1b9db770e95d1a883038f0f52898fcb1f34eadf659f7ec23be9d0b50b47fa125_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1b9db770e95d1a883038f0f52898fcb1f34eadf659f7ec23be9d0b50b47fa125_NeikiAnalytics.exe
Size

65KB
MD5

2ef276db30a3109d2667bdeebeb85160
SHA1

9e0268057f21b588dfde58aa687c5d1f6a48fbc4
SHA256

1b9db770e95d1a883038f0f52898fcb1f34eadf659f7ec23be9d0b50b47fa125
SHA512

ac6ddab7a9f9366e03bafd91f6a2b67404c43e828a4c19c0be69682b73b057b6f03a0dc875c8ecd4768f3bf466a36b259d04286551447ab0342661f83c5af00b
SSDEEP

768:92twaTLdgzFHONG4fyN8TZvB7Y0EoDWKNsTc4kFmku5J8s1jRUejvCGYK/f:92twyLpvmCB7u5V9b8gj+hpK/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b9db770e95d1a883038f0f52898fcb1f34eadf659f7ec23be9d0b50b47fa125_NeikiAnalytics.exe

Files

1b9db770e95d1a883038f0f52898fcb1f34eadf659f7ec23be9d0b50b47fa125_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

7cff56eb5fe2a9d8526d12ac89a7af0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\RobotCompil\KittyHawkSDK_Colored\SRC\KittyHawk\Output_Binaries\x64\Release\SimConnect\SimConnect.pdb

Imports

ws2_32

shutdown
WSAStartup
WSACleanup
WSAGetLastError
WSARecv
getsockopt
getaddrinfo
freeaddrinfo
connect
closesocket
setsockopt
socket
WSASend

shlwapi

PathCombineA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

user32

PostMessageA

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceFrequency
IsDebuggerPresent
GetCurrentProcess
QueryPerformanceCounter
ReadFile
WriteFile
CloseHandle
GetLastError
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventA
GetCurrentDirectoryA
CreateFileA
SetEvent
Sleep
GetCurrentProcessId
GetModuleHandleA
GetModuleHandleExA
GetProcAddress
lstrcmpiA
GetPrivateProfileStringA
GetPrivateProfileSectionA
WaitNamedPipeA
BindIoCompletionCallback

shell32

SHGetFolderPathA

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memmove
memset
__std_exception_copy
__std_exception_destroy
memcpy
memcmp
__C_specific_handler
__std_type_info_destroy_list
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_seh_filter_dll

api-ms-win-crt-convert-l1-1-0

atoi

Exports

Exports

SimConnect_AICreateEnrouteATCAircraft
SimConnect_AICreateNonATCAircraft
SimConnect_AICreateParkedATCAircraft
SimConnect_AICreateSimulatedObject
SimConnect_AIReleaseControl
SimConnect_AIRemoveObject
SimConnect_AISetAircraftFlightPlan
SimConnect_AddClientEventToNotificationGroup
SimConnect_AddFacilityDataDefinitionFilter
SimConnect_AddToClientDataDefinition
SimConnect_AddToDataDefinition
SimConnect_AddToFacilityDefinition
SimConnect_CallDispatch
SimConnect_CameraSetRelative6DOF
SimConnect_ClearAllFacilityDataDefinitionFilters
SimConnect_ClearClientDataDefinition
SimConnect_ClearDataDefinition
SimConnect_ClearInputGroup
SimConnect_ClearNotificationGroup
SimConnect_Close
SimConnect_CompleteCustomMissionAction
SimConnect_CreateClientData
SimConnect_EnumerateControllers
SimConnect_EnumerateInputEventParams
SimConnect_EnumerateInputEvents
SimConnect_ExecuteAction
SimConnect_ExecuteMissionAction
SimConnect_FlightLoad
SimConnect_FlightPlanLoad
SimConnect_FlightSave
SimConnect_GetInputEvent
SimConnect_GetLastSentPacketID
SimConnect_GetNextDispatch
SimConnect_InsertString
SimConnect_MapClientDataNameToID
SimConnect_MapClientEventToSimEvent
SimConnect_MapInputEventToClientEvent
SimConnect_MapInputEventToClientEvent_EX1
SimConnect_MenuAddItem
SimConnect_MenuAddSubItem
SimConnect_MenuDeleteItem
SimConnect_MenuDeleteSubItem
SimConnect_Open
SimConnect_RemoveClientEvent
SimConnect_RemoveInputEvent
SimConnect_RequestClientData
SimConnect_RequestDataOnSimObject
SimConnect_RequestDataOnSimObjectType
SimConnect_RequestFacilitiesList
SimConnect_RequestFacilitiesList_EX1
SimConnect_RequestFacilityData
SimConnect_RequestFacilityData_EX1
SimConnect_RequestJetwayData
SimConnect_RequestNotificationGroup
SimConnect_RequestReservedKey
SimConnect_RequestResponseTimes
SimConnect_RequestSystemState
SimConnect_RetrieveString
SimConnect_SetClientData
SimConnect_SetDataOnSimObject
SimConnect_SetInputEvent
SimConnect_SetInputGroupPriority
SimConnect_SetInputGroupState
SimConnect_SetNotificationGroupPriority
SimConnect_SetSystemEventState
SimConnect_SetSystemState
SimConnect_SubscribeInputEvent
SimConnect_SubscribeToFacilities
SimConnect_SubscribeToFacilities_EX1
SimConnect_SubscribeToSystemEvent
SimConnect_Text
SimConnect_TransmitClientEvent
SimConnect_TransmitClientEvent_EX1
SimConnect_UnsubscribeFromSystemEvent
SimConnect_UnsubscribeInputEvent
SimConnect_UnsubscribeToFacilities
SimConnect_UnsubscribeToFacilities_EX1
SimConnect_WeatherCreateStation
SimConnect_WeatherCreateThermal
SimConnect_WeatherRemoveStation
SimConnect_WeatherRemoveThermal
SimConnect_WeatherRequestCloudState
SimConnect_WeatherRequestInterpolatedObservation
SimConnect_WeatherRequestObservationAtNearestStation
SimConnect_WeatherRequestObservationAtStation
SimConnect_WeatherSetDynamicUpdateRate
SimConnect_WeatherSetModeCustom
SimConnect_WeatherSetModeGlobal
SimConnect_WeatherSetModeServer
SimConnect_WeatherSetModeTheme
SimConnect_WeatherSetObservation

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cff56eb5fe2a9d8526d12ac89a7af0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

shlwapi

advapi32

user32

kernel32

shell32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 104B

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 104B