4dc4da8bfe08e3b59d52fb57606b21adc5ef3c8a16ddbd1035847df5ca69863c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4dc4da8bfe08e3b59d52fb57606b21adc5ef3c8a16ddbd1035847df5ca69863c_NeikiAnalytics.exe
Size

113KB
MD5

0c7c376524d48107c0a1c14e546d7160
SHA1

b1ba23cc664f7f2aa73a5a21888275b7e892c980
SHA256

4dc4da8bfe08e3b59d52fb57606b21adc5ef3c8a16ddbd1035847df5ca69863c
SHA512

3dba9010783a7e24bcb279429cc10acb9cd930d90260cdb84d801232e1f97dcd1b004998e2aa0f21811a13c5763760cd26ae6667ab4b99ca83d245ed79879799
SSDEEP

3072:MIQTMe+XjGmEMjMf8hQvrahKMP+/y04dtG1nsEvZKPDZerHYbPQ:MIQTMegHzhQvrahKMEy04dtG1sOZKtIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dc4da8bfe08e3b59d52fb57606b21adc5ef3c8a16ddbd1035847df5ca69863c_NeikiAnalytics.exe

Files

4dc4da8bfe08e3b59d52fb57606b21adc5ef3c8a16ddbd1035847df5ca69863c_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

8943e00982a3156c26cea6558eeed909

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\php-ftw\php-ftw\php\vs16\x86\obj\Release\php_dba.pdb

Imports

php8

_php_stream_open_wrapper_ex
zend_wrong_param_count
zend_parse_parameters
smart_str_erealloc@@8
zend_list_close@@4
_php_stream_free
_zend_new_array@@4
zend_argument_value_error
_php_stream_cast
zval_try_get_string_func@@4
zend_error
zend_hash_get_current_data_ex@@8
executor_globals
add_index_str
add_next_index_stringl
zend_register_resource
zend_argument_error
zend_hash_move_forward_ex@@8
zend_unregister_ini_entries_ex
php_error_docref
zend_hash_apply_with_argument@@12
display_ini_entries
zend_parse_parameters_ex
zend_wrong_parameter_error@@20
zend_wrong_parameters_none_error@@0
zend_register_list_destructors_ex
zend_wrong_parameters_count_error@@8
_php_stream_set_option
zend_hash_internal_pointer_reset_ex@@8
zend_fetch_resource2
zend_register_persistent_resource_ex
zend_string_concat3
zend_string_concat2
_efree@@4
_emalloc@@4
zend_spprintf
php_info_print_table_start
_php_stream_read
_estrdup@@4
_php_stream_seek
_php_stream_tell
_safe_emalloc@@12
_php_stream_write
_php_stream_flush
_erealloc@@8
_php_stream_putc
_php_stream_get_line
_php_stream_printf
_php_stream_eof
_php_stream_truncate_set_size
_php_stream_temp_create
_estrndup@@8
zend_register_long_constant
_php_stream_copy_to_stream_ex
zend_throw_error
__zend_malloc
zend_parse_arg_long_slow@@12
php_info_print_table_end
zend_hash_find@@8
zend_strpprintf
OnUpdateString
php_info_print_table_row
add_next_index_string
zend_register_ini_entries_ex
add_assoc_string_ex
zend_parse_arg_str_slow@@12
_php_stream_stat_path
zend_hash_index_find@@8

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FindFirstFileA
FindNextFileA
GetFullPathNameA
LockFile
LockFileEx
CloseHandle
GetLastError
SetUnhandledExceptionFilter
CreateFileW
InitializeCriticalSection
FlushFileBuffers
MapViewOfFileEx
FormatMessageA
TlsFree
TlsGetValue
GetCurrentProcessId
GetFileSize
UnlockFile
GetSystemInfo
TlsAlloc
SetEvent
OpenMutexA
GetFileInformationByHandle
MultiByteToWideChar
GetVersion
OpenProcess
ReleaseMutex
GetCurrentThreadId
EnterCriticalSection
WaitForSingleObject
CreateMutexA
SetEndOfFile
SetFilePointer
SignalObjectAndWait
WriteFile
TlsSetValue
ReadFile
CreateFileMappingA
GlobalMemoryStatus
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
Sleep
DeleteCriticalSection
LeaveCriticalSection
FindClose

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

vcruntime140

strchr
memcpy
memset
__std_type_info_destroy_list
_except_handler4_common
memmove

api-ms-win-crt-string-l1-1-0

_stricmp
_strdup

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_errno
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
abort
strerror
_initterm

api-ms-win-crt-convert-l1-1-0

strtol
atoi

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-stdio-l1-1-0

_write
_close
_get_osfhandle
_lseek
_read
__acrt_iob_func
fflush
_chsize
_open
__stdio_common_vsprintf
__stdio_common_vfprintf

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_fstat64i32
_unlink

api-ms-win-crt-time-l1-1-0

_gmtime64
clock
_localtime64

Exports

Exports

get_module

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8943e00982a3156c26cea6558eeed909

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

php8

kernel32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB