2436134bd4136b0f6e16d2327f2065a0ea3ed1844b7159f77590f110495cbf64_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2436134bd4136b0f6e16d2327f2065a0ea3ed1844b7159f77590f110495cbf64_NeikiAnalytics.exe
Size

1.1MB
MD5

d506ee50cd2cd053b9edd82594d8d0a0
SHA1

13a2c05f0c6b14d0222cfd05d1949120512c1a1b
SHA256

2436134bd4136b0f6e16d2327f2065a0ea3ed1844b7159f77590f110495cbf64
SHA512

aa92858e23254aeb93ab1d99d729933406b774c2cf76f519b697504addae4e1d13dd1609db76d65c966b27579968b710abc77234b85d39d65ca39d1ba340a628
SSDEEP

12288:lLFcpjBdEH7PC9RTwS7mEPxMZpYAx1aqXuNIgAztJA:lYjk7PC9KorJAi6uN3AztJA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2436134bd4136b0f6e16d2327f2065a0ea3ed1844b7159f77590f110495cbf64_NeikiAnalytics.exe

Files

2436134bd4136b0f6e16d2327f2065a0ea3ed1844b7159f77590f110495cbf64_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

074a19b5aee8c920b29a7b6c4bda6b28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\2024-1-0-264-1\dev\kit\winamd64\release\bin\iKnowModeluk.pdb

Imports

iknowmodelcommon

?SetModel@model@iknow@@YAPEBVModel@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KPEBV312@@Z
?SetRawDataPointer@model@iknow@@YAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAPEBE@Z
?SetALIModel@model@iknow@@YAPEBVALIModel@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KPEBV312@@Z

iknowali

?NextClusterChar@LanguageBase@ali@iknow@@SA_SAEAPEB_SPEB_S_S@Z

icuuc69

??0ConstChar16Ptr@icu_69@@QEAA@PEB_S@Z
??3UMemory@icu_69@@SAXPEAX@Z
u_isalpha_69
??1UnicodeString@icu_69@@UEAA@XZ
??0UnicodeString@icu_69@@QEAA@CVConstChar16Ptr@1@H@Z

icuin69

?reset@RegexMatcher@icu_69@@UEAAAEAV12@AEBVUnicodeString@2@@Z
??1RegexPattern@icu_69@@UEAA@XZ
?lookingAt@RegexMatcher@icu_69@@UEAACAEAW4UErrorCode@@@Z
?end@RegexMatcher@icu_69@@UEBAHAEAW4UErrorCode@@@Z
??1RegexMatcher@icu_69@@UEAA@XZ

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__std_type_info_destroy_list
__current_exception
memset
_purecall
__std_exception_copy
__std_exception_destroy
__C_specific_handler
__current_exception_context
memmove

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_register_onexit_function
_cexit
_seh_filter_dll
terminate
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_execute_onexit_table
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

kernel32

CreateEventW
CloseHandle
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
EnterCriticalSection
GetModuleHandleW
WaitForSingleObjectEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent

Exports

Exports

?$TSS0@?1??Goto@LexrepFunctions@model@iknow@@QEBA_K_KPEB_S1@Z@4HA
??0ALIData@model@iknow@@QEAA@PEB_SPEBI0111@Z
??0ALIDataModel@model@iknow@@QEAA@$$QEAV012@@Z
??0ALIDataModel@model@iknow@@QEAA@AEBV012@@Z
??0ALIDataModel@model@iknow@@QEAA@AEBVALIData@12@@Z
??0ALIFunctions@model@iknow@@QEAA@AEBVALIData@12@@Z
??0ALIModel@model@iknow@@QEAA@AEBV012@@Z
??0ALIModel@model@iknow@@QEAA@XZ
??0DataModel@model@iknow@@QEAA@$$QEAV012@@Z
??0DataModel@model@iknow@@QEAA@AEBV012@@Z
??0DataModel@model@iknow@@QEAA@AEBVLexrepData@12@@Z
??0LexrepData@model@iknow@@QEAA@PEB_SPEBI01PEBVRegex@12@PEBG1311PEBUMatch@12@3PEBE_K_N7@Z
??0LexrepFunctions@model@iknow@@QEAA@AEBVLexrepData@12@@Z
??0Model@model@iknow@@QEAA@AEBV012@@Z
??0Model@model@iknow@@QEAA@XZ
??0OutputAccumulator@model@iknow@@QEAA@AEBVALIFunctions@12@@Z
??1ALIDataModel@model@iknow@@UEAA@XZ
??1ALIModel@model@iknow@@UEAA@XZ
??1DataModel@model@iknow@@UEAA@XZ
??1Model@model@iknow@@UEAA@XZ
??4ALIData@model@iknow@@QEAAAEAV012@$$QEAV012@@Z
??4ALIData@model@iknow@@QEAAAEAV012@AEBV012@@Z
??4ALIDataModel@model@iknow@@QEAAAEAV012@$$QEAV012@@Z
??4ALIDataModel@model@iknow@@QEAAAEAV012@AEBV012@@Z
??4ALIFunctions@model@iknow@@QEAAAEAV012@$$QEAV012@@Z
??4ALIFunctions@model@iknow@@QEAAAEAV012@AEBV012@@Z
??4ALIModel@model@iknow@@QEAAAEAV012@AEBV012@@Z
??4DataModel@model@iknow@@QEAAAEAV012@$$QEAV012@@Z
??4DataModel@model@iknow@@QEAAAEAV012@AEBV012@@Z
??4LexrepData@model@iknow@@QEAAAEAV012@$$QEAV012@@Z
??4LexrepData@model@iknow@@QEAAAEAV012@AEBV012@@Z
??4LexrepFunctions@model@iknow@@QEAAAEAV012@$$QEAV012@@Z
??4LexrepFunctions@model@iknow@@QEAAAEAV012@AEBV012@@Z
??4Model@model@iknow@@QEAAAEAV012@AEBV012@@Z
??HOutputAccumulator@model@iknow@@QEBA?AU012@_S@Z
??YOutputAccumulator@model@iknow@@QEAAAEAU012@_S@Z
??_7ALIDataModel@model@iknow@@6B@
??_7ALIModel@model@iknow@@6B@
??_7DataModel@model@iknow@@6B@
??_7Model@model@iknow@@6B@
?Failure@ALIFunctions@model@iknow@@AEBA_K_K@Z
?Failure@DataModel@model@iknow@@UEBA_K_K@Z
?Failure@LexrepFunctions@model@iknow@@QEBA_K_K@Z
?FailureTable@ALIData@model@iknow@@QEBAPEBIXZ
?FailureTable@LexrepData@model@iknow@@QEBAPEBIXZ
?GetRegex@LexrepFunctions@model@iknow@@QEBAAEBVRegex@23@G@Z
?GetSoleRegex@LexrepFunctions@model@iknow@@QEBAAEBVRegex@23@_K@Z
?GetSoleRegexNextState@LexrepFunctions@model@iknow@@QEBA_K_K@Z
?Goto@ALIFunctions@model@iknow@@AEBA_K_K_S@Z
?Goto@DataModel@model@iknow@@UEBA_K_KPEB_S1@Z
?Goto@LexrepFunctions@model@iknow@@QEBA_K_KPEB_S1@Z
?Goto@LexrepFunctions@model@iknow@@QEBA_K_K_S@Z
?GotoChar@DataModel@model@iknow@@UEBA_K_K_S@Z
?GotoWord@DataModel@model@iknow@@UEBA_K_KPEB_S1@Z
?HasRegex@LexrepData@model@iknow@@QEBA_NXZ
?IsIdeographic@DataModel@model@iknow@@UEBA_NXZ
?IsIdeographic@LexrepData@model@iknow@@QEBA_NXZ
?IsIdeographic@LexrepFunctions@model@iknow@@QEBA_NXZ
?MatchCount@LexrepData@model@iknow@@QEBAPEBEXZ
?MatchSet@LexrepData@model@iknow@@QEBAPEBGXZ
?Matches@LexrepData@model@iknow@@QEBAPEBUMatch@23@XZ
?MaxWordCount@DataModel@model@iknow@@UEBA_KXZ
?MaxWordCount@LexrepData@model@iknow@@QEBA_KXZ
?MaxWordCount@LexrepFunctions@model@iknow@@QEBA_KXZ
?NextStateMap@ALIData@model@iknow@@QEBAPEBIXZ
?NextStateMap@LexrepData@model@iknow@@QEBAPEBIXZ
?OneStateMap@ALIData@model@iknow@@QEBAPEB_SXZ
?OneStateMap@LexrepData@model@iknow@@QEBAPEB_SXZ
?Output@ALIData@model@iknow@@QEBAPEBIXZ
?Output@ALIFunctions@model@iknow@@AEBAI_K@Z
?OutputBegin@DataModel@model@iknow@@UEBAPEBUMatch@23@_K@Z
?OutputBegin@LexrepFunctions@model@iknow@@QEBAPEBUMatch@23@_K@Z
?OutputCount@DataModel@model@iknow@@UEBA_K_K@Z
?OutputEnd@LexrepFunctions@model@iknow@@QEBAPEBUMatch@23@_K@Z
?RegexBegin@LexrepFunctions@model@iknow@@QEBAPEBG_K@Z
?RegexCount@LexrepFunctions@model@iknow@@QEBA_K_K@Z
?RegexGotoBegin@LexrepFunctions@model@iknow@@QEBAPEBI_K@Z
?RegexMap@LexrepData@model@iknow@@QEBAPEBVRegex@23@XZ
?RegexNextStateMap@LexrepData@model@iknow@@QEBAPEBIXZ
?RegexOffsetMap@LexrepData@model@iknow@@QEBAPEBGXZ
?RegexOneStateMap@LexrepData@model@iknow@@QEBAPEBGXZ
?RegexStateMap@LexrepData@model@iknow@@QEBAPEBIXZ
?Register@uk0@model@iknow@@YAXXZ
?RegisterALI@uk0@model@iknow@@YAXXZ
?ScoreText@ALIDataModel@model@iknow@@UEBANPEB_S0_K@Z
?ScoreText@ALIFunctions@model@iknow@@QEBANPEB_S0_K@Z
?ScoreText@ALIModel@model@iknow@@UEBANPEB_S0_K@Z
?StateMap@ALIData@model@iknow@@QEBAPEBIXZ
?StateMap@LexrepData@model@iknow@@QEBAPEBIXZ
?SymbolMap@ALIData@model@iknow@@QEBAPEB_SXZ
?SymbolMap@LexrepData@model@iknow@@QEBAPEB_SXZ
?stack@?1??Goto@LexrepFunctions@model@iknow@@QEBA_K_KPEB_S1@Z@4VGStack@34@A

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074a19b5aee8c920b29a7b6c4bda6b28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iknowmodelcommon

iknowali

icuuc69

icuin69

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 512B - Virtual size: 28KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 188B

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 512B - Virtual size: 28KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 188B