c:\savxp\build\symbols\Release\FilterProcessors.pdb
Static task
static1
Behavioral task
behavioral1
Sample
04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
General
-
Target
04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.exe
-
Size
228KB
-
MD5
237cea44927c52ca7720a32a6a98a1e0
-
SHA1
9575b2d835ace98d2eeacdd007697fcefee7f140
-
SHA256
04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f
-
SHA512
e71cc77510883349ad3d2c0c58527b4c1e5cd5b6670eb334d9e2244938dec1c8983390aaac3f13c5ba969459a30807b92296307c612b2082c766ec4f9f2584de
-
SSDEEP
6144:P4xy79GdFJix1j4fedCWP37PYMvEAjnO4:PnouLPYMvBZ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.exe
Files
-
04c7bbe3e81f4229b18ff7a46082c85e1e3d01b834249e1a0c83a76f5a7f326f_NeikiAnalytics.exe.dll regsvr32 windows:4 windows x86 arch:x86
958bd9abee8023fc72c44c3e3beb322b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
InterlockedIncrement
InterlockedDecrement
CloseHandle
ExpandEnvironmentStringsW
lstrcmpiW
LocalFree
SetLastError
GetCurrentThread
lstrcpynW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
QueryDosDeviceW
DeleteCriticalSection
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
GetLogicalDrives
LocalAlloc
FormatMessageW
GetFileAttributesW
lstrcatW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleW
GetProcAddress
GetCurrentProcess
lstrcpyW
MultiByteToWideChar
GetLastError
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetLogicalDriveStringsW
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
user32
LoadStringW
CharUpperBuffW
CharNextW
wsprintfW
advapi32
GetLengthSid
CopySid
EqualSid
OpenProcessToken
IsValidSid
RegEnumValueW
OpenThreadToken
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetTokenInformation
shell32
SHGetDesktopFolder
SHGetMalloc
ole32
CoRevertToSelf
CoGetCallContext
CoTaskMemRealloc
CoTaskMemFree
ProgIDFromCLSID
CoCreateInstance
CoTaskMemAlloc
CoImpersonateClient
StringFromGUID2
oleaut32
SafeArrayDestroy
RegisterTypeLi
UnRegisterTypeLi
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
VariantClear
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayLock
SafeArrayGetVartype
SafeArrayCopy
SafeArrayCreate
SafeArrayRedim
VariantCopyInd
msvcp71
?_Nomemory@std@@YAXXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??Bios_base@std@@QBEPAXXZ
??_D?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
shlwapi
StrRetToStrW
PathFindExtensionW
msvcr71
malloc
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
memset
_callnewh
wcschr
wcstok
wcsncpy
memmove
wcsrchr
_resetstkoflw
_wsplitpath
wcscat
_wmakepath
wcslen
wcsstr
wcspbrk
realloc
wcsncmp
??_V@YAXPAX@Z
_except_handler3
_purecall
vswprintf
_vscwprintf
swprintf
_wcsnicmp
free
_CxxThrowException
wcstoul
_errno
__CxxFrameHandler
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
userenv
UnloadUserProfile
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ