Static task
static1
Behavioral task
behavioral1
Sample
3dd2f268b32754e73e3bbbc5f74f1ea3b9a032b54d035b6dcb36df97da02b0f0_NeikiAnalytics.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
3dd2f268b32754e73e3bbbc5f74f1ea3b9a032b54d035b6dcb36df97da02b0f0_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Target
3dd2f268b32754e73e3bbbc5f74f1ea3b9a032b54d035b6dcb36df97da02b0f0_NeikiAnalytics.exe
Size
2.4MB
MD5
abb362c80f8b8312e5e26ab4802cf940
SHA1
7be7f68c514d1a79fbd4b10442ebf04264825d3e
SHA256
3dd2f268b32754e73e3bbbc5f74f1ea3b9a032b54d035b6dcb36df97da02b0f0
SHA512
d0f828149de8c4b092c19d9df7621f9f459ad4a3cfb376830f5b5b55e6cdf0c2449ed11988f62b3d090b535a05eb00e2249327bdf18b7f3bf150650d58e136c1
SSDEEP
49152:7onwVOlO06ahnkRBiggsOhtPibgqlrB4hpukAIh:lIO01nkRIgwhAbg9N
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
C:\actions-runner\_work\galaxy-mbamsi\galaxy-mbamsi\bin\Win32\Release\mbamsi32.pdb
CertDuplicateCertificateContext
CertOpenStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptDecodeObject
CryptDecodeObjectEx
CryptMsgGetParam
CertGetNameStringW
CertFindCertificateInStore
CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
GetAdaptersInfo
GetTimeZoneInformation
FreeLibrary
FormatMessageW
GlobalAlloc
GlobalFree
GetFileAttributesExW
SetFileAttributesW
GetLongPathNameW
GetWindowsDirectoryW
GetModuleFileNameW
GetFileAttributesW
CreateDirectoryW
GetVolumePathNameW
RemoveDirectoryW
DeleteFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
OpenThread
SetThreadPriority
SetFilePointer
GetFileSizeEx
Wow64GetThreadContext
GetThreadContext
SuspendThread
ResumeThread
GetFileSize
SetEndOfFile
GetStdHandle
GetModuleHandleA
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
TerminateProcess
GetStartupInfoW
ReleaseMutex
CreateMutexW
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFileType
DeleteFiber
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
SetEvent
OutputDebugStringW
GetCurrentThread
LoadLibraryW
GetExitCodeProcess
CreateProcessW
QueryDosDeviceW
Module32NextW
Module32FirstW
OpenProcess
CreateToolhelp32Snapshot
GetNativeSystemInfo
IsWow64Process
GetLocalTime
GetSystemWindowsDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
CopyFileW
MoveFileExW
GetSystemDirectoryW
GetCurrentProcess
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
FlushFileBuffers
ConnectNamedPipe
WaitNamedPipeW
TransactNamedPipe
GetNamedPipeServerProcessId
GetOverlappedResult
ResetEvent
CancelIoEx
DisconnectNamedPipe
WaitForSingleObject
PeekNamedPipe
GetNamedPipeClientProcessId
WaitForMultipleObjects
CreateNamedPipeW
WriteFile
SetLastError
SetNamedPipeHandleState
ReadFile
LocalFree
CreateEventW
LocalAlloc
GetCurrentProcessId
SwitchToThread
Sleep
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SystemTimeToTzSpecificLocalTime
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
CloseHandle
HeapReAlloc
FileTimeToSystemTime
GetLastError
HeapSize
CreateFileW
FindClose
InitializeCriticalSectionEx
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
SetStdHandle
GetConsoleOutputCP
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
GetCPInfo
LCMapStringEx
EncodePointer
SleepConditionVariableSRW
WakeAllConditionVariable
ExpandEnvironmentStringsW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FindNextFileW
HeapFree
FindFirstFileW
lstrcmpA
GetTickCount
GetStringTypeW
QueryPerformanceFrequency
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegDeleteTreeW
RegSetKeyValueW
SetSecurityDescriptorDacl
IsTextUnicode
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
OpenThreadToken
OpenProcessToken
LsaNtStatusToWinError
GetExplicitEntriesFromAclW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
ImpersonateLoggedOnUser
CreateWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
AreAllAccessesGranted
MapGenericMask
ConvertStringSidToSidW
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
TreeSetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
DeleteAce
FreeSid
SHGetFolderPathW
VariantClear
WNetGetConnectionW
NetApiBufferFree
NetWkstaGetInfo
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
EnumProcessModulesEx
GetProcessImageFileNameW
GetModuleFileNameExW
GetMappedFileNameW
AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzInitializeContextFromSid
AuthzAccessCheck
AuthzFreeContext
SfcIsFileProtected
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCreateHash
BCryptDestroyKey
BCryptImportKeyPair
BCryptGenRandom
BCryptVerifySignature
BCryptGetProperty
recv
send
closesocket
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
DllCanUnloadNow
DllGetClassObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ