b4e2d63f1b46f80f1fda482c10e163d0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

b4e2d63f1b46f80f1fda482c10e163d0_NeikiAnalytics
Size

2.1MB
MD5

b4e2d63f1b46f80f1fda482c10e163d0
SHA1

84b7474021c7d1b6664421edec6f6f97783ab845
SHA256

f8aaef85a2593b0b94e02198d8e6f565b52aa5352fa1fd420914f555cc21666b
SHA512

d8da027e13bcdf150b7ad7e8b92c47dd9569fcd24cdf699e3ab5a271cc584eaf3287bce1a09aada46f05e9b36edda6100693c632eb298790e3ca99cd387b7b95
SSDEEP

49152:XfRW/hc1pCaf5uIUFtNmJTJflTXjndehsiMTpLr6b504tSZ1qO:XfRW/O1ga0v/aZlKgUO

Score

1^/10

Malware Config

Signatures

Files

b4e2d63f1b46f80f1fda482c10e163d0_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

1565a264bcf8913eaf2b6a0d05769e8e

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21
Signer

Actual PE Digest

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21

Digest Algorithm

sha256

PE Digest Matches

false

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21
Signer

Actual PE Digest

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\dbs\el\omr\target\x86\ship\click2run\x-none\c2r32.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteValueW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CreateWellKnownSid
RegNotifyChangeKeyValue
RevertToSelf
OpenThreadToken
OpenProcessToken
GetLengthSid
CopySid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
EqualSid
OpenSCManagerW
CloseServiceHandle
OpenServiceW
StartServiceW

ole32

CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemAlloc
IIDFromString
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree
StringFromCLSID
StringFromGUID2
CoCreateGuid

rpcrt4

NdrClientCall2
RpcMgmtIsServerListening
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingFree

kernel32

GetEnvironmentStringsW
GetCommandLineA
SetStdHandle
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetLocaleInfoW
GetOEMCP
GetACP
HeapReAlloc
GetStdHandle
FreeEnvironmentStringsW
GetConsoleOutputCP
GetConsoleMode
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
SetEnvironmentVariableW
WriteConsoleW
ExitProcess
GetSystemInfo
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
EncodePointer
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
GetFileInformationByHandleEx
GetCurrentProcess
GetModuleHandleExW
InitializeCriticalSectionEx
GetLastError
CompareStringEx
GetProcAddress
DeleteCriticalSection
FreeLibrary
FlsFree
FlsAlloc
IsWow64Process
GetCommandLineW
ExpandEnvironmentStringsW
GetTickCount64
GetModuleFileNameW
GetCurrentProcessId
MultiByteToWideChar
CreateEventExW
CloseHandle
SetEvent
TerminateProcess
GetTempPathW
WerRegisterRuntimeExceptionModule
DisableThreadLibraryCalls
WerUnregisterRuntimeExceptionModule
GetModuleHandleW
Sleep
FindClose
UnmapViewOfFile
MapViewOfFile
SetLastError
OutputDebugStringA
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryW
LCMapStringW
LocalFree
FormatMessageA
LocalAlloc
OpenEventW
GlobalMemoryStatusEx
RaiseException
LoadLibraryExW
GetVersionExW
WideCharToMultiByte
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualProtect
ReleaseSRWLockShared
OpenProcess
GetExitCodeProcess
GetProcessTimes
GetSystemTimeAsFileTime
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
GetUserDefaultLocaleName
IsValidCodePage
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
DeviceIoControl
GetComputerNameW
GetNativeSystemInfo
GetSystemDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
ReleaseMutex
CreateMutexExW
OpenMutexW
WaitForSingleObjectEx
SystemTimeToTzSpecificLocalTime
ResetEvent
GetFileAttributesExW
FindFirstFileExW
WriteFile
GetFileSizeEx
ReadFile
DeleteFileW
FindNextFileW
CreateEventW
WaitForSingleObject
ReleaseSemaphore
CreateThread
WaitForMultipleObjectsEx
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
QueryDepthSList
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
GetLongPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
SetFileAttributesW
GetFileType
SetFilePointerEx
GetOverlappedResult
GetFileTime
SetFileInformationByHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
LocaleNameToLCID
SetEndOfFile
SetFileTime
FlushFileBuffers
CancelIoEx
GetTempFileNameW
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
GetTickCount
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetCurrentThread
GetQueuedCompletionStatus
FlsSetValue
FlsGetValue
IsDebuggerPresent
GetStartupInfoW
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
OutputDebugStringW
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
CreateFileMappingA
GetUserGeoID
K32GetProcessMemoryInfo
FindFirstFileW
GetPriorityClass
GetTimeZoneInformation
IsValidLocale
VirtualQuery
LoadLibraryExA
GetLocalTime
AcquireSRWLockShared
TryAcquireSRWLockExclusive
GetLocaleInfoEx
DecodePointer

Exports

Exports

AddOfficeProduct
AddOfficeProductEx
ApplyCloudPolicy
ApplyCloudPolicyForIdentity
C2rVersion
CheckProcessForCorruption
ClearPropertyBagValue
CollectFileInformation
DeleteAFOScheduledTask
EnableUpdate
EnsureConnection
EnsurePerpetualLicensesFolderExists
FetchDBSLicense
GetInstalledProducts
GetInstalledProductsEx
GetPackageRoot
GetProperty
GetPropertyEx
GetStatusValue
GetStatusValueEx
GetTotalProgress
GetUpdateStatus
HandleError
HandleErrorEx
HandleScheduledHeartbeat
HandleScheduledHeartbeatEx
HrActivate
HrActivateEx
HrApplyUpdatesNow
HrApplyUpdatesNowEx
HrBeginUpdatesDiscoveryPeriod
HrBeginUpdatesDiscoveryPeriodEx
HrDownloadUpdatesNow
HrDownloadUpdatesNowEx
HrGetAreUpdatesCOMManaged
HrGetAreUpdatesEnabled
HrGetAreUpdatesEnabledEx
HrGetAreUpdatesFromAdminSource
HrGetAreUpdatesFromAdminSourceEx
HrGetAreUpdatesLate
HrGetAreUpdatesLateEx
HrGetAreUpdatesReadyForDownload
HrGetAreUpdatesReadyForDownloadEx
HrGetAreUpdatesReadyToApply
HrGetAreUpdatesReadyToApplyEx
HrGetChannelIdForDisplay
HrGetClientFolder
HrGetContainerInstallCommand
HrGetDeviceBasedLicensing
HrGetExecutingScenario
HrGetInstallationPath
HrGetPendingModifyOfficeProducts
HrGetPendingUpdateDeadline
HrGetPendingUpdateDeadlineEx
HrInstallProtectedGraceLicense
HrModifyOfficeProducts
HrRefreshState
HrRegisterForRealtimeExitReporting
HrSetAreUpdatesEnabled
HrSetAreUpdatesEnabledEx
HrSetAreUpdatesFromAdminSource
HrSetAreUpdatesFromAdminSourceEx
HrSetPrivacySettings
HrUpdateNow
HrUpdateNowEx
HrUpdateNowWithParameters
InstallProofOfPurchase
InstallProofOfPurchaseEx
IsClick2Run
IsFileInVirtualFolder
IsOSPPReady
IsOSPPReadyEx
IsRepairRequired
IsRepairRequiredEx
IsRoaming
IsStreaming
Launch
LicenseRepair
MigrateOSPPToSPP
OverridePolicy
ReArm
Repair
RepairEx
SetProperty
SetPropertyBagToken
SetTenantAssociationKey
SetUpdateBranch
SetUpdateUrl
SetUpdateUrlSetByUser
StartFB
StartScenario
UninstallProofOfPurchase
UninstallProofOfPurchaseEx

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1565a264bcf8913eaf2b6a0d05769e8e

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21Signer

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ole32

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 629KB - Virtual size: 629KB

.data Size: 34KB - Virtual size: 39KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 77KB - Virtual size: 77KB

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21
Signer

24:4c:98:d3:6e:35:99:46:76:2d:b6:e8:b5:9c:b9:a9:55:a2:b7:68:7b:0b:04:f0:ee:6c:bd:ad:73:ff:bf:21
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 629KB - Virtual size: 629KB

.data
Size: 34KB - Virtual size: 39KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 77KB - Virtual size: 77KB