25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff_NeikiAnalytics.exe
Size

325KB
MD5

8b217a8e87b4b0408aca33b325935970
SHA1

02f981f7bc2ad30caef25e8d8682d2600c0ddc91
SHA256

25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff
SHA512

312b3ad3535574ffc1f88ed8d9fc1cc35e25fb4639de90cfc37239f64eeb0c640381d7910991a3e92a28f51892a23fbb86cfc89616c316700a448c1f43985d8d
SSDEEP

6144:gLxclrMwyZy5l/Jt1d/7wNXd5oCX1MYDdaRv21j9Rl1NnNf+b3wG7h+ALvQ:wyrM1MhTUXlFcSj3lpfuYW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff_NeikiAnalytics.exe

Files

25646b1d8d57f29c884a6bfad99d71ad33288ea7c3d7c8bd499437f60bddbcff_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

4bb00b729f9c99271b750f9ddc25b4dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\b\bin\win32\_ctypes.pdb

Imports

libffi-7

ffi_prep_cif
ffi_call
ffi_prep_closure

ole32

ProgIDFromCLSID

oleaut32

SysAllocStringLen
SysFreeString
GetErrorInfo
SysStringLen

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetProcAddress
SetLastError
GetLastError
DisableThreadLibraryCalls
FormatMessageW
LocalFree
FreeLibrary
LoadLibraryExW
VirtualAlloc
GetSystemInfo
InitializeSListHead
UnhandledExceptionFilter

python310

PyExc_AttributeError
PyTuple_GetSlice
PyUnicode_New
PyUnicode_FromWideChar
_Py_CheckFunctionResult
PyErr_SetString
_PyObject_LookupAttrId
PyExc_ValueError
PyDict_Next
PyErr_Format
PyDict_Type
PyModule_AddType
PyType_IsSubtype
PyExc_OverflowError
_Py_Dealloc
PyLong_AsUnsignedLongMask
PyTuple_GetItem
PySequence_GetSlice
PyDescr_NewGetSet
PyErr_ExceptionMatches
_PyUnicode_FromId
PyModule_AddObjectRef
PySequence_SetItem
_PyArg_ParseTuple_SizeT
PyObject_CallFunctionObjArgs
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyObject_GetBuffer
PySys_Audit
PyList_New
PyModule_Create2
PyType_Ready
PyObject_GetAttrString
PyErr_NewException
PyErr_Clear
_PyDict_GetItemIdWithError
PyObject_GenericSetAttr
PyDict_SetItem
PyDict_New
_PyLong_Sign
PyObject_VectorcallMethod
PyObject_IsInstance
PyMem_Free
PyLong_FromVoidPtr
PyUnicode_AsWideChar
PyErr_NoMemory
_PyRuntime
PyLong_AsVoidPtr
PyObject_CallObject
PyIndex_Check
PyBytes_FromStringAndSize
PyDict_DelItem
PyNumber_AsSsize_t
_PyObject_MakeTpCall
PyObject_IsSubclass
_PyWeakref_ProxyType
PyExc_TypeError
_PyDict_ContainsId
PyCallable_Check
PyMem_Malloc
PyExc_IndexError
Py_EnterRecursiveCall
PyArg_UnpackTuple
PyUnicode_FromString
PyBuffer_Release
PyType_Type
PySequence_Tuple
PyEval_RestoreThread
PyUnicode_FromStringAndSize
PyImport_ImportModuleNoBlock
PyErr_WarnEx
PyExc_RuntimeWarning
PyOS_vsnprintf
PyObject_GC_UnTrack
PySys_GetObject
PyGILState_Release
PyErr_WriteUnraisable
Py_Initialize
PyObject_GC_Del
PyLong_AsLong
Py_IsInitialized
PyFile_WriteString
PyObject_GC_Track
PyGILState_Ensure
_PyObject_GC_NewVar
PyMemoryView_FromObject
PyMem_Calloc
PyErr_SetObject
PyLong_AsUnsignedLong
PyCapsule_IsValid
PyBytes_AsString
PyErr_NormalizeException
PyUnicode_AppendAndDel
Py_BuildValue
PyErr_SetFromWindowsErr
PyUnicode_FromFormatV
PyFloat_FromDouble
PyObject_CallFunction
PyTuple_Type
PyObject_Free
PyCapsule_GetPointer
PyErr_Fetch
PyUnicode_AsWideCharString
_PyObject_GetAttrId
PyThreadState_GetDict
PyCapsule_New
PyUnicode_Type
_PyTraceback_Add
_PyUnicode_IsPrintable
PyExc_OSError
_PyType_Name
_PyObject_New
PyMem_Realloc
PyObject_Str
PyExc_FileNotFoundError
PyObject_Call
PyArg_ParseTuple
PyBool_FromLong
_PyFloat_Pack4
PyLong_FromUnsignedLongLong
_PyFloat_Unpack4
PyFloat_AsDouble
PyLong_FromLongLong
PyLong_FromUnsignedLong
PyLong_AsUnsignedLongLongMask
_PyFloat_Unpack8
PyObject_IsTrue
_PyFloat_Pack8
PyByteArray_Type
PyObject_GetAttr
PySequence_Fast
PyTuple_Size
_PyDict_SizeOf
_PyLong_AsInt
PyDict_SetItemString
_Py_NoneStruct
PyDict_Contains
PyDict_GetItemWithError
_PyDict_SetItemId
_PyErr_WriteUnraisableMsg
PyBuffer_IsContiguous
PyUnicode_Concat
PySlice_Unpack
PyLong_FromLong
PyObject_SetAttrString
PyExc_RuntimeError
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
_PyWeakref_CallableProxyType
_PyUnicode_EqualToASCIIString
PyLong_FromSsize_t
PyWeakref_NewProxy
PyErr_Occurred
PyDict_Update
PySequence_GetItem
PySlice_Type
Py_LeaveRecursiveCall
PyLong_AsSsize_t
_PyArg_NoKeywords
PyType_GenericNew
_PyObject_SetAttrId
_PyObject_CallFunction_SizeT
_Py_BuildValue_SizeT
PyExc_Exception
PySlice_AdjustIndices
PyThreadState_Get
PyDescr_NewClassMethod
PyUnicode_InternFromString
PyObject_SetAttr
PySequence_Size
Py_GenericAlias
PyErr_Print
PyTuple_New
PyTuple_Pack

vcruntime140

memset
memcpy
strchr
_except_handler4_common
__std_type_info_destroy_list
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_cexit
_errno
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

iswctype

Exports

Exports

DllCanUnloadNow
DllGetClassObject
PyInit__ctypes

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bb00b729f9c99271b750f9ddc25b4dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libffi-7

ole32

oleaut32

kernel32

python310

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 237KB - Virtual size: 240KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 237KB - Virtual size: 240KB