D:\a\neovim\neovim\build\bin\nvim.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4955057eefb682d25fd00570cac57c8998fdd79ee2d6063f38c405266c16b509_NeikiAnalytics.exe
Resource
win7-20240419-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
4955057eefb682d25fd00570cac57c8998fdd79ee2d6063f38c405266c16b509_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
4955057eefb682d25fd00570cac57c8998fdd79ee2d6063f38c405266c16b509_NeikiAnalytics.exe
-
Size
5.2MB
-
MD5
d3983da40a1cce3345c586024ce89f30
-
SHA1
db3f7fb49925a53e0a5dc47e9ee5a37608002d4f
-
SHA256
4955057eefb682d25fd00570cac57c8998fdd79ee2d6063f38c405266c16b509
-
SHA512
d916a373838dec957448657cf2af6fabe8e7336c8c6fff681c46fbc7a9773e460ad2da8ddde8c59ea12934530e9caf56266431c8b5fc4dd5d4d06d1c31127636
-
SSDEEP
98304:iik1fp0t11NdZWs3eqYpGtaZguwAsBAUZLBct+4DgZ:iiP1NdMsV9YfU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4955057eefb682d25fd00570cac57c8998fdd79ee2d6063f38c405266c16b509_NeikiAnalytics.exe
Files
-
4955057eefb682d25fd00570cac57c8998fdd79ee2d6063f38c405266c16b509_NeikiAnalytics.exe.exe windows:6 windows x64 arch:x64
fc62e6ee01a6c5419f2fec4150aa0be2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
lua51
luaL_openlibs
lua_pushlightuserdata
luaL_loadbuffer
luaL_checklstring
lua_insert
lua_pcall
lua_getinfo
lua_isnumber
lua_pushnil
lua_getfield
lua_pushvalue
lua_iscfunction
luaL_newstate
luaL_checkinteger
lua_settop
lua_setmetatable
lua_close
luaL_callmeta
luaL_getmetafield
lua_getstack
luaL_checktype
luaL_unref
lua_objlen
lua_remove
lua_toboolean
lua_rawset
lua_checkstack
lua_touserdata
lua_getfenv
lua_setfenv
luaL_prepbuffer
lua_call
lua_tocfunction
luaL_pushresult
luaL_buffinit
lua_rawgeti
luaL_checkstack
lua_rawget
lua_typename
lua_gettable
lua_isuserdata
lua_topointer
lua_pushfstring
luaL_checknumber
lua_replace
lua_dump
lua_status
luaL_optinteger
lua_pushboolean
lua_tonumber
luaL_checkoption
lua_equal
luaL_checkany
luaL_addlstring
luaL_addvalue
lua_getallocf
lua_setfield
lua_settable
luaL_ref
lua_pushlstring
luaL_newmetatable
lua_newuserdata
luaL_where
lua_pushcclosure
lua_rawseti
lua_createtable
lua_pushvfstring
lua_tointeger
lua_next
lua_pushnumber
luaL_checkudata
lua_isstring
lua_rawequal
lua_getmetatable
lua_pushinteger
luaL_argerror
luaL_register
lua_tolstring
lua_type
lua_gettop
lua_error
lua_pushstring
lua_concat
luaL_error
netapi32
NetApiBufferFree
NetUserEnum
iphlpapi
ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
GetAdaptersAddresses
userenv
GetUserProfileDirectoryW
ws2_32
WSASetLastError
getsockname
ntohs
listen
shutdown
getprotobynumber
getprotobyname
htons
getpeername
closesocket
getsockopt
setsockopt
WSAGetLastError
WSASocketW
GetAddrInfoW
FreeAddrInfoW
bind
connect
ioctlsocket
htonl
socket
WSADuplicateSocketW
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSASend
GetNameInfoW
WSARecvFrom
WSASendTo
select
WSAStartup
dbghelp
SymGetOptions
SymSetOptions
MiniDumpWriteDump
kernel32
DebugBreak
FormatMessageA
LoadLibraryExW
FreeLibrary
K32GetProcessMemoryInfo
SetConsoleTitleW
GetConsoleTitleW
FileTimeToSystemTime
GetProcessIoCounters
GetModuleFileNameW
GetSystemTimePreciseAsFileTime
GetVersionExW
GetTickCount64
GlobalMemoryStatusEx
GetPriorityClass
SetPriorityClass
GetThreadPriority
SetThreadPriority
GetProcessTimes
GetTempPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
WriteConsoleInputW
SetConsoleTextAttribute
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleCursorInfo
GetConsoleCursorInfo
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
WriteConsoleW
ReadConsoleW
ReadConsoleInputW
GetLongPathNameW
SetFileCompletionNotificationModes
CancelIo
SetHandleInformation
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
ReOpenFile
CreateFileMappingA
UnmapViewOfFile
FlushViewOfFile
RtlCaptureContext
GetSystemTimeAsFileTime
GetSystemInfo
DeviceIoControl
SetLastError
SetFileTime
SetFilePointerEx
RemoveDirectoryW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileSizeEx
GetFileInformationByHandle
GetShortPathNameW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
GetDiskFreeSpaceW
FindNextFileW
FindFirstFileW
ReadDirectoryChangesW
GetStdHandle
GetNumberOfConsoleInputEvents
GetStartupInfoW
FindClose
GetNamedPipeServerProcessId
GetNamedPipeClientProcessId
GetNamedPipeHandleStateA
LocalFree
QueueUserWorkItem
SwitchToThread
CancelSynchronousIo
CancelIoEx
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
ConnectNamedPipe
WriteFile
ReadFile
FlushFileBuffers
GetQueuedCompletionStatus
CreateIoCompletionPort
SetErrorMode
SetConsoleCtrlHandler
Sleep
CreateSemaphoreA
SetThreadAffinityMask
GetProcessAffinityMask
GetNativeSystemInfo
GetCurrentProcessorNumber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread
CreateEventA
ReleaseSemaphore
IsDebuggerPresent
GetModuleHandleW
LoadLibraryExA
MapViewOfFile
OpenProcess
CloseHandle
DebugBreakProcess
SetConsoleMode
GetConsoleMode
CreateFileA
ExitThread
GetVersionExA
MultiByteToWideChar
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetComputerNameW
GetCurrentProcessId
GetEnvironmentStringsW
GetFileAttributesW
SetConsoleTitleA
GetConsoleTitleA
GetConsoleWindow
Process32First
TerminateProcess
GetProcessId
CreateToolhelp32Snapshot
Process32Next
CreateNamedPipeA
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
RegisterWaitForSingleObject
UnregisterWaitEx
GetExitCodeProcess
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetACP
GetLocaleInfoA
GetThreadLocale
EnumSystemLocalesA
GetModuleHandleA
GetProcAddress
EnumResourceLanguagesA
GetFileType
GetEnvironmentVariableW
GetCurrentDirectoryW
NeedCurrentDirectoryForExePathW
CreateDirectoryW
CreateFileW
SetFileInformationByHandle
PostQueuedCompletionStatus
WaitForSingleObject
ResumeThread
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
UnregisterWait
LCMapStringW
K32GetModuleBaseNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetEvent
ResetEvent
user32
LoadImageA
GetSystemMetrics
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
MapVirtualKeyW
shell32
SHGetKnownFolderPath
ole32
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
advapi32
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegGetValueW
AllocateAndInitializeSid
FreeSid
SetEntriesInAclA
GetSecurityInfo
SetSecurityInfo
OpenProcessToken
GetUserNameW
RegQueryValueExW
SystemFunction036
RegOpenKeyExW
vcruntime140
memcpy
__current_exception_context
__current_exception
__std_type_info_destroy_list
__C_specific_handler
wcsrchr
wcschr
memchr
memcmp
memmove
memset
strrchr
strstr
strchr
api-ms-win-crt-runtime-l1-1-0
exit
_errno
raise
_getpid
_beginthreadex
terminate
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_set_invalid_parameter_handler
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
__doserrno
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_wassert
strerror
abort
api-ms-win-crt-string-l1-1-0
strcspn
_strdup
strcoll
islower
_wcsdup
isupper
wcsncmp
strncmp
strnlen
isalpha
_wcsrev
_wcsnicmp
isdigit
strspn
isxdigit
wcspbrk
iswctype
isprint
strcmp
isspace
_stricmp
_strnicmp
strncpy
towlower
towupper
tolower
ispunct
iscntrl
isgraph
isalnum
wcsncpy
strtok_s
strpbrk
toupper
api-ms-win-crt-stdio-l1-1-0
_read
__stdio_common_vsprintf
_set_fmode
_close
__p__commode
_dup
__stdio_common_vsnwprintf_s
_open
_getcwd
__acrt_iob_func
fclose
_fileno
__stdio_common_vsprintf_s
fgetc
_ftelli64
fwrite
ungetc
setvbuf
fseek
ftell
_get_osfhandle
fread
_fseeki64
__stdio_common_vsscanf
_setmode
setbuf
__stdio_common_vswprintf
_write
__stdio_common_vfprintf
fflush
fopen
fputc
_open_osfhandle
feof
fgets
getc
ferror
_lseeki64
fputs
putc
api-ms-win-crt-convert-l1-1-0
strtoul
strtoimax
atol
strtod
wcstombs
atoi
wcrtomb
mbrtowc
strtol
api-ms-win-crt-utility-l1-1-0
qsort
bsearch
api-ms-win-crt-time-l1-1-0
strftime
_localtime64
_time64
_mktime64
api-ms-win-crt-math-l1-1-0
log
__setusermatherr
trunc
_fdopen
exp
tanh
round
cosh
asin
_dclass
sinh
floor
pow
cos
ceil
sin
atan
tan
fabs
acos
sqrt
atan2
fmod
log10
api-ms-win-crt-heap-l1-1-0
realloc
free
_set_new_mode
calloc
malloc
api-ms-win-crt-environment-l1-1-0
_putenv_s
getenv
api-ms-win-crt-filesystem-l1-1-0
_fstat64i32
_wrmdir
_umask
_wchmod
api-ms-win-crt-locale-l1-1-0
___mb_cur_max_func
_configthreadlocale
setlocale
Exports
Exports
AppendCharToRedobuff
AppendNumberToRedobuff
AppendToRedobuff
AppendToRedobuffLit
AppendToRedobuffSpec
CancelRedo
Columns
EVALARG_EVALUATE
ExpandBufnames
ExpandCleanup
ExpandGeneric
ExpandInit
ExpandMappings
ExpandOldSetting
ExpandOne
ExpandPackAddDir
ExpandRTDir
ExpandSettingSubtract
ExpandSettings
ExpandStringSetting
FreeWild
FullName_save
IObuff
Insstart
Insstart_orig
KeyDict_buf_attach_get_field
KeyDict_buf_delete_get_field
KeyDict_clear_autocmds_get_field
KeyDict_cmd_get_field
KeyDict_cmd_magic_get_field
KeyDict_cmd_mods_filter_get_field
KeyDict_cmd_mods_get_field
KeyDict_cmd_opts_get_field
KeyDict_complete_set_get_field
KeyDict_context_get_field
KeyDict_create_augroup_get_field
KeyDict_create_autocmd_get_field
KeyDict_echo_opts_get_field
KeyDict_empty_get_field
KeyDict_eval_statusline_get_field
KeyDict_exec_autocmds_get_field
KeyDict_exec_opts_get_field
KeyDict_get_autocmds_get_field
KeyDict_get_commands_get_field
KeyDict_get_extmark_get_field
KeyDict_get_extmarks_get_field
KeyDict_get_highlight_get_field
KeyDict_get_ns_get_field
KeyDict_highlight_cterm_get_field
KeyDict_highlight_get_field
KeyDict_keymap_get_field
KeyDict_ns_opts_get_field
KeyDict_open_term_get_field
KeyDict_option_get_field
KeyDict_redraw_get_field
KeyDict_runtime_get_field
KeyDict_set_decoration_provider_get_field
KeyDict_set_extmark_get_field
KeyDict_user_command_get_field
KeyDict_win_config_get_field
KeyDict_win_text_height_get_field
KeyDict_xdl_diff_get_field
KeyStuffed
KeyTyped
NameBuff
RedrawingDisabled
ResetRedobuff
Rows
State
VIsual
VIsual_active
VIsual_mode
VIsual_reselect
VIsual_select
VIsual_select_reg
_hash_key_removed
aborted_in_try
aborting
add_char2buf
add_defer
add_map
add_pack_start_dirs
add_pathsep
add_quoted_fname
add_timer_info
add_timer_info_all
add_to_history
add_to_showcmd
add_to_showcmd_c
add_win_cmd_modifiers
addfile
addstar
adjust_cursor_col
adjust_cursor_eol
adjust_plines_for_skipcol
adjust_skipcol
after_pathsep
ai_col
alist_add
alist_clear
alist_expand
alist_init
alist_name
alist_new
alist_set
alist_slash_adjust
alist_unlink
allbuf_lock
allbuf_locked
allcap_copy
alloc_block
alloc_typebuf
allow_keys
anyBufIsChanged
api_clear_error
api_dict_to_keydict
api_err_exp
api_err_invalid
api_extmark_free_all_mem
api_free_array
api_free_dictionary
api_free_luaref
api_free_object
api_free_string
api_keydict_to_dict
api_luarefs_free_array
api_luarefs_free_dict
api_luarefs_free_keydict
api_luarefs_free_object
api_metadata
api_metadata_raw
api_new_luaref
api_object_to_bool
api_set_error
api_set_sctx
api_typename
append_arg_number
append_path
append_redir
appended_lines
appended_lines_mark
apply_autocmds
apply_autocmds_exarg
apply_autocmds_group
apply_autocmds_retval
apply_cmdmod
appname_is_valid
approximate_botline_win
arabic_combine
arabic_maycombine
arabic_shape
arena_alloc
arena_alloc_block
arena_alloc_count
arena_allocz
arena_array
arena_dict
arena_finish
arena_mem_free
arena_memdupz
arena_printf
arena_string
arena_take_arraybuilder
arg_all
arg_had_last
arrow_used
ask_yesno
assert_error
au_event_disable
au_event_is_empty
au_event_restore
au_exists
au_get_autocmds_for_event
au_new_curbuf
au_pending_free_buf
au_pending_free_win
aubuflocal_remove
aucmd_del_for_event_and_group
aucmd_exec_copy
aucmd_exec_free
aucmd_exec_to_string
aucmd_next_pattern
aucmd_pattern_length
aucmd_prepbuf
aucmd_restbuf
aucmd_win_vec
augroup_add
augroup_del
augroup_exists
augroup_find
augroup_name
aupat_get_buflocal_nr
aupat_is_buflocal
aupat_normalize_buflocal_pat
auto_format
autocmd_bufnr
autocmd_busy
autocmd_delete_event
autocmd_delete_id
autocmd_fname
autocmd_fname_full
autocmd_match
autocmd_no_enter
autocmd_no_leave
autocmd_register
autocmd_supported
autoload_name
autowrite
autowrite_all
backslash_halve
backslash_halve_save
backspace_until_column
bangredo
base64_decode
base64_encode
bck_word
bckend_word
beep_flush
before_blocking
before_quit_all
before_quit_autocmds
before_set_vvar
beginline
bkc_flags
block_autocmds
block_prep
bo_flags
bomb_size
bot_top_msg
breakat_flags
briopt_check
bt_dontwrite
bt_dontwrite_msg
bt_help
bt_nofile
bt_nofilename
bt_normal
bt_prompt
bt_quickfix
bt_terminal
bufIsChanged
buf_attach_hash
buf_byteidx_to_charidx
buf_charidx_to_byteidx
buf_check_timestamp
buf_clear
buf_clear_file
buf_collect_lines
buf_contents_changed
buf_copy_options
buf_decor_remove
buf_delete_hash
buf_ensure_loaded
buf_free_callbacks
buf_freeall
buf_get_fname
buf_get_text
buf_has_signs
buf_hide
buf_inc_changedtick
buf_init_chartab
buf_is_empty
buf_jump_open_tab
buf_jump_open_win
buf_name_changed
buf_open_scratch
buf_prompt_text
buf_put_decor
buf_put_decor_sh
buf_reload
buf_remove_decor_sh
buf_remove_from_jumplist
buf_set_changedtick
buf_set_file_id
buf_set_name
buf_signcols_count_range
buf_spname
buf_store_file_info
buf_updates_active
buf_updates_changedtick
buf_updates_changedtick_single
buf_updates_register
buf_updates_send_changes
buf_updates_send_end
buf_updates_send_splice
buf_updates_unload
buf_updates_unregister
buf_valid
buf_write
buf_write_all
buffer_del_line
buffer_del_var
buffer_get_line
buffer_get_line_slice
buffer_handles
buffer_insert
buffer_set_line
buffer_set_line_slice
buffer_set_var
buffer_update_callbacks_free
bufhl_add_hl_pos_offset
buflist_add
buflist_altfpos
buflist_findfmark
buflist_findlnum
buflist_findname
buflist_findname_exp
buflist_findnr
buflist_findpat
buflist_getfile
buflist_getfpos
buflist_list
buflist_name_nr
buflist_new
buflist_nr2name
buflist_setfpos
buflist_slash_adjust
bufref_valid
build_statuscol_str
build_stl_str_hl
byte2cells
byte_in_str
call_func
call_func_retlist
call_func_retstr
call_internal_func
call_internal_method
call_shell
call_user_func
call_vim_function
callback_call
callback_call_retnr
callback_copy
callback_free
callback_from_typval
callback_put
callback_reader_free
callback_reader_start
callback_to_string
called_emsg
called_vim_beep
can_abandon
can_add_defer
can_bs
can_close_in_cmdwin
can_compound
can_si
can_si_back
capture_ga
captype
cat_prefix_varname
caught_stack
cause_errthrow
cb_flags
cbuf_to_string
cchar_to_string
ch_before_blocking_events
change_indent
change_warning
changed
changed_bytes
changed_cline_bef_curs
changed_internal
changed_line_abv_curs
changed_line_abv_curs_win
changed_lines
changed_lines_invalidate_buf
changed_lines_redraw_buf
changed_window_setting
changed_window_setting_all
changedir_func
channel_all_info
channel_alloc
channel_close
channel_connect
channel_create_event
channel_decref
channel_from_connection
channel_from_stdio
channel_incref
channel_info
channel_info_changed
channel_init
channel_job_running
channel_job_start
channel_reader_callbacks
channel_send
channel_teardown
channel_terminal_open
channels
char2cells
char_avail
char_from_string
charsize_fast
charsize_nowrap
charsize_regular
charwise_block_prep
check_abbr
check_arg_idx
check_auto_format
check_blending
check_buf_options
check_can_set_curbuf_disabled
check_can_set_curbuf_forceit
check_changed
check_changed_any
check_chars_options
check_colorcolumn
check_compl_option
check_cstack
check_cursor
check_cursor_col
check_cursor_lnum
check_cursor_moved
check_digraph_chars_valid
check_ei
check_end_reg_executing
check_ff_value
check_fname
check_help_lang
check_illegal_path_names
check_internal_func
check_linecomment
check_lnums
check_lnums_nested
check_luafunc_name
check_map
check_need_cap
check_need_swap
check_nextcmd
check_nomodeline
check_opt_wim
check_options
check_overwrite
check_pos
check_redraw
check_redraw_for
check_screensize
check_scrollbind
check_secure
check_signcolumn
check_split_disallowed
check_split_disallowed_err
check_stl_option
check_string_array
check_string_option
check_text_or_curbuf_locked
check_timestamps
check_topfill
check_visual_pos
check_win_options
checkforcmd
checkpcmark
cin_is_cinword
cin_iscase
cin_islabel
cin_isscopedecl
cindent_on
cleanup_conditionals
cleanup_help_tags
cleanup_jumplist
clearFolding
clear_autocmds_hash
clear_cmdline
clear_evalarg
clear_fmark
clear_hl_tables
clear_lval
clear_matches
clear_oparg
clear_sb_text
clear_showcmd
clear_spell_chartab
clear_string_option
clear_virtlines
clear_virttext
clear_winopt
clearmode
clearop
clearopbeep
cloneFoldGrowArray
closeFold
closeFoldRecurse
close_buffer
close_others
close_spellbuf
close_tabpage
close_windows
clr_history
clrallmarks
cmd_exists
cmd_hash
cmd_magic_hash
cmd_mods_filter_hash
cmd_mods_hash
cmd_opts_hash
cmd_screencol
cmd_silent
cmd_source_buffer
cmdcomplete_str_to_type
Sections
.text Size: 3.0MB - Virtual size: 3.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 114KB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 173KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ