c:\nckncyl\mydll\Release\mydll.pdb
Static task
static1
Behavioral task
behavioral1
Sample
ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.dll
Resource
win7-20240508-en
General
-
Target
ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.exe
-
Size
244KB
-
MD5
096c57c1c99345e4d680956282e2f5e0
-
SHA1
ea75c82c608335a1e4ad4394aa7cf1888592c9f3
-
SHA256
ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069
-
SHA512
3d11468c931da53ce303d2beb92b191b8e9a1096e712fcb79840a07069c7f73f8e5291799e38a52f325cda419023ec014b481b005c17bc9413c4a87a7079858d
-
SSDEEP
3072:uwKVw2d7nOHc18WFyBMquAA1fhPKSfAUN3CFPl3ubvD22L2rf1dVEla2xkd0:xKimLOHcTkO6oPKSSuO24WlaK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.exe
Files
-
ae95eab8a8d6f85879e4e7c9492efa695d5ee874f641e546b2ededafffbf4069_NeikiAnalytics.exe.dll windows:4 windows x86 arch:x86
c67a3224aa0ba908c51e50d061198374
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCurrentProcess
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
RaiseException
GlobalFlags
InterlockedIncrement
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WaitForSingleObject
OpenWaitableTimerA
GetCurrentDirectoryA
GetComputerNameA
CreateWaitableTimerA
WideCharToMultiByte
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
SetWaitableTimer
user32
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PostQuitMessage
PostMessageA
GetSubMenu
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
wsprintfA
SetTimer
KillTimer
WaitMessage
SetMenuItemBitmaps
DestroyMenu
GetFocus
ModifyMenuA
RegisterWindowMessageA
WinHelpA
GetCapture
GetMenuItemCount
GetMenuItemID
GetMenuState
SetCursor
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
CopyRect
gdi32
DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
ExtTextOutA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
advapi32
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
comctl32
ord17
shlwapi
PathFindExtensionA
PathFindFileNameA
ws2_32
inet_ntoa
getsockname
recv
send
WSAAsyncSelect
recvfrom
sendto
connect
WSASetLastError
WSAGetLastError
bind
inet_addr
WSAStartup
WSACleanup
closesocket
accept
socket
select
gethostbyname
htonl
htons
oleaut32
VariantClear
VariantChangeType
VariantInit
Exports
Exports
Process
Process_str
Sections
.text Size: 104KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rmnet Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE