31764bee9b6ad33ba6f0866aae37cf66dc6a8e5e5896aec0220fcfb6b89bdfc7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

31764bee9b6ad33ba6f0866aae37cf66dc6a8e5e5896aec0220fcfb6b89bdfc7_NeikiAnalytics.exe
Size

2.8MB
MD5

aceb022797f247df6060085bef9d9680
SHA1

f00ebb159a86cea02a8bc5eabdef1af27762fc1a
SHA256

31764bee9b6ad33ba6f0866aae37cf66dc6a8e5e5896aec0220fcfb6b89bdfc7
SHA512

6be8c9d518202a4597fa943bd99bd1e53129a4fc91e5e899ae0c30052381812ea1ba240b5d1a7fa76e3dccc70a024933314f6f0a3719333835b5e8b76fc41668
SSDEEP

49152:WREhdtW2lcrpnsGdbUideqG8xiECkaPiXp8kE:3r8NBsS8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31764bee9b6ad33ba6f0866aae37cf66dc6a8e5e5896aec0220fcfb6b89bdfc7_NeikiAnalytics.exe

Files

31764bee9b6ad33ba6f0866aae37cf66dc6a8e5e5896aec0220fcfb6b89bdfc7_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

edd6ded4cc9100f948f193f60f97e1c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\qb\workspace\21461\source\output\dump64\media\media_driver\Release\igd12dxvaddi64.pdb

Imports

kernel32

CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
GetCurrentThreadId
CreateEventExA
CloseHandle
OpenEventA
GetCurrentProcess
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
GetProcessId
GetModuleHandleA
GetCurrentProcessId
WaitForThreadpoolWaitCallbacks
LoadLibraryExA
GetLastError
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
ExpandEnvironmentStringsA
SetEndOfFile
WriteConsoleW
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadFile
WriteFile
DeviceIoControl
GetEnvironmentVariableA
CreateDirectoryA
CreateFileA
GetFileSize
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseSemaphore
WaitForMultipleObjectsEx
CreateSemaphoreExW
GetThreadId
GetSystemInfo
UnmapViewOfFile
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringW
GetModuleFileNameA
ResetEvent
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
FormatMessageA
WideCharToMultiByte
GetSystemTimePreciseAsFileTime
LocalFree
GetLocaleInfoEx
EncodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwind
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetCurrentThread
HeapFree
HeapAlloc
GetStdHandle
GetFileType
HeapReAlloc
HeapSize
HeapQueryInformation
GetTempPathW
IsThreadAFiber
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
SetConsoleCtrlHandler
FindClose

advapi32

EventWrite
EventRegister
RegGetValueA
RegCreateKeyExA
EventUnregister
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegCloseKey

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2

oleaut32

VariantInit
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
VariantClear

setupapi

CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_ListW

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err

Exports

Exports

?MosGetMemNinjaCounter@MosUtilities@@SAHXZ
?MosGetMemNinjaCounterGfx@MosUtilities@@SAHXZ
?MosSetUltFlag@MosUtilities@@SAXE@Z
DumpRegistryKeyDefinitions
DumpRegistryKeyDefinitions3
GTPin_Init
MOS_GetMemNinjaCounter
MOS_GetMemNinjaCounterGfx
MOS_SetUltFlag
OpenDxva12

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edd6ded4cc9100f948f193f60f97e1c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

setupapi

api-ms-win-devices-config-l1-1-1

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 438KB - Virtual size: 437KB

.data Size: 91KB - Virtual size: 125KB

.pdata Size: 103KB - Virtual size: 103KB

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 438KB - Virtual size: 437KB

.data
Size: 91KB - Virtual size: 125KB

.pdata
Size: 103KB - Virtual size: 103KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 14KB - Virtual size: 14KB