443c9883a3b1765a03aa01b8ece42640_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

443c9883a3b1765a03aa01b8ece42640_NeikiAnalytics
Size

925KB
MD5

443c9883a3b1765a03aa01b8ece42640
SHA1

a8b3e34ea4553d9ff1a816cd0fd036196550604b
SHA256

354322e3f7fdd829b75653c9e507c1c0e501a6321ebf1da06171a3aa93b2349c
SHA512

aa5732b89ad42a1a1b4c477b0184906b4be8d482113f32709cda558ee45e44736795d51991cf949b83a4a7d536375ec7aa44067e7414b0a70b96c9baa7dd3310
SSDEEP

24576:h8dwis1sbWTvwarj70Po6ppCzXRiKPxsybmtQh:h8wiZbWTvwarj7yHuU05l

Score

1^/10

Malware Config

Signatures

Files

443c9883a3b1765a03aa01b8ece42640_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

b6bd330575a9ea3683c46ba58a18f64d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:93:d7:47:9f:3c:3b:a4:ff:88:22:3a:92:d4:d7:cf
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

06/12/2021, 00:00

Not After

05/12/2024, 23:59

Subject

CN=John El Self,O=John El Self,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:79:2d:32:15:46:e0:4b:80:88:e9:16:34:79:4b:c9:94:57:4c:9d:10:d5:1b:80:31:2b:37:65:cb:cc:cb:9f
Signer

Actual PE Digest

2a:79:2d:32:15:46:e0:4b:80:88:e9:16:34:79:4b:c9:94:57:4c:9d:10:d5:1b:80:31:2b:37:65:cb:cc:cb:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
SetStdHandle
SetHandleCount
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetEnvironmentVariableA
GetProfileStringA
GetUserDefaultLCID
GetFileType
HeapSize
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
Sleep
CreateDirectoryA
RemoveDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetDriveTypeA
RtlUnwind
GetTickCount
GetCurrentDirectoryA
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
GlobalFlags
GetCurrentThread
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
CloseHandle
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
lstrcpynA
SetLastError
GetModuleFileNameA
LocalFree
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
LockResource
FindResourceA
LoadResource
GlobalUnlock
MulDiv
GlobalFree
GlobalAlloc
GlobalLock
lstrcmpiA
MoveFileA
GetFileAttributesA
lstrcmpA
GetLastError
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
GetACP
FreeLibrary
LoadLibraryA
GetProcAddress
CopyFileA
DeleteFileA
SetCurrentDirectoryA
lstrcpyA
EnumSystemLocalesA
lstrlenA

user32

CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
SetParent
RegisterClipboardFormatA
PostThreadMessageA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
DestroyIcon
RegisterWindowMessageA
IntersectRect
GetWindowPlacement
LoadStringA
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowA
IsIconic
SetForegroundWindow
ReleaseDC
GetWindowLongA
CopyRect
OffsetRect
SystemParametersInfoA
GetDesktopWindow
GetDC
EqualRect
SetRectEmpty
IsWindow
GetWindowRect
SetWindowLongA
CallWindowProcA
GetDlgCtrlID
ValidateRect
InflateRect
UpdateWindow
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
wsprintfA
EnableWindow
PostMessageA
GetClassNameA
LoadCursorA
LoadIconA
DefWindowProcA
SetCapture
SetFocus
ReleaseCapture
SetActiveWindow
GetFocus
GetMenu
GetSubMenu
RemoveMenu
GetUpdateRect
GetClientRect
BeginPaint
GetParent
GetTabbedTextExtentA
LockWindowUpdate
GetSysColorBrush
GetDCEx
EndPaint
GetSystemMetrics
InvalidateRect
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
FillRect
DestroyCursor
CharUpperA
PtInRect
IsZoomed
GetWindowThreadProcessId
WaitMessage
SetRect
WindowFromPoint
KillTimer
SetTimer
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuA
SetCursor
TranslateAcceleratorA
LoadAcceleratorsA
GetCursorPos
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
GetWindowDC
ClientToScreen
wvsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
ModifyMenuA
GetMenuState

gdi32

GetClipBox
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
DeleteObject
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
PtVisible
RectVisible
TextOutA
Escape
CreateDCA
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
GetMapMode
PatBlt
CombineRgn
CreateRectRgnIndirect
DPtoLP
GetViewportOrgEx
AbortDoc
SetAbortProc
LPtoDP
GetBkColor
GetNearestColor
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
BitBlt
SetRectRgn
GetTextExtentPoint32A
GetTextAlign
CreateSolidBrush
ExtTextOutA
SelectObject
CreatePen
GetTextMetricsA
GetObjectA
CreateFontIndirectA
Rectangle
GetDeviceCaps
StartDocA
StartPage
EndPage
EndDoc
CreateDIBitmap
GetTextExtentPointA
GetStockObject

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA
PrintDlgA
CommDlgExtendedError

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
EnumPrintersA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegSetValueA
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExA

shell32

SHGetFileInfoA
DragQueryFileA
DragFinish
ShellExecuteA
ExtractIconA

comctl32

_TrackMouseEvent
ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 664KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6bd330575a9ea3683c46ba58a18f64d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

24:93:d7:47:9f:3c:3b:a4:ff:88:22:3a:92:d4:d7:cfCertificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

2a:79:2d:32:15:46:e0:4b:80:88:e9:16:34:79:4b:c9:94:57:4c:9d:10:d5:1b:80:31:2b:37:65:cb:cc:cb:9fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

imagehlp

Sections

.text Size: 664KB - Virtual size: 660KB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 36KB - Virtual size: 52KB

.rsrc Size: 92KB - Virtual size: 89KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

24:93:d7:47:9f:3c:3b:a4:ff:88:22:3a:92:d4:d7:cf
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

2a:79:2d:32:15:46:e0:4b:80:88:e9:16:34:79:4b:c9:94:57:4c:9d:10:d5:1b:80:31:2b:37:65:cb:cc:cb:9f
Signer

.text
Size: 664KB - Virtual size: 660KB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 36KB - Virtual size: 52KB

.rsrc
Size: 92KB - Virtual size: 89KB