815123abccbfadf0e0052ef2addd28cb158d637dc546aec509dd604cef922bc5_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

815123abccbfadf0e0052ef2addd28cb158d637dc546aec509dd604cef922bc5_NeikiAnalytics.exe
Size

1.4MB
MD5

aceb6b0ec40a0981275126fd6faeabd0
SHA1

2e947840f745ed3f42c329b7b4d675799b781450
SHA256

815123abccbfadf0e0052ef2addd28cb158d637dc546aec509dd604cef922bc5
SHA512

694a6659c0c1922600dcf7264632f26f3f3bb517f116e023dba3486257da20821872e51f866543a2151ba23757ad153dd8367551f35a92bacdd1e9c4c617f4e8
SSDEEP

12288:xDe3vkVu4WAAzf9mKAJcOsmAFafW5cq1sRKTZiyTuWDXirj6D63H8mwuzPKs:QbAscKAqWM9XGj6msmwuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
815123abccbfadf0e0052ef2addd28cb158d637dc546aec509dd604cef922bc5_NeikiAnalytics.exe

Files

815123abccbfadf0e0052ef2addd28cb158d637dc546aec509dd604cef922bc5_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

38607850ac7b51b0fd53f5b41f5c2ee9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\csgo_src\src\build\datacache\RelWithDebInfo\datacache.pdb

Imports

tier0

Plat_ExitProcess
WriteMiniDump
g_pMemAlloc
Error
Msg
GetCPUInformation
?SpinLockForRead@CThreadSpinRWLock@@QAEXXZ
?SpinLockForWrite@CThreadSpinRWLock@@QAEXXZ
?ConMsg@@YAXPBDZZ
GetThreadedLoadLibraryFunc
ReleaseThreadHandle
StackToolsNotify_LoadedLibrary
CommandLine
LOG_GENERAL
LoggingSystem_Log
LoggingSystem_IsChannelEnabled
?Set@CThreadLocalBase@GenericThreadLocals@@QAEXPAX@Z
??1CThreadLocalBase@GenericThreadLocals@@QAE@XZ
??0CThreadLocalBase@GenericThreadLocals@@QAE@XZ
CallAssertFailedNotifyFunc
DoNewAssertDialog
ShouldUseNewAssertDialog
_ExitOnFatalAssert
LoggingSystem_LogAssert
??1CThreadMutex@@QAE@XZ
??0CThreadMutex@@QAE@XZ
??1CThreadEvent@@QAE@XZ
?Wait@CThreadEvent@@QAE_NI@Z
?Reset@CThreadEvent@@QAE_NXZ
?Set@CThreadEvent@@QAE_NXZ
??0CThreadEvent@@QAE@_N@Z
ThreadSetDebugName
ThreadInMainThread
CreateSimpleThread
?DevWarning@@YAXPBDZZ
DevMsg
Plat_MSTime
Plat_FloatTime
?g_nThreadID@@3V?$CThreadLocalInt@H@GenericThreadLocals@@A
?Lock@CThreadFastMutex@@ACEXII@Z
?Get@CThreadLocalBase@GenericThreadLocals@@QBEPAXXZ
ThreadInterlockedAssignIf64
ThreadSleep
?DevMsg@@YAXPBDZZ
Warning
Plat_IsInDebugSession

vstdlib

RandomFloat
RandomSeed
KeyValuesSystem

kernel32

ReleaseSRWLockExclusive
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
SetConsoleCtrlHandler
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DecodePointer
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
GetFileType
GetStdHandle
GetCurrentThread
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
GetDriveTypeW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
WaitForSingleObject
GetCurrentProcessId
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExA
CreateFileMappingA
OpenFileMappingA
TlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WriteConsoleW
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

Exports

Exports

CreateInterface

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38607850ac7b51b0fd53f5b41f5c2ee9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tier0

vstdlib

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 64KB - Virtual size: 298KB

.idata Size: 5KB - Virtual size: 5KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 64KB - Virtual size: 298KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB