D:\a\weasel\weasel\ARM\Release\weaselARM.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4fe084ca30435f723eb8f7cc57462ee010d82dbfdcef96fe66037fb1fba5db46_NeikiAnalytics.dll
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
4fe084ca30435f723eb8f7cc57462ee010d82dbfdcef96fe66037fb1fba5db46_NeikiAnalytics.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
4fe084ca30435f723eb8f7cc57462ee010d82dbfdcef96fe66037fb1fba5db46_NeikiAnalytics.exe
-
Size
881KB
-
MD5
1c5989bcebafc4d0b5c9f72ab8ea1ff0
-
SHA1
014912fc441e3db3f71fc4ac81cf4874edb24b8c
-
SHA256
4fe084ca30435f723eb8f7cc57462ee010d82dbfdcef96fe66037fb1fba5db46
-
SHA512
de72b19e2eaec083d865ad83a155fc4051307b13487e2ba3fc5660797cdd7a533ef526551b1f768b80966e7e61d93ac08b6586d007fb31a5df888cb331c5b8ab
-
SSDEEP
6144:OOh7TvRoV+LDZCoxuFqwyKIY0cuf0QUNw8bH4D70XcAfXpUr2aQQ83GxXdkCalIx:t14+d4H4D7kRqyai3GxtkOZaMnosVBM
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4fe084ca30435f723eb8f7cc57462ee010d82dbfdcef96fe66037fb1fba5db46_NeikiAnalytics.exe
Files
-
4fe084ca30435f723eb8f7cc57462ee010d82dbfdcef96fe66037fb1fba5db46_NeikiAnalytics.exe.dll regsvr32 windows:6 windows
72cff802bd6b28d7869b08a16f39edba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
CloseHandle
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetModuleFileNameW
GetCurrentThreadId
lstrcpyW
GetUserDefaultLCID
ExitProcess
GetLastError
GetSystemWow64DirectoryW
ExpandEnvironmentStringsW
DeleteCriticalSection
GetCommandLineW
InitializeCriticalSectionEx
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
GetFileType
GetStdHandle
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryExW
TerminateProcess
FreeLibraryAndExitThread
FreeLibrary
ExitThread
CreateThread
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
InterlockedFlushSList
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
IsDebuggerPresent
GetProcAddress
TlsFree
GetCommandLineA
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
WideCharToMultiByte
FormatMessageA
LocalFree
CreateEventA
SetEvent
GetModuleHandleExW
WaitNamedPipeW
SetNamedPipeHandleState
CreateFileW
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ReadFile
RaiseException
SetLastError
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
DecodePointer
GetProcessHeap
WaitForSingleObjectEx
Sleep
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
TryEnterCriticalSection
InitOnceComplete
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
InitOnceBeginInitialize
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeSListHead
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
ResetEvent
OpenEventA
TlsAlloc
user32
ToUnicodeEx
GetKeyboardState
GetMenuItemCount
GetMenuItemInfoW
SetRect
CallWindowProcW
EndPaint
BeginPaint
DefWindowProcW
DestroyIcon
DrawIconEx
MessageBoxW
GetMonitorInfoW
CopyRect
GetCursorPos
UpdateLayeredWindow
GetClientRect
GetWindowRect
InvalidateRect
TrackMouseEvent
PtInRect
InflateRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
OffsetRect
IsRectEmpty
RedrawWindow
ReleaseDC
SetWindowPos
GetDC
MonitorFromRect
CreateWindowExW
GetForegroundWindow
SendInput
GetFocus
SetWindowLongW
DestroyWindow
GetCaretPos
GetWindowLongW
LoadCursorW
GetWindowThreadProcessId
GetSystemMetrics
LoadImageW
DestroyMenu
TrackPopupMenuEx
GetSubMenu
LoadMenuW
IsWindow
KillTimer
ShowWindow
SetTimer
UnregisterClassW
RegisterClassExW
GetClassInfoExW
advapi32
RegEnumKeyExA
RegGetValueW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
GetUserNameW
RegOpenKeyA
RegCloseKey
RegQueryValueExW
shell32
ShellExecuteW
ole32
CoCreateInstance
oleaut32
SysAllocString
SysAllocStringLen
gdiplus
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipDeletePen
GdipSetPenColor
GdipCreatePath
GdipAlloc
GdipAddPathRectangleI
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawPath
GdipFillPath
GdipDrawImageI
GdipDeletePath
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipAddPathLineI
GdipAddPathArcI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateRegionPath
GdipDeleteRegion
GdipCloneRegion
GdipCombineRegionRegion
GdipIsEmptyRegion
GdipFree
GdipCloneImage
d2d1
ord1
dwrite
DWriteCreateFactory
api-ms-win-shcore-scaling-l1-1-1
GetDpiForMonitor
gdi32
SetViewportOrgEx
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
DeleteObject
BitBlt
CreateCompatibleDC
Exports
Exports
??0?$codecvt_null@_W@archive@boost@@QAA@I@Z
??0?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IAA@XZ
??0?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@IAA@XZ
??1?$codecvt_null@_W@archive@boost@@UAA@XZ
??_F?$codecvt_null@_W@archive@boost@@QAAXXZ
?do_always_noconv@?$codecvt_null@_W@archive@boost@@EBA_NXZ
?do_encoding@?$codecvt_null@_W@archive@boost@@EBAHXZ
?do_in@?$codecvt_null@_W@archive@boost@@EBAHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?do_max_length@?$codecvt_null@_W@archive@boost@@EBAHXZ
?do_out@?$codecvt_null@_W@archive@boost@@EBAHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UCandidateInfo@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UCandidateInfo@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UText@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UText@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextAttribute@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UTextAttribute@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UTextRange@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UTextRange@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UUIStyle@weasel@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UUIStyle@weasel@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AAAAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vtext_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAA_NXZ
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UCandidateInfo@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UText@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextAttribute@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UTextRange@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UUIStyle@weasel@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UText@weasel@@V?$allocator@UText@weasel@@@std@@@std@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$vector@UTextAttribute@weasel@@V?$allocator@UTextAttribute@weasel@@@std@@@std@@@detail@archive@boost@@UBAXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAAAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAAXXZ
?unlock@singleton_module@serialization@boost@@QAAXXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 454KB - Virtual size: 454KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 194KB - Virtual size: 193KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 171KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ