4017b736e50e7671b968a4cc12aef33d453b12f8655208999f8a1ee33478b983_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4017b736e50e7671b968a4cc12aef33d453b12f8655208999f8a1ee33478b983_NeikiAnalytics.exe
Size

3.1MB
MD5

e838d05b5f7ce505150e108a373cdcf0
SHA1

b49c532e41c39e3b66c6bde8689fc201f5281ee2
SHA256

4017b736e50e7671b968a4cc12aef33d453b12f8655208999f8a1ee33478b983
SHA512

24b54caad30c73db9ab9ffe21272ce6243c8928c3fb870c436e7c89d57baa858f49773cc5e96008955d6168e269351c5c0ceb52f2fdc501c98b6bb1512b0c413
SSDEEP

49152:oSYBKJFs5+qVCFkFYaWWyBtBcgSYEN8AT0Ti9Ev7aP40mwJZ:/WIbrahYcRYEN8AT0Ti9Ev+P40vZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4017b736e50e7671b968a4cc12aef33d453b12f8655208999f8a1ee33478b983_NeikiAnalytics.exe

Files

4017b736e50e7671b968a4cc12aef33d453b12f8655208999f8a1ee33478b983_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x64 arch:x64

598a4bd87aec076c96513afe455ab043

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

I:\bb\nnlmsdk164_1\build_windows_mfts\build_dir\repos\mdp_msdk-mfts\samples\_build\x64\Release_THM\mfx_mft_vp9ve_64.pdb

Imports

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-synch-l1-1-0

CreateMutexW
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
ResetEvent
SetEvent
EnterCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
TryEnterCriticalSection
CreateEventW
ReleaseSemaphore

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoInitializeSecurity
StringFromGUID2
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoTaskMemFree
StringFromCLSID
PropVariantClear

oleaut32

VariantClear
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysFreeString

dxgi

CreateDXGIFactory

mfplat

MFCreateTrackedSample
MFCreateDXGIDeviceManager
MFCreateDXSurfaceBuffer
MFTUnregister
MFTRegister
MFUnlockWorkQueue
MFAllocateSerialWorkQueue
MFPutWorkItem
MFCreateAttributes
MFCreateEventQueue
MFCreateMediaEvent
MFCreateMediaType
MFCreateMemoryBuffer

propsys

VariantCompare
PropVariantCompareEx
PSCreateMemoryPropertyStore

d3d11

D3D11CreateDevice

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteKeyExW
RegCloseKey

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCommandLineA
GetEnvironmentStringsW
GetCurrentDirectoryW
GetStdHandle
SetStdHandle
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
FreeLibraryAndExitThread
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryA
GetTickCount
GetLocalTime
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
ResumeThread
TlsSetValue
GetCurrentProcessId
TlsGetValue
TlsAlloc
SwitchToThread
ExitThread
CreateThread
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
TlsFree
GetProcessTimes

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
LCMapStringW
GetLocaleInfoW
GetCPInfo
FormatMessageW
GetOEMCP
IsValidCodePage
FormatMessageA

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwind
RtlCaptureContext
RtlPcToFileHeader

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedFlushSList

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-1-0

GetFileAttributesW
FindFirstFileW
WriteFile
FlushFileBuffers
FindClose
SetFileTime
GetFullPathNameW
CreateFileA
GetFileType
CreateFileW
FindFirstFileExW
SetEndOfFile
FindNextFileW
ReadFile
SetFilePointerEx
GetFileInformationByHandle
GetDriveTypeW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-console-l1-1-0

GetConsoleCP
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleW
WriteConsoleW

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRSCODE
Size: 832KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

598a4bd87aec076c96513afe455ab043

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-util-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

oleaut32

dxgi

mfplat

propsys

d3d11

api-ms-win-core-registry-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-core-io-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

TRSCODE Size: 832KB - Virtual size: 832KB

.rdata Size: 518KB - Virtual size: 518KB

.data Size: 26KB - Virtual size: 121KB

.pdata Size: 90KB - Virtual size: 90KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 1.5MB - Virtual size: 1.5MB

TRSCODE
Size: 832KB - Virtual size: 832KB

.rdata
Size: 518KB - Virtual size: 518KB

.data
Size: 26KB - Virtual size: 121KB

.pdata
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 13KB - Virtual size: 12KB