8f6cabbd0e0476ca4368a3dd2dfdc614f2f004bea80098e6a4b32010b716c14c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8f6cabbd0e0476ca4368a3dd2dfdc614f2f004bea80098e6a4b32010b716c14c_NeikiAnalytics.exe
Size

3.0MB
MD5

581c757dda21e305839a836efa87a6f0
SHA1

0c18b4b04c6594bb43a18071a7e7c380a7a61bf6
SHA256

8f6cabbd0e0476ca4368a3dd2dfdc614f2f004bea80098e6a4b32010b716c14c
SHA512

53cc33dbce1536b67abd32e8a7f4c2d8b8e1568cadc7a2e30f421e657c1de02c828095a25dc71677fa9e2547f46f4770e4bed87114ca416b55e32cf6258abeb1
SSDEEP

49152:qjy7KWVSmKIWnNvQcqAZmtBcgSYEN8AT0Ti9Ev7aP4sw0A3E:+yvWI4ecscRYEN8AT0Ti9Ev+P4EA3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f6cabbd0e0476ca4368a3dd2dfdc614f2f004bea80098e6a4b32010b716c14c_NeikiAnalytics.exe

Files

8f6cabbd0e0476ca4368a3dd2dfdc614f2f004bea80098e6a4b32010b716c14c_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x64 arch:x64

1808f84d4c4dfefe3a39d807fa651da8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\qb\workspace\26444\source\Build\mfts\x64\__bin\Release\mfx_mft_av1hve_64_full.pdb

Imports

mfplat

MFCreateDXSurfaceBuffer
MFCreateTrackedSample
MFCreateAttributes
MFCreateDXGIDeviceManager
MFCreateMediaEvent
MFTUnregister
MFCreateMemoryBuffer
MFCreateEventQueue
MFCreateMediaType
MFPutWorkItem
MFAllocateSerialWorkQueue
MFUnlockWorkQueue
MFTRegister

propsys

PropVariantCompareEx
VariantCompare
PSCreateMemoryPropertyStore

d3d11

D3D11CreateDevice

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

kernel32

DecodePointer
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
ReadConsoleW
ReadFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetTimeZoneInformation
GetCommandLineW
GetLocalTime
GetModuleFileNameW
GetConsoleMode
GetConsoleCP
WriteFile
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage
GetCurrentProcess
GetCurrentThreadId
K32GetProcessMemoryInfo
GetACP
GetOEMCP
GetCommandLineA
FlushFileBuffers
EnumSystemLocalesW
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
CreateSemaphoreExW
WaitForMultipleObjects
GetProcessTimes
GetSystemInfo
LocalFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize
WideCharToMultiByte
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
WriteConsoleW
OutputDebugStringW
Sleep
GetModuleHandleExW
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetThreadErrorMode
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SwitchToThread
HeapDestroy
WaitForSingleObjectEx
SetCurrentDirectoryW
HeapAlloc
HeapReAlloc
HeapFree
CreateFileA
GetCurrentThread
ExitProcess
RaiseException
RtlUnwind
DeviceIoControl
GetSystemDirectoryA
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
FormatMessageA
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SetFileTime
FormatMessageW
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

ole32

CoInitializeEx
CoInitializeSecurity
StringFromGUID2
CoTaskMemFree
PropVariantClear
StringFromCLSID
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear
VariantInit
SysAllocString

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegEnumKeyExW
ConvertStringSidToSidW
BuildTrusteeWithSidW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
RegDeleteValueW
RegGetValueW
RegDeleteKeyExW
RegCreateKeyExW
EventWrite
EventUnregister
EventRegister
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Open_DevNode_Key

dxgi

CreateDXGIFactory

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRSCODE
Size: 832KB - Virtual size: 832KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1808f84d4c4dfefe3a39d807fa651da8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfplat

propsys

d3d11

api-ms-win-core-path-l1-1-0

kernel32

ole32

oleaut32

advapi32

version

setupapi

dxgi

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

TRSCODE Size: 832KB - Virtual size: 832KB

.rdata Size: 531KB - Virtual size: 531KB

.data Size: 30KB - Virtual size: 125KB

.pdata Size: 97KB - Virtual size: 97KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 1.4MB - Virtual size: 1.4MB

TRSCODE
Size: 832KB - Virtual size: 832KB

.rdata
Size: 531KB - Virtual size: 531KB

.data
Size: 30KB - Virtual size: 125KB

.pdata
Size: 97KB - Virtual size: 97KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB