

Imports

ue4editor-core

?Get@FModuleManager@@SAAEAV1@XZ
?GetEmpty@FText@@SAAEBV1@XZ
??$LogBogusChars@_WD@FGenericPlatformString@@CAXPEBDH@Z
?PRIVATE_GIsRunningCommandlet@@3_NA
?GenerateNewID@FDelegateHandle@@CA_KXZ
?Logf_InternalImpl@FMsg@@CAXPEBDHAEBVFName@@W4Type@ELogVerbosity@@PEB_WZZ
?OutputLogMessageInternal@FLogTrace@@CAXPEBXGPEAE@Z
?OutputLogMessageSpec@FLogTrace@@SAXPEBXPEBUFLogCategoryBase@@W4Type@ELogVerbosity@@PEBDHPEB_W@Z
??1FLogCategoryBase@@QEAA@XZ
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
??0FName@@QEAA@PEBDW4EFindName@@@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
??1FString@@QEAA@XZ
??0FString@@QEAA@AEBV0@@Z
??0FString@@QEAA@$$QEAV0@@Z
?Memcpy@FGenericPlatformString@@CAPEAXPEAXPEBX_K@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?Free@FMemory@@SAXPEAX@Z
??0FText@@QEAA@AEBV0@@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Malloc@FMemory@@SAPEAX_KI@Z
?OptionallyLogFormattedEnsureMessageReturningFalseImpl@FDebug@@CA_N_NPEBD1HPEB_WZZ
?CheckVerifyFailedImpl@FDebug@@CAXPEBD0HPEB_WZZ
?PromptForRemoteDebugging@FWindowsPlatformMisc@@SAX_N@Z
?IsDebuggerPresent@FWindowsPlatformMisc@@SA_NXZ
?IsEnsureAllowed@FGenericPlatformMisc@@SA_NXZ
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GetModule@FModuleManager@@QEAAPEAVIModuleInterface@@VFName@@@Z
?ZeroVector@FVector@@2U1@B

ue4editor-coreuobject

??4FWeakObjectPtr@@QEAAXPEBVUObject@@@Z
?GUObjectArray@@3VFUObjectArray@@A
?GetOrCreateIDForObject@FSoftObjectPath@@SA?AU1@PEBVUObject@@@Z
?GetCurrentTag@FSoftObjectPath@@SAHXZ
?Reset@FSoftObjectPath@@QEAAXXZ
??4FSoftObjectPath@@QEAAAEAU0@$$QEAU0@@Z
??4FSoftObjectPath@@QEAAAEAU0@AEBU0@@Z
??1FSoftObjectPath@@QEAA@XZ
??0FSoftObjectPath@@QEAA@XZ

ue4editor-http

?Get@FHttpModule@@SAAEAV1@XZ

ue4editor-onlinesubsystem

?SetForceDedicated@FOnlineSubsystemImpl@@UEAAX_N@Z
?SetUsingMultiplayerFeatures@FOnlineSubsystemImpl@@UEAAXAEBVFUniqueNetId@@_N@Z
?ReloadConfigs@FOnlineSubsystemImpl@@UEAAXAEBV?$TSet@VFString@@U?$DefaultKeyFuncs@VFString@@$0A@@@VFDefaultSetAllocator@@@@@Z
?TriggerOnConnectionStatusChangedDelegates@IOnlineSubsystem@@UEAAXAEBVFString@@W4Type@EOnlineServerConnectionStatus@@1@Z
?TriggerOnOnlineEnvironmentChangedDelegates@IOnlineSubsystem@@UEAAXW4Type@EOnlineEnvironment@@0@Z
?PreUnload@FOnlineSubsystemImpl@@UEAAXXZ
?IsServer@FOnlineSubsystemImpl@@UEBA_NXZ
?IsLocalPlayer@FOnlineSubsystemImpl@@UEBA_NAEBVFUniqueNetId@@@Z
?IsDedicated@FOnlineSubsystemImpl@@UEBA_NXZ
?GetGameMatchesInterface@FOnlineSubsystemImpl@@UEBA?AV?$TSharedPtr@VIOnlineGameMatches@@$00@@XZ
?GetSubsystemName@FOnlineSubsystemImpl@@UEBA?AVFName@@XZ
?GetStoreInterface@IOnlineSubsystem@@UEBA?AV?$TSharedPtr@VIOnlineStore@@$00@@XZ
?GetSocialPlatformName@FOnlineSubsystemImpl@@UEBA?AVFText@@XZ
?GetOnlineEnvironmentName@FOnlineSubsystemImpl@@UEBA?AVFString@@XZ
?GetOnlineEnvironment@FOnlineSubsystemImpl@@UEBA?AW4Type@EOnlineEnvironment@@XZ
?GetMessageSanitizer@FOnlineSubsystemImpl@@UEBA?AV?$TSharedPtr@VIMessageSanitizer@@$00@@HAEAVFString@@@Z
?GetInventoryInterface@IOnlineSubsystem@@UEBA?AV?$TSharedPtr@VIOnlineInventory@@$00@@XZ
?Tick@FOnlineSubsystemImpl@@UEAA_NM@Z
?GetInstanceName@FOnlineSubsystemImpl@@UEBA?AVFName@@XZ
?Get@IOnlineSubsystem@@SAPEAV1@AEBVFName@@@Z
??0IOnlineFactory@@QEAA@XZ
??1IOnlineFactory@@UEAA@XZ
?AddOnConnectionStatusChangedDelegate_Handle@IOnlineSubsystem@@UEAA?AVFDelegateHandle@@AEBV?$TDelegate@$$A6AXAEBVFString@@W4Type@EOnlineServerConnectionStatus@@1@ZUFDefaultDelegateUserPolicy@@@@@Z
?AddOnOnlineEnvironmentChangedDelegate_Handle@IOnlineSubsystem@@UEAA?AVFDelegateHandle@@AEBV?$TDelegate@$$A6AXW4Type@EOnlineEnvironment@@0@ZUFDefaultDelegateUserPolicy@@@@@Z
?ClearOnConnectionStatusChangedDelegate_Handle@IOnlineSubsystem@@UEAAXAEAVFDelegateHandle@@@Z
?ClearOnConnectionStatusChangedDelegates@IOnlineSubsystem@@UEAAXPEAX@Z
?ClearOnOnlineEnvironmentChangedDelegate_Handle@IOnlineSubsystem@@UEAAXAEAVFDelegateHandle@@@Z
?ClearOnOnlineEnvironmentChangedDelegates@IOnlineSubsystem@@UEAAXPEAX@Z
?Exec@FOnlineSubsystemImpl@@UEAA_NPEAVUWorld@@PEB_WAEAVFOutputDevice@@@Z
?GetGameActivityInterface@FOnlineSubsystemImpl@@UEBA?AV?$TSharedPtr@VIOnlineGameActivity@@$00@@XZ
?GetGameItemStatsInterface@FOnlineSubsystemImpl@@UEBA?AV?$TSharedPtr@VIOnlineGameItemStats@@$00@@XZ

ue4editor-onlinesubsystemredpointeos

?GetVoiceInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineVoice@@$00@@XZ
?GetUserInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineUser@@$00@@XZ
?GetUserCloudInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineUserCloud@@$00@@XZ
?GetTurnBasedInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineTurnBased@@$00@@XZ
?GetTournamentInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineTournament@@$00@@XZ
?GetTitleFileInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineTitleFile@@$00@@XZ
?GetTimeInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineTime@@$00@@XZ
?GetStoreV2Interface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineStoreV2@@$00@@XZ
?GetStatsInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineStats@@$00@@XZ
?GetSharingInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineSharing@@$00@@XZ
?GetSharedCloudInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineSharedCloud@@$00@@XZ
?GetSessionInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineSession@@$00@@XZ
?GetPurchaseInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlinePurchase@@$00@@XZ
?LoadTextureFromHttpResponse@FEOSTextureLoader@@SAPEAVUTexture@@AEBV?$TSharedPtr@VIHttpResponse@@$00@@@Z
??0FOnlineSubsystemImplBase@@QEAA@VFName@@0@Z
??1FOnlineSubsystemImplBase@@UEAA@XZ
?GetChatInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineChat@@$00@@XZ
?GetEntitlementsInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineEntitlements@@$00@@XZ
?GetEventsInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineEvents@@$00@@XZ
?GetExternalUIInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineExternalUI@@$00@@XZ
?GetFriendsInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineFriends@@$00@@XZ
?GetGroupsInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineGroups@@$00@@XZ
?GetIdentityInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineIdentity@@$00@@XZ
?GetLeaderboardsInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineLeaderboards@@$00@@XZ
?GetMessageInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineMessage@@$00@@XZ
?GetAchievementsInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlineAchievements@@$00@@XZ
?GetPartyInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlinePartySystem@@$00@@XZ
?GetPresenceInterface@FOnlineSubsystemImplBase@@UEBA?AV?$TSharedPtr@VIOnlinePresence@@$00@@XZ

ue4editor-onlinesubsystemoculus

?AddRequestDelegate@FOnlineSubsystemOculus@@QEBAX_K$$QEAV?$TDelegate@$$A6AXPEAUovrMessage@@_N@ZUFDefaultDelegateUserPolicy@@@@@Z

kernel32

InitializeSListHead
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
RaiseException

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__std_terminate
memcpy
memmove
__std_type_info_destroy_list
__current_exception_context
__C_specific_handler
memset
__current_exception

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
terminate

Exports

Exports

InitializeModule

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90d969d49375624e44bb8a584202ce46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ue4editor-core

ue4editor-coreuobject

ue4editor-http

ue4editor-onlinesubsystem

ue4editor-onlinesubsystemredpointeos

ue4editor-onlinesubsystemoculus

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.uedbg Size: 1KB - Virtual size: 1KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 1024B - Virtual size: 596B

.text
Size: 38KB - Virtual size: 37KB

.uedbg
Size: 1KB - Virtual size: 1KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 1024B - Virtual size: 596B