0b2bc129ced745898aaf4faf84039e40_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

0b2bc129ced745898aaf4faf84039e40_NeikiAnalytics
Size

370KB
MD5

0b2bc129ced745898aaf4faf84039e40
SHA1

18a1249fd7534b046bc14fb656ab99e3b477e98d
SHA256

c946f6506f81a991d5608f04079f4df3b0cd0f1edd5ea9cb1e039c128b0a32ef
SHA512

e5e9708164fb48e18a64e06134e7b096f951d679ddec13dcc1ecf15d3521c600d44588b225459d4c724d7523f9ed21f77217763eada31b32a495e755c84cc11e
SSDEEP

6144:jOk/YcV+U5imf1EB08a4X6MdUfwawf0u5ebG9AtMz/DRnFU0w529UWpXHaW1lSm4:ik/YcV+U5imf1EB08a4X6MdUfwaw9ySK

Score

1^/10

Malware Config

Signatures

Files

0b2bc129ced745898aaf4faf84039e40_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

3d77d5f1f591c3236d3b48c18d9b9e10

Code Sign

06:58:f9:a5:68:f8:c5:8c:d6:86:27:79:05:9c:07:92
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

04/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Premiere Pro\, AME\, After Effects\, Speedgrade,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:02:36:89:67:3c:6d:ce:f1:d1:5d:23:27:e7:9d:e0:85:59:d9:88:05:2e:8c:d1:ee:9a:0f:1b:de:79:7d:35
Signer

Actual PE Digest

43:02:36:89:67:3c:6d:ce:f1:d1:5d:23:27:e7:9d:e0:85:59:d9:88:05:2e:8c:d1:ee:9a:0f:1b:de:79:7d:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\ae1612cc\releases\AfterEffects\src\plugin\effect\ShapeBlur\lib\win\release\ShapeBlur.pdb

Imports

u

M_SetIdentityMatrix
M_ScaleMatrix
?U_TranslateAndReportException@@YAHAEAVexception@std@@@Z
M_TranslateMatrix

pf

??0?$PF_HorizontalSumTable@VPF_PixelFloat@@@@QEAA@PEBV?$PF_WorldX@VPF_PixelFloat@@@@HHNNNNNN_NV?$shared_ptr@VPF_ColorSettings@@@boost@@1@Z
?GetLinearBlendingTables@PF_ColorSettings@@QEBAPEAUPF_LinearBlendingTables@@_N@Z
??0?$PF_HorizontalSumTable@VPF_Pixel16@@@@QEAA@PEBV?$PF_WorldX@VPF_Pixel16@@@@HHNNNNNN_NV?$shared_ptr@VPF_ColorSettings@@@boost@@1@Z
??0?$PF_HorizontalSumTable@VPF_Pixel8@@@@QEAA@PEBV?$PF_WorldX@VPF_Pixel8@@@@HHNNNNNN_NV?$shared_ptr@VPF_ColorSettings@@@boost@@1@Z

bee

?GetColorSettings@BEE_CompItem@@QEBA?AV?$shared_ptr@VPF_ColorSettings@@@boost@@XZ
??0ShapeKernel@@QEAA@HMMMMMMPEBUPF_LinearBlendingTables@@_N@Z

msvcp140

?_Id_cnt@id@locale@std@@0HA
_Getcvt
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
_Stoulx
?id@?$ctype@D@std@@2V0locale@2@A
_Getctype
_Stolx
_Stollx
_Stoullx
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
_Mbrtowc
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?do_tolower@?$ctype@D@std@@MEBAPEBDPEADPEBD@Z
??0_Lockit@std@@QEAA@H@Z
?do_toupper@?$ctype@D@std@@MEBAPEBDPEADPEBD@Z
?do_toupper@?$ctype@D@std@@MEBADD@Z
?do_widen@?$ctype@D@std@@MEBAPEBDPEBD0PEAD@Z
?do_widen@?$ctype@D@std@@MEBADD@Z
?do_narrow@?$ctype@D@std@@MEBAPEBDPEBD0DPEAD@Z
?do_narrow@?$ctype@D@std@@MEBADDD@Z
?do_is@?$ctype@_W@std@@MEBAPEB_WPEB_W0PEAF@Z
?do_is@?$ctype@_W@std@@MEBA_NF_W@Z
?do_scan_is@?$ctype@_W@std@@MEBAPEB_WFPEB_W0@Z
?do_scan_not@?$ctype@_W@std@@MEBAPEB_WFPEB_W0@Z
?do_tolower@?$ctype@_W@std@@MEBAPEB_WPEA_WPEB_W@Z
?do_tolower@?$ctype@_W@std@@MEBA_W_W@Z
?do_toupper@?$ctype@_W@std@@MEBAPEB_WPEA_WPEB_W@Z
?do_toupper@?$ctype@_W@std@@MEBA_W_W@Z
?do_widen@?$ctype@_W@std@@MEBAPEBDPEBD0PEA_W@Z
?do_widen@?$ctype@_W@std@@MEBA_WD@Z
?do_narrow@?$ctype@_W@std@@MEBAPEB_WPEB_W0DPEAD@Z
?do_narrow@?$ctype@_W@std@@MEBAD_WD@Z
??_7_Facet_base@std@@6B@
?_Locinfo_ctor@_Locinfo@std@@SAXPEAV12@PEBD@Z
?_Locinfo_dtor@_Locinfo@std@@SAXPEAV12@@Z
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??_7?$ctype@_W@std@@6B@
??_7?$ctype@D@std@@6B@
?do_tolower@?$ctype@D@std@@MEBADD@Z

libmmd

sin
floor
ceil
floorf
ceilf
frexp
pow
ldexp
powf
ldexpf
cos

vcruntime140

__std_terminate
__C_specific_handler
__std_type_info_destroy_list
memset
memcpy
_CxxThrowException
__CxxFrameHandler3
memmove
__std_exception_copy
__std_exception_destroy
_purecall

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_errno

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-convert-l1-1-0

strtof
strtod

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

wcslen
strcspn

api-ms-win-crt-time-l1-1-0

_W_Getmonths
_W_Getdays

kernel32

UnhandledExceptionFilter
GetModuleHandleW
SetUnhandledExceptionFilter
RtlVirtualUnwind
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

Exports

Exports

EffectMainExtra
PluginDataEntryFunction

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_o
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d77d5f1f591c3236d3b48c18d9b9e10

Code Sign

06:58:f9:a5:68:f8:c5:8c:d6:86:27:79:05:9c:07:92Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

43:02:36:89:67:3c:6d:ce:f1:d1:5d:23:27:e7:9d:e0:85:59:d9:88:05:2e:8c:d1:ee:9a:0f:1b:de:79:7d:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

u

pf

bee

msvcp140

libmmd

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 250KB - Virtual size: 250KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 14KB - Virtual size: 14KB

.data1 Size: 21KB - Virtual size: 21KB

_RDATA Size: 4KB - Virtual size: 4KB

.debug_o Size: 12KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

06:58:f9:a5:68:f8:c5:8c:d6:86:27:79:05:9c:07:92
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

43:02:36:89:67:3c:6d:ce:f1:d1:5d:23:27:e7:9d:e0:85:59:d9:88:05:2e:8c:d1:ee:9a:0f:1b:de:79:7d:35
Signer

.text
Size: 250KB - Virtual size: 250KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 14KB - Virtual size: 14KB

.data1
Size: 21KB - Virtual size: 21KB

_RDATA
Size: 4KB - Virtual size: 4KB

.debug_o
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB