dc2815c12cc35ffa0940280cf1ad0500_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

dc2815c12cc35ffa0940280cf1ad0500_NeikiAnalytics
Size

1.1MB
MD5

dc2815c12cc35ffa0940280cf1ad0500
SHA1

2f738e36a23314b5fe77bb58f27e184541671b5a
SHA256

9a3bfa8e51029e0a35e6358da5272ff3e9fa02159479c882c07c6cbf7e6797a0
SHA512

4cc1e70166e06a72c17ec33a969972e274a36e399b5077ea3e5f0dae9df2d7a6d888dcc8791cec0125e9f04bd6f4539a8e8c9ea65055cb1770897897bfff7783
SSDEEP

24576:DiFVASO0XA4IjavLy/53F9QqvAErjsU8fU8:eFVpwU45sU8fU8

Score

1^/10

Malware Config

Signatures

Files

dc2815c12cc35ffa0940280cf1ad0500_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

f7218d57b50e276c16eb82e3543a0342

Code Sign

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/07/2020, 00:00

Not After

10/07/2023, 23:59

Subject

CN=GLAVSOFT\, OOO,O=GLAVSOFT\, OOO,POSTALCODE=634021,STREET=d. 132 kv. 82\, ul. Altaiskaya,L=Tomsk,ST=Tomskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ea:ba:57:b2:a1:e7:de:b4:24:f1:46:73:4c:c9:4d:fc:f3:51:63:42
Signer

Actual PE Digest

ea:ba:57:b2:a1:e7:de:b4:24:f1:46:73:4c:c9:4d:fc:f3:51:63:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Word\word.pdb

Imports

winmm

timeBeginPeriod
timeEndPeriod

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

kernel32

InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
WideCharToMultiByte
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
HeapSize
HeapReAlloc
SetEndOfFile
DecodePointer
WriteConsoleW
CreatePipe
GetSystemTimeAsFileTime
ReleaseMutex
CreateMutexW
SwitchToThread
ResumeThread
GetProcessTimes
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
MoveFileW
DeleteFileW
GetLogicalDriveStringsW
SetErrorMode
SetFileTime
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
SetFilePointer
GlobalUnlock
GlobalLock
GlobalAlloc
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteFile
ReadFile
LocalAlloc
DisconnectNamedPipe
MapViewOfFile
OpenProcess
SetNamedPipeHandleState
ConnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
GetComputerNameW
GetVersionExW
GetExitCodeProcess
CreateProcessW
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetLastError
FormatMessageW
LocalFree
CreateFileMappingW
ProcessIdToSessionId
CreateThread
WaitForSingleObject
GetUserDefaultUILanguage
GetModuleFileNameW
VirtualAlloc
VirtualProtect
GetModuleFileNameA
SetUnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
CreateFileW
GetCurrentProcess
GetModuleHandleW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceW
LoadResource
LockResource
UnmapViewOfFile
DuplicateHandle
FreeLibrary
GetProcAddress
LoadLibraryW
SetHandleInformation
OpenThread
FreeResource

user32

CloseDesktop
OpenInputDesktop
GetUserObjectInformationW
OpenDesktopW
GetThreadDesktop
SendMessageW
MapWindowPoints
MoveWindow
FindWindowW
ExitWindowsEx
LockWorkStation
CloseWindowStation
EnumDisplayMonitors
ReleaseDC
GetKeyState
VkKeyScanExW
MapVirtualKeyW
GetKeyboardLayout
ToUnicodeEx
UnregisterClassW
SetProcessWindowStation
OpenWindowStationW
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
DispatchMessageW
IsDialogMessageW
RegisterClassW
TranslateMessage
PostQuitMessage
SetTimer
KillTimer
GetDlgItem
LoadMenuW
PostMessageW
TrackPopupMenu
GetSubMenu
SetMenuDefaultItem
RemoveMenu
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
LoadIconW
SetThreadDesktop
SystemParametersInfoW
SendInput
GetForegroundWindow
GetSystemMetrics
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
PeekMessageW
WaitMessage
CallNextHookEx
EnumWindows
IsWindowVisible
GetWindowInfo
FindWindowExW
GetClassNameW
GetDC
DrawIconEx
GetCursorInfo
GetIconInfo
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxParamW
SetWindowLongW
IsWindow
SetClassLongW
EndDialog
CreateDialogParamW
DestroyIcon
GetWindowTextW
InvalidateRect
SetFocus
ShowWindow
SetWindowTextW
GetClientRect
EnumChildWindows

advapi32

RegEnumKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
ImpersonateNamedPipeClient
CopySid
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityInfo
CreateServiceW
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
CreateProcessAsUserW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
OpenThreadToken
LookupAccountSidW
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ord680

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

gethostbyname
ntohl
ntohs
gethostname
htonl
__WSAFDIsSet
accept
bind
closesocket
select
shutdown
listen
getpeername
inet_ntoa
ioctlsocket
setsockopt
WSACleanup
WSAGetLastError
WSAStartup
inet_addr
send
socket
connect
recv
htons
getsockname

comctl32

InitCommonControlsEx

gdi32

CreateDCW
ExtEscape
GetBitmapBits
GetCurrentObject
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
GetDIBits

Sections

.text
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7218d57b50e276c16eb82e3543a0342

Code Sign

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

ea:ba:57:b2:a1:e7:de:b4:24:f1:46:73:4c:c9:4d:fc:f3:51:63:42Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

psapi

kernel32

user32

advapi32

shell32

version

ws2_32

comctl32

gdi32

Sections

.text Size: 770KB - Virtual size: 770KB

.rdata Size: 228KB - Virtual size: 228KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 48KB - Virtual size: 47KB

ff:f7:ca:8b:5e:ea:fd:32:e4:de:3b:6c:44:f5:11:93
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

ea:ba:57:b2:a1:e7:de:b4:24:f1:46:73:4c:c9:4d:fc:f3:51:63:42
Signer

.text
Size: 770KB - Virtual size: 770KB

.rdata
Size: 228KB - Virtual size: 228KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 48KB - Virtual size: 47KB