Static task
static1
Behavioral task
behavioral1
Sample
b2845420a389bc2185856963dfa44124582d1e7aee39de63d0e88cc386db6478_NeikiAnalytics.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral2
Sample
b2845420a389bc2185856963dfa44124582d1e7aee39de63d0e88cc386db6478_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
b2845420a389bc2185856963dfa44124582d1e7aee39de63d0e88cc386db6478_NeikiAnalytics.exe
-
Size
2.7MB
-
MD5
1ecfbf7038c2b7841fdd51d78056dc80
-
SHA1
e1cdea62f008a60dc1b08983a3f491f873e633b3
-
SHA256
b2845420a389bc2185856963dfa44124582d1e7aee39de63d0e88cc386db6478
-
SHA512
d0304bf9c6867e259193f7b3a822181252e24c4a858fdf166217e7861c697c1713ed3643d945a26b42103d91f3f2d0d876b2fe1d6416a3747e2df53da8174b7b
-
SSDEEP
49152:ZR7loMOWVAhCdtFXuL43u4A8UN0uBJQjQsCiTV0fH:ZRROZ2TE0uNn
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b2845420a389bc2185856963dfa44124582d1e7aee39de63d0e88cc386db6478_NeikiAnalytics.exe
Files
-
b2845420a389bc2185856963dfa44124582d1e7aee39de63d0e88cc386db6478_NeikiAnalytics.exe.exe windows:4 windows x64 arch:x64
34b2c065d8484762d7adca4c25612b72
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
eclient64
DeleteInstance
DeleteSession
NewInstance
NewSessionEx
RequestInstance
RetrieveSessionInfo
SystemInfoBlock
ememory64
ShareMemCopy
ShareMemDidAlloc
ShareMemDuplicate
ShareMemFree
ShareMemMalloc
ShareMemMove
ShareMemRealloc
ShareMemSize
advapi32
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptHashData
CryptImportKey
CryptReleaseContext
CryptSignHashW
CryptVerifySignatureW
GetUserNameA
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
crypt32
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy
kernel32
AllocConsole
CloseHandle
CreateEventW
CreateFileA
CreateFileMappingW
CreateMutexW
CreatePipe
CreateProcessA
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetThreadPriority
GetTickCount
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingW
OpenMutexW
PeekNamedPipe
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleTitleA
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetThreadAffinityMask
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
msvcr100
__C_specific_handler
__argc
__getmainargs
__initenv
__p___argv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
_amsg_exit
_atoi64
_beginthreadex
_cexit
_commode
_endthreadex
_fmode
_fpreset
_fullpath
_gcvt
_get_daylight
_get_dstbias
_get_timezone
_get_tzname
_getch
_i64toa
_i64tow
_initterm
_itoa
_itow
_localtime64
_localtime64_s
_ltoa
_ltow
_makepath
_mktime64
_onexit
_set_invalid_parameter_handler
_snprintf
_snwprintf
_snwprintf_s
_splitpath
_stat64
_time64
_ui64toa
_ui64tow
_ultoa
_ultow
_wfullpath
_wmakepath
_wsplitpath
_wtof
_wtoi
_wtoi64
_wtol
atof
atoi
atol
calloc
div
exit
exp
fclose
fopen
fopen_s
fprintf_s
fread
free
fseek
ftell
fwrite
iswdigit
iswxdigit
localeconv
malloc
memcmp
memcpy
memcpy_s
memmove
memset
qsort
qsort_s
rand
realloc
remove
rename
srand
strcmp
strcpy
strftime
strlen
strncpy
tolower
towlower
wcschr
wcscspn
wcsftime
wcslen
wcsncpy
_strrev
_fileno
_filelength
msvcrt
___lc_codepage_func
___mb_cur_max_func
__iob_func
__setusermatherr
_errno
abort
fgetwc
fprintf
iswctype
signal
strncmp
ungetwc
vfprintf
wcstol
wcstoul
rpcrt4
RpcStringFreeA
RpcStringFreeW
UuidFromStringA
UuidFromStringW
UuidToStringA
UuidToStringW
shell32
CommandLineToArgvW
user32
CloseClipboard
DispatchMessageW
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
PeekMessageW
RegisterClipboardFormatA
SetClipboardData
TranslateMessage
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
ws2_32
WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getpeername
getsockname
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket
libgcc_s_seh-1
_Unwind_Resume
libstdc++-6
_ZNKSt11logic_error4whatEv
_ZNKSt12__basic_fileIcE7is_openEv
_ZNKSt13runtime_error4whatEv
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13find_first_ofEPKcyy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcyy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEcy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5rfindEcy
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13find_first_ofEPKwyy
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4findEPKwyy
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE4findEwy
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7compareEPKw
_ZNKSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7compareEyyRKS4_yy
_ZNKSt8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE3putES3_RSt8ios_basecPK2tmPKcSB_
_ZNKSt9type_infoeqERKS_
_ZNSdD2Ev
_ZNSi10_M_extractIjEERSiRT_
_ZNSi10_M_extractIlEERSiRT_
_ZNSi10_M_extractImEERSiRT_
_ZNSi10_M_extractIxEERSiRT_
_ZNSirsERi
_ZNSo3putEc
_ZNSo9_M_insertIlEERSoT_
_ZNSo9_M_insertImEERSoT_
_ZNSolsEi
_ZNSt11logic_errorC1EPKc
_ZNSt11logic_errorC2ERKS_
_ZNSt11logic_errorD1Ev
_ZNSt11logic_errorD2Ev
_ZNSt12__basic_fileIcED1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev
_ZNSt13basic_istreamIwSt11char_traitsIwEE10_M_extractIxEERS2_RT_
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC2ERKS_
_ZNSt13runtime_errorD1Ev
_ZNSt13runtime_errorD2Ev
_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt15basic_streambufIcSt11char_traitsIcEE4syncEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE5imbueERKSt6locale
_ZNSt15basic_streambufIcSt11char_traitsIcEE5uflowEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE6xsgetnEPcx
_ZNSt15basic_streambufIcSt11char_traitsIcEE6xsputnEPKcx
_ZNSt15basic_streambufIcSt11char_traitsIcEE8overflowEi
_ZNSt15basic_streambufIcSt11char_traitsIcEE9pbackfailEi
_ZNSt15basic_streambufIcSt11char_traitsIcEE9showmanycEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE9underflowEv
_ZNSt15basic_streambufIwSt11char_traitsIwEE4syncEv
_ZNSt15basic_streambufIwSt11char_traitsIwEE5imbueERKSt6locale
_ZNSt15basic_streambufIwSt11char_traitsIwEE5uflowEv
_ZNSt15basic_streambufIwSt11char_traitsIwEE6xsgetnEPwx
_ZNSt15basic_streambufIwSt11char_traitsIwEE6xsputnEPKwx
_ZNSt15basic_streambufIwSt11char_traitsIwEE8overflowEt
_ZNSt15basic_streambufIwSt11char_traitsIwEE9pbackfailEt
_ZNSt15basic_streambufIwSt11char_traitsIwEE9showmanycEv
_ZNSt15basic_streambufIwSt11char_traitsIwEE9underflowEv
_ZNSt16invalid_argumentC1EPKc
_ZNSt16invalid_argumentD1Ev
_ZNSt16invalid_argumentD2Ev
_ZNSt6localeC1EPKc
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6localeaSERKS_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_S_copy_charsEPcPKcS7_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE14_M_replace_auxEyyyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEyc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE8_M_eraseEyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEyyPKcy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1ERKS4_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_replaceEyyPKwy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE12_M_constructEyw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE13_S_copy_charsEPwPKwS7_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE14_M_replace_auxEyyyw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6resizeEyw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE7reserveEy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE8_M_eraseEyy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_appendEPKwy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_mutateEyyPKwy
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEEC1ERKS4_
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8__detail15_List_node_base11_M_transferEPS0_S1_
_ZNSt8__detail15_List_node_base4swapERS0_S1_
_ZNSt8__detail15_List_node_base7_M_hookEPS0_
_ZNSt8__detail15_List_node_base9_M_unhookEv
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9basic_iosIwSt11char_traitsIwEE4initEPSt15basic_streambufIwS1_E
_ZNSt9basic_iosIwSt11char_traitsIwEE5clearESt12_Ios_Iostate
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt28__throw_bad_array_new_lengthv
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt9has_facetINSt7__cxx118messagesIcEEEbRKSt6locale
_ZSt9has_facetINSt7__cxx118messagesIwEEEbRKSt6locale
_ZSt9use_facetINSt7__cxx117collateIcEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx117collateIwEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx118messagesIcEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx118messagesIwEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx118numpunctIcEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx118numpunctIwEEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIcEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIwEERKT_RKSt6locale
_ZSt9use_facetISt8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEEERKT_RKSt6locale
_ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZStrsIwSt11char_traitsIwESaIwEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZTISt15basic_streambufIcSt11char_traitsIcEE
_ZTISt15basic_streambufIwSt11char_traitsIwEE
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTTSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTTSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv119__pointer_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSi
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt13basic_istreamIwSt11char_traitsIwEE
_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIwSt11char_traitsIwEE
_ZTVSt16invalid_argument
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZTVSt9basic_iosIwSt11char_traitsIwEE
_ZdaPv
_ZdaPvy
_ZdlPv
_ZdlPvy
_Znay
_Znwy
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_call_unexpected
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__cxa_throw_bad_array_new_length
__dynamic_cast
__gxx_personality_seh0
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 207KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 161KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 253KB - Virtual size: 252KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 49KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 712B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ