4185af81d338d096f8b10c4e9bbe4890_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

4185af81d338d096f8b10c4e9bbe4890_NeikiAnalytics
Size

773KB
MD5

4185af81d338d096f8b10c4e9bbe4890
SHA1

c3cd88e5859d4efbbca968d3807c2b7957354eed
SHA256

e07cc1f2b7e23113d4ce5c3870561628bee742e8f8555d8d552bf75723eee0ff
SHA512

0ae3307302a5a12e44d6c6e92908bd9a398adf89b21b65699c027ebf3a84032e3fb3c003ba50af6afbf731581fe978b39a3305b74dafcaff5d26fec7b698ee8f
SSDEEP

24576:gBkeFw62HggggMvzmev/6ZEUVoFErEH76:gBke+1ggggMvzm0CyUVoFG

Score

1^/10

Malware Config

Signatures

Files

4185af81d338d096f8b10c4e9bbe4890_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

379673e261ea1e8992a6bc82aed59f8b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:71:36:dc:41:0a:d1:71:dc:5f:12:2f:82:89:76:5d:68:78:f9:4a:14:e2:54:b5:cf:24:7c:36:fe:42:54:fd
Signer

Actual PE Digest

66:71:36:dc:41:0a:d1:71:dc:5f:12:2f:82:89:76:5d:68:78:f9:4a:14:e2:54:b5:cf:24:7c:36:fe:42:54:fd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD\work\67d9289f94964a81\BUILDS\Release\x86\CCUpdate.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

inet_ntoa

ntdll

RtlUnwind
NtSetInformationFile
VerSetConditionMask

kernel32

GetDateFormatW
GetTimeFormatW
GetVersionExW
GetNativeSystemInfo
GlobalMemoryStatusEx
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesExW
GetPrivateProfileSectionW
GetCurrentDirectoryW
GetFileAttributesW
CopyFileW
GetCurrentProcessId
GetFileSizeEx
OutputDebugStringW
SetConsoleCtrlHandler
FreeConsole
ReleaseMutex
AttachConsole
AllocConsole
GetTickCount
FindFirstFileW
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
FindClose
ExpandEnvironmentStringsW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLongPathNameW
GetModuleHandleW
GetCurrentThread
CreateProcessW
GetExitCodeProcess
OpenProcess
TerminateProcess
K32EnumProcesses
K32GetModuleFileNameExW
K32GetProcessImageFileNameW
TerminateThread
VerifyVersionInfoW
GetLocalTime
FileTimeToSystemTime
WritePrivateProfileStringW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
GetFullPathNameW
MoveFileW
GlobalFree
CreateWaitableTimerW
SetWaitableTimer
GetModuleHandleExW
GetCurrentThreadId
CompareStringW
WriteConsoleW
SetLastError
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
QueryPerformanceCounter
WideCharToMultiByte
LoadLibraryExW
DeviceIoControl
VirtualAlloc
VirtualFree
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetEndOfFile
GetPrivateProfileStringW
FindFirstFileExW
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetVersion
FlushFileBuffers
SetEnvironmentVariableW
InitializeCriticalSection
GetSystemTimeAsFileTime
SetFilePointerEx
GetTickCount64
RaiseException
FreeLibraryAndExitThread
ExitThread
CreateThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
GetConsoleCP
SetFilePointer
WriteFile
ReadFile
MultiByteToWideChar
DeleteFileW
MoveFileExW
WaitForSingleObject
CreateDirectoryW
GetTempPathW
CreateEventW
SetEvent
GetCurrentProcess
DuplicateHandle
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
Sleep
SetErrorMode
CloseHandle
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
CreateMutexW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetStdHandle
GetStdHandle
ExitProcess
LCMapStringW
SetConsoleMode
ReadConsoleInputW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
GetCommandLineA
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
IsDebuggerPresent
GetCPInfo
EncodePointer
GetStringTypeW
GetCommandLineW
SystemTimeToFileTime
GetSystemTime
FreeEnvironmentStringsW

advapi32

OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
StartServiceW
ControlService
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
RegOpenKeyExW
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
ImpersonateSelf
OpenThreadToken
RegEnumValueW
RegDeleteValueW
EqualSid
GetTokenInformation
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
RegSetValueExW
RegCreateKeyExW

ole32

CoCreateInstance
CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantInit
VariantCopy

wininet

InternetSetOptionW
InternetOpenW
InternetCanonicalizeUrlW
InternetReadFile
HttpSendRequestExW
InternetCloseHandle
HttpAddRequestHeadersW
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
HttpOpenRequestW
GopherOpenFileW
FtpOpenFileW
HttpSendRequestW
InternetCrackUrlW
InternetConnectW

winhttp

WinHttpSetOption
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpSetCredentials
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpReadData
WinHttpConnect

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidCreate
UuidIsNil

cabinet

ord20
ord23
ord22

dnsapi

DnsFree
DnsQuery_W

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

powrprof

CallNtPowerInformation

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
onexit_register_connector_avast_2

Sections

.text
Size: 517KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

379673e261ea1e8992a6bc82aed59f8b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bbCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

66:71:36:dc:41:0a:d1:71:dc:5f:12:2f:82:89:76:5d:68:78:f9:4a:14:e2:54:b5:cf:24:7c:36:fe:42:54:fdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

ntdll

kernel32

advapi32

ole32

oleaut32

wininet

winhttp

rpcrt4

cabinet

dnsapi

userenv

wtsapi32

powrprof

Exports

Exports

Sections

.text Size: 517KB - Virtual size: 516KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 22KB - Virtual size: 22KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

66:71:36:dc:41:0a:d1:71:dc:5f:12:2f:82:89:76:5d:68:78:f9:4a:14:e2:54:b5:cf:24:7c:36:fe:42:54:fd
Signer

.text
Size: 517KB - Virtual size: 516KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 22KB - Virtual size: 22KB