6b8a4eee7b99c604d846932d526a464753db14a3ed4c1549d35748aeba791c6d_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6b8a4eee7b99c604d846932d526a464753db14a3ed4c1549d35748aeba791c6d_NeikiAnalytics.exe
Size

60KB
MD5

87cd21f28db7ea549e5be8a4ed11e6d0
SHA1

827fa556bd1419d65d750ab56a5f17182ce90cb8
SHA256

6b8a4eee7b99c604d846932d526a464753db14a3ed4c1549d35748aeba791c6d
SHA512

b59323aa724f029bcdf1602d95ec6ba7658b6f4239e6d784146d0e9fdda5b28efa784edcbef5d75d8b9fe16c654f1f74dcdf1e339912d6ae52ca199181ad5fe8
SSDEEP

1536:R+yBv9xR8cVATAgiJB7rnfWkjiLuvNgdI78Paq:RHBVxRzmJiJxrVe5dJT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b8a4eee7b99c604d846932d526a464753db14a3ed4c1549d35748aeba791c6d_NeikiAnalytics.exe

Files

6b8a4eee7b99c604d846932d526a464753db14a3ed4c1549d35748aeba791c6d_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

a6a34e1d6392be1db11150c480ac7f92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ShaderCompileWorker-Networking.pdb

Imports

shadercompileworker-core

?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?CheckVerifyFailedImpl2@FDebug@@SA_NPEBD0HPEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
??0FString@@QEAA@PEBD@Z
??0FString@@QEAA@PEB_W@Z
?AssignRange@FString@@AEAAXPEB_WH@Z
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?TrimStartAndEndInline@FString@@QEAAXXZ
?ParseIntoArray@FString@@QEBAHAEAV?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@PEB_W_N@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?Resolve@FLazyName@@QEBA?AVFName@@XZ
?Clear@FAutomationTestExecutionInfo@@QEAAXXZ
?Get@FAutomationTestFramework@@SAAEAV1@XZ
?RegisterAutomationTest@FAutomationTestFramework@@QEAA_NAEBVFString@@PEAVFAutomationTestBase@@@Z
?UnregisterAutomationTest@FAutomationTestFramework@@QEAA_NAEBVFString@@@Z
?TestFalse@FAutomationTestBase@@QEAA_NPEB_W_N@Z
?TestTrue@FAutomationTestBase@@QEAA_NPEB_W_N@Z
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreObjectIndexToPackedObjectRefDebug@@3PEB_KEB
?AddError@FAutomationTestBase@@UEAAXAEBVFString@@H@Z
?SuppressedLogCategories@FAutomationTestBase@@2V?$TArray@VFString@@V?$TSizedDefaultAllocator@$0CA@@@@@A
?bElevateLogWarningsToErrors@FAutomationTestBase@@2_NA
?bSuppressLogErrors@FAutomationTestBase@@2_NA
?bSuppressLogWarnings@FAutomationTestBase@@2_NA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?SetTelemetryStorage@FAutomationTestBase@@UEAAXAEBVFString@@@Z
?AddTelemetryData@FAutomationTestBase@@UEAAXAEBVFString@@N0@Z
?AddTelemetryData@FAutomationTestBase@@UEAAXAEBV?$TMap@VFString@@NVFDefaultSetAllocator@@U?$TDefaultMapHashableKeyFuncs@VFString@@N$0A@@@@@AEBVFString@@@Z
?AddAnalyticsItem@FAutomationTestBase@@UEAAXAEBVFString@@@Z
?AddEvent@FAutomationTestBase@@UEAAXAEBUFAutomationEvent@@H_N@Z
?AddInfo@FAutomationTestBase@@UEAAXAEBVFString@@H_N@Z
?AddWarning@FAutomationTestBase@@UEAAXAEBVFString@@H@Z
?AddWarningS@FAutomationTestBase@@UEAAXAEBVFString@@0H@Z
?AddErrorS@FAutomationTestBase@@UEAAXAEBVFString@@0H@Z
?AddErrorIfFalse@FAutomationTestBase@@UEAA_N_NAEBVFString@@H@Z
?Split@FString@@QEBA_NAEBV1@PEAV1@1W4Type@ESearchCase@@W42ESearchDir@@@Z

shadercompileworker-sockets

?Get@ISocketSubsystem@@SAPEAV1@AEBVFName@@@Z
?IPv4@FNetworkProtocolTypes@@3VFLazyName@@B

kernel32

InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
RtlCaptureContext

vcruntime140

_purecall
memcpy
memmove
memset
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

Exports

Exports

?Any@FIPv4Address@@2U1@B
?Any@FIPv4Endpoint@@2U1@B
?CachedSocketSubsystem@FIPv4Endpoint@@0PEAVISocketSubsystem@@EA
?FromHostAndPort@FIPv4Endpoint@@SA_NAEBVFString@@AEAU1@@Z
?Initialize@FIPv4Endpoint@@SAXXZ
?InternalLoopback@FIPv4Address@@2U1@B
?LanBroadcast@FIPv4Address@@2U1@B
?Parse@FIPv4Address@@SA_NAEBVFString@@AEAU1@@Z
?Parse@FIPv4Endpoint@@SA_NAEBVFString@@AEAU1@@Z
?Parse@FIPv4Subnet@@SA_NAEBVFString@@AEAU1@@Z
?Parse@FIPv4SubnetMask@@SA_NAEBVFString@@AEAU1@@Z
?ToString@FIPv4Address@@QEBA?AVFString@@XZ
?ToString@FIPv4Endpoint@@QEBA?AVFString@@XZ
?ToString@FIPv4Subnet@@QEBA?AVFString@@XZ
?ToString@FIPv4SubnetMask@@QEBA?AVFString@@XZ
?ToString@FSteamEndpoint@@QEBA?AVFString@@XZ
InitializeModule

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6a34e1d6392be1db11150c480ac7f92

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shadercompileworker-core

shadercompileworker-sockets

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 592B

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 592B

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 512B - Virtual size: 264B