1f160df75b05e29bc10e44345b4f6e80_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

1f160df75b05e29bc10e44345b4f6e80_NeikiAnalytics
Size

582KB
MD5

1f160df75b05e29bc10e44345b4f6e80
SHA1

0370aa0ec56c13cce6ae980fbb17573e50cb11cc
SHA256

8815e244503f5cdbfbfdda71a58219e0baa627c0986e3638d4aedef87170993b
SHA512

5eaa5f311286bc181217cea255418afe1ec989de146b67e90d4470770c18085aa524632fee00a190db52c08131fe6419124085dbd97b545905bc98d2c0206ba8
SSDEEP

6144:GtxpfgMigGBfkpJW23fSRuDztOu9YG7lGhqXPd09OH0O+hebWk:5cccvW23fSR0OSYG78i+OH0OjWk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
1f160df75b05e29bc10e44345b4f6e80_NeikiAnalytics
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/BTAPI.dll
unpack001/out.upx

Files

1f160df75b05e29bc10e44345b4f6e80_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 872KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

488b9c61d28b8855f328d854ae7601be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
IsDBCSLeadByteEx
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
TerminateProcess
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
CreateFileW
Sleep
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
GetCurrentProcess
ExitProcess
lstrcpynW
GetCommandLineW
GlobalReAlloc
CloseHandle
UnmapViewOfFile
CopyFileW

user32

SendMessageW
CharNextW
CharPrevW
FindWindowExW
wsprintfW
CharNextExA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BTAPI.dll
.dll windows:4 windows x86 arch:x86

92ee5d24c83acfcf548793ee043b1322

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\p4\esw\projects\azure\Maglev\src\BME_2026\minios\BlueManager\lib\btapi\Release\BTAPI.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoListExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

kernel32

InterlockedCompareExchange
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateFileW
GetLastError
DeleteCriticalSection
SetUnhandledExceptionFilter
TerminateThread
WaitForSingleObject
DeviceIoControl
GetOverlappedResult
SetEvent
ExitThread
Sleep
CreateThread
InitializeCriticalSection
CreateEventW
GetCurrentProcess
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
CloseHandle

advapi32

RegQueryValueExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExW

msvcr80

_initterm_e
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
malloc
free
memcpy
wcscpy_s
printf
memset
swprintf_s
vsprintf_s
_vsnwprintf_s
_vsnprintf_s
_except_handler4_common
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_crt_debugger_hook
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_onexit

Exports

Exports

BTAVRCP_Connect
BTAVRCP_ConnectRsp
BTAVRCP_CtGetMdaCapabilities
BTAVRCP_CtGetMdaMediaInfo
BTAVRCP_CtGetMdaPlayStatus
BTAVRCP_CtGetMdaPlayerSettingAttrTxt
BTAVRCP_CtGetMdaPlayerSettingValueTxt
BTAVRCP_CtGetMdaPlayerSettingValues
BTAVRCP_CtInformMdaBatteryStatus
BTAVRCP_CtInformMdaCharset
BTAVRCP_CtListMdaPlayerSettingAttrs
BTAVRCP_CtListMdaPlayerSettingValues
BTAVRCP_CtMetadataAbort
BTAVRCP_CtRegisterMdaNotification
BTAVRCP_CtSetMdaPlayerSettingValues
BTAVRCP_Deregister
BTAVRCP_Disconnect
BTAVRCP_PluginDataPassby
BTAVRCP_Register
BTAVRCP_SendCommand
BTAVRCP_SendResponse
BTAVRCP_SetPanelKey
BTAVRCP_TgBindUserChannel
BTAVRCP_TgGetCurrentMdaCharSet
BTAVRCP_TgMetadataAbort
BTAVRCP_TgSetCurrentMdaCharSet
BTAVRCP_TgSetMdaBattStatus
BTAVRCP_TgSetMdaEventMask
BTAVRCP_TgSetMdaMediaAttributesMask
BTAVRCP_TgSetMdaMediaInfo
BTAVRCP_TgSetMdaPlayPosition
BTAVRCP_TgSetMdaPlayStatus
BTAVRCP_TgSetMdaPlayerSetting
BTAVRCP_TgSetMdaPlayerSettingsMask
BTAVRCP_TgSetMdaPlayerStrings
BTAVRCP_TgSetMdaSystemStatus
BTAVRCP_TgSetMdaTrack
BTAVRCP_TgSignalMdaTrackEnd
BTAVRCP_TgSignalMdaTrackStart
BTDDB_AddDevice
BTDDB_BindToACL
BTDDB_FindDevice
BTDDB_GetDeviceInfo
BTDDB_Inquire
BTDDB_QueryNext
BTDDB_QueryStart
BTDDB_UnbindFromACL
BTHFG_BlacklistedRsp
BTHFG_BusyRsp
BTHFG_CallWaiting
BTHFG_CreateAudioLink
BTHFG_CreateServiceLink
BTHFG_DelayedRsp
BTHFG_Deregister
BTHFG_DisconnectAudioLink
BTHFG_DisconnectServiceLink
BTHFG_EnableSniffMode
BTHFG_EnableVoiceRec
BTHFG_GetIndicatorValue
BTHFG_GetSniffExitPolicy
BTHFG_IsCallIdNotifyEnabled
BTHFG_IsCallWaitingActive
BTHFG_IsInbandRingEnabled
BTHFG_IsNRECEnabled
BTHFG_IsSniffModeEnabled
BTHFG_IsVoiceRecActive
BTHFG_NoAnswerRsp
BTHFG_NoCarrierRsp
BTHFG_Register
BTHFG_SendAtResponse
BTHFG_SendCallListRsp
BTHFG_SendCallerId
BTHFG_SendError
BTHFG_SendMicVolume
BTHFG_SendNetworkOperatorRsp
BTHFG_SendOK
BTHFG_SendRing
BTHFG_SendRingToneStatus
BTHFG_SendSpeakerVolume
BTHFG_SendSubscriberNumberRsp
BTHFG_SetIndicatorValue
BTHFG_SetMasterRole
BTHFG_SetSniffExitPolicy
BTHFG_VoiceTagRsp
BTHF_AnswerCall
BTHF_CreateAudioLink
BTHF_CreateServiceLink
BTHF_Deregister
BTHF_DisconnectAudioLink
BTHF_DisconnectServiceLink
BTHF_Hangup
BTHF_Register
BTHF_SendAtCommand
BTME_CancelCreateLink
BTME_CancelInquiry
BTME_CheckRadioFeature
BTME_CheckRemoteFeature
BTME_CheckRemoteHostFeature
BTME_ChngPktType
BTME_CreateLink
BTME_EnableGlobalHandlerUnregister
BTME_ForceDisconnectLinkWithReason
BTME_GetAccessibleModeC
BTME_GetAccessibleModeNC
BTME_GetBdAddr
BTME_GetBtFeatures
BTME_GetBtVersion
BTME_GetChannelClassification
BTME_GetCoexPriority
BTME_GetCurAccessibleMode
BTME_GetCurrentMode
BTME_GetCurrentRole
BTME_GetEventMask
BTME_GetExtInqRemoteDeviceName
BTME_GetExtInqServiceClassList
BTME_GetHciConnectionHandle
BTME_GetHciFatalErrorCount
BTME_GetNumLinks
BTME_GetRemDevCOD
BTME_GetRemDevEncryptState
BTME_GetRemDevState
BTME_GetRemoteDeviceName
BTME_GetStackInitState
BTME_Hold
BTME_Inquiry
BTME_IsGlobalHandlerUnregisterEnabled
BTME_MarkAfhChannels
BTME_MarkWiFiChannel
BTME_QueryProductID
BTME_ReadLocalBdAddr
BTME_RegisterGlobalHandler
BTME_SendHciCommandSync
BTME_SetAccessibleModeC
BTME_SetAccessibleModeNC
BTME_SetChannelClassification
BTME_SetClassOfDevice
BTME_SetCoexPriority
BTME_SetConnectionRole
BTME_SetEventMask
BTME_SetInquiryMode
BTME_SetLocalDeviceName
BTME_SetRemDevCOD
BTME_SetUsbDbgState
BTME_StartPark
BTME_StartParkAll
BTME_StartSniff
BTME_StopPark
BTME_StopParkAll
BTME_StopSniff
BTME_SwitchRole
BTME_UnregisterGlobalHandler
BTRF_AcceptChannel
BTRF_AcceptPortSettings
BTRF_AddServiceRecord
BTRF_AdvanceCredit
BTRF_CloseChannel
BTRF_CreditFlowEnabled
BTRF_DeregisterService
BTRF_DeregisterUser
BTRF_FrameSize
BTRF_ObexSnifferOff
BTRF_ObexSnifferOn
BTRF_OpenClientChannel
BTRF_OpenClientChannelEx
BTRF_QueryForProfile
BTRF_RegisterServerChannel
BTRF_RegisterServerChannelEx
BTRF_RegisterUser
BTRF_RejectChannel
BTRF_RemoteDevice
BTRF_RequestPortSettings
BTRF_RequestPortStatus
BTRF_SendData
BTRF_SendPortSettings
BTRF_SetLineStatus
BTRF_SetModemStatus
BTSDP_CancelQueryServices
BTSDP_Deregister
BTSDP_QueryServices
BTSDP_Register
BTSEC_AddDeviceRecord
BTSEC_AuthenticateLink
BTSEC_AuthorizeServiceB
BTSEC_DeleteDeviceRecord
BTSEC_DisableSecurityMode3
BTSEC_EnableSecurityMode3
BTSEC_EnumDeviceRecords
BTSEC_FindDeviceRecord
BTSEC_GetAuthRequirements
BTSEC_GetBondingMode
BTSEC_GetIoCapabilities
BTSEC_GetLocalOobData
BTSEC_GetProtocolUuid
BTSEC_GetSecurityRecord
BTSEC_GetSimplePairingMode
BTSEC_OobDataReceived
BTSEC_RegisterAuthorizeHandler
BTSEC_RegisterPairingHandler
BTSEC_SetAuthRequirements
BTSEC_SetBondingMode
BTSEC_SetIoCapabilities
BTSEC_SetLinkEncryption
BTSEC_SetPin
BTSEC_UserConfirm
BT_Cleanup
BT_Reset
BT_SetHciDinitFinishEvent
BT_Startup
BT_WaiteHciDinitFinishEvent
INVALID_BDADDR
OS_MemCmp
PMGR_GetConfiguration
PMGR_GetNumServices
PMGR_GetServiceByIndex
PMGR_RegisterMonitor
PMGR_ServiceConnect
PMGR_ServiceCreate
PMGR_ServiceDestroy
PMGR_ServiceDisable
PMGR_ServiceDisconnect
PMGR_ServiceEnable
PMGR_ServiceGetLastConnect
PMGR_ServiceGetStatus
PMGR_ServicePause
PMGR_ServiceResume
PMGR_SetConfiguration
PMGR_UnregisterMonitor
SDPAddAttribute
SDPCommitRecord
SDPCreateRecord
SDPDeleteRecord
SDPKeepClientAlive
SDPQuery
SDPQueryCancel
SetNeedTryOpenDev
Utf8ToWcs
WBTME_HciReadRssi
WBTME_RegisterCallback
WBTME_SendHciCommandAsync
WBTME_SendHciCommandSync
WBTME_SetEventMask
WBTME_UnregisterCallback
WcsToUtf8
bdaddr_ntow
bdaddr_wton

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Epileptology103/Bullpout/Stillelsningsprvers125/Signatures Technical Details.pdf
.pdf
Limean80/Milieuforbrydelse/System.Xml.XPath.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-02-2021 20:09

Not After

10-02-2022 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:28:fb:7f:55:56:63:2c:2f:3c:f4:3b:cd:91:98:30:96:3b:e5:cf:9e:07:c2:c8:18:d0:81:30:0c:5d:09:b3
Signer

Actual PE Digest

2d:28:fb:7f:55:56:63:2c:2f:3c:f4:3b:cd:91:98:30:96:3b:e5:cf:9e:07:c2:c8:18:d0:81:30:0c:5d:09:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\obj\System.Xml.XPath\net6.0-Release\System.Xml.XPath.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Limean80/Milieuforbrydelse/ky.txt
Opdyrkende/Rodge/Ationsdatoernes/Controller/LutComprDLL.dll
.dll windows:5 windows x64 arch:x64

540dcf6f4b0f36a71b6021c642538f46

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:e9:2c:43:e0:63:7a:af:da:3d:52:84:38:92:bf:ba
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-01-2021 00:00

Not After

18-01-2024 23:59

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,OU=Touch Technology Dept Advanced Product R&D Div,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:56:87:f4:45:82:76:63:5c:a9:cd:4d:0d:f9:91:76:d6:6f:db:6d:ad:9a:9c:8f:1c:a1:ee:b8:a2:6d:66:70
Signer

Actual PE Digest

b4:56:87:f4:45:82:76:63:5c:a9:cd:4d:0d:f9:91:76:d6:6f:db:6d:ad:9a:9c:8f:1c:a1:ee:b8:a2:6d:66:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Kelly1076\__HITDisplay__\02_CCT Adjust Algo\_Code\_CCT Code\CCTAdjust\x64\Release\LutComprDLL.pdb

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
CloseHandle
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapReAlloc
LoadLibraryW
LCMapStringW
GetStringTypeW
SetFilePointer
WriteConsoleW
CreateFileW

Exports

Exports

BIOS2LUT
GetHfmInfor
LUT2BIOS
ShowHfmVer
ShowVersion

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Opdyrkende/Rodge/Ationsdatoernes/Controller/Skibsbyggers.Tek61
Pericrania.ver
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 872KB

UPX1 Size: 20KB - Virtual size: 20KB

.rsrc Size: 366KB - Virtual size: 368KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 648B

488b9c61d28b8855f328d854ae7601be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 418B

92ee5d24c83acfcf548793ee043b1322

Headers

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

advapi32

shell32

msvcr80

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 5KB

.shared Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

2d:28:fb:7f:55:56:63:2c:2f:3c:f4:3b:cd:91:98:30:96:3b:e5:cf:9e:07:c2:c8:18:d0:81:30:0c:5d:09:b3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

540dcf6f4b0f36a71b6021c642538f46

UPX0
Size: - Virtual size: 872KB

UPX1
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 366KB - Virtual size: 368KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 418B

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 5KB

.shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

2d:28:fb:7f:55:56:63:2c:2f:3c:f4:3b:cd:91:98:30:96:3b:e5:cf:9e:07:c2:c8:18:d0:81:30:0c:5d:09:b3
Signer

.text
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

61:20:4d:b4:00:00:00:00:00:27
Certificate

04:e9:2c:43:e0:63:7a:af:da:3d:52:84:38:92:bf:ba
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b4:56:87:f4:45:82:76:63:5c:a9:cd:4d:0d:f9:91:76:d6:6f:db:6d:ad:9a:9c:8f:1c:a1:ee:b8:a2:6d:66:70
Signer

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 348KB

.rsrc
Size: 366KB - Virtual size: 365KB