7a134b11d59384a847ed472ed3206ee0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

7a134b11d59384a847ed472ed3206ee0_NeikiAnalytics
Size

483KB
MD5

7a134b11d59384a847ed472ed3206ee0
SHA1

1295c31363bbccfa50eb94a67b2901ca3c23c957
SHA256

9e98c3acdcc872d88492586d4d7452923013795d2ebedee22ae2d1799f5718af
SHA512

3d66eef03e2a3762d5de0f9666339572ed11a72cccaf84f13db4139c6c97b553fe774727c9dadc8895c9ded000518cbe143f4f994f6100fa7bed58b58eda6c87
SSDEEP

6144:idpJYI8KXiGivCEDITTo4eIjI1QAc2LEFy5V8Zm/yqTshujP:wwI8KyGijUfJpjI1QAhEFEGE3

Score

1^/10

Malware Config

Signatures

Files

7a134b11d59384a847ed472ed3206ee0_NeikiAnalytics
.exe windows:10 windows x64 arch:x64

2b568ce31cf22eba803d0588f291c75b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:83:dd:b3:7f:ad:10:6a:ac:f8:57:3a:6e:7b:0c:2e:f9:21:77:ed:b5:4b:fd:04:f1:87:85:92:c7:ca:11:09
Signer

Actual PE Digest

58:83:dd:b3:7f:ad:10:6a:ac:f8:57:3a:6e:7b:0c:2e:f9:21:77:ed:b5:4b:fd:04:f1:87:85:92:c7:ca:11:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BioEnrollmentHost.pdb

Imports

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
LCMapStringEx

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError

ntdll

NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-com-l1-1-0

CoGetObjectContext
CoGetApartmentType
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetContextToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
CreateSemaphoreExW
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

wincorlib

?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0NullReferenceException@Platform@@QE$AAA@XZ
??0InvalidArgumentException@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0Object@Platform@@QE$AAA@XZ
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
??0Delegate@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@XZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcslen

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-crt-private-l1-1-0

_o___pctype_func
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__calloc_base
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__free_base
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_fmode
_o__wcsdup
_o_abort
_o_exit
_o_free
_o_malloc
_o_realloc
_o_setlocale
_o_terminate
_o_wcstol
__CxxFrameHandler4
__std_terminate
wcsstr
wcsrchr
strchr
__CxxFrameHandler3
_CxxThrowException
__current_exception
__AdjustPointer
__GetPlatformExceptionInfo
__C_specific_handler
__current_exception_context
_o___p__commode
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
_o__set_new_mode
_o__set_app_type
memcpy
memmove

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoFailFastWithErrorContext
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b568ce31cf22eba803d0588f291c75b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

58:83:dd:b3:7f:ad:10:6a:ac:f8:57:3a:6e:7b:0c:2e:f9:21:77:ed:b5:4b:fd:04:f1:87:85:92:c7:ca:11:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

wincorlib

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Sections

.text Size: 322KB - Virtual size: 322KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 19KB - Virtual size: 21KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

58:83:dd:b3:7f:ad:10:6a:ac:f8:57:3a:6e:7b:0c:2e:f9:21:77:ed:b5:4b:fd:04:f1:87:85:92:c7:ca:11:09
Signer

.text
Size: 322KB - Virtual size: 322KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 19KB - Virtual size: 21KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB