69225088516396dc787dbca973e62310_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

69225088516396dc787dbca973e62310_NeikiAnalytics.exe
Size

1.5MB
MD5

69225088516396dc787dbca973e62310
SHA1

0284d7e2d7efc8ce1558660a46e19049b7147b37
SHA256

916c56805657b709283da9b5623ff75792d04767550993c58fe413ff6c29c652
SHA512

af095ea70d9b447cb337ad0dafb0ef560c8b462c92c20150bceca538a909d734c10d15cd13e1560bb39aef0ffb33b2885f54bb08959ab88b277e0ce9cb785c84
SSDEEP

24576:znWKZ/Jji5+wMQy1+KpP7X9UObPU2wbFOdlTfpEBaLJkkLGDZ7rEH7v:yKHji5AZls2wZAr+Ze

Score

1^/10

Malware Config

Signatures

Files

69225088516396dc787dbca973e62310_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

f3dcba3971dfa0300e0d5a5436750597

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/11/2021, 00:00

Not After

09/01/2024, 23:59

Subject

SERIALNUMBER=215-87-21739,CN=iniLINE Co.\, Ltd.,O=iniLINE Co.\, Ltd.,L=Guro-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/11/2021, 00:00

Not After

09/01/2024, 23:59

Subject

SERIALNUMBER=215-87-21739,CN=iniLINE Co.\, Ltd.,O=iniLINE Co.\, Ltd.,L=Guro-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:24:9e:fc:5e:96:56:1e:ee:ff:d1:79:72:66:81:2c:62:09:25:53:dc:b0:64:6d:5c:e8:8b:03:9a:5a:d6:e5
Signer

Actual PE Digest

d7:24:9e:fc:5e:96:56:1e:ee:ff:d1:79:72:66:81:2c:62:09:25:53:dc:b0:64:6d:5c:e8:8b:03:9a:5a:d6:e5

Digest Algorithm

sha256

PE Digest Matches

false

56:0b:ef:87:d7:72:8a:99:42:d0:4a:7f:18:d5:eb:1d:e6:23:0d:6b
Signer

Actual PE Digest

56:0b:ef:87:d7:72:8a:99:42:d0:4a:7f:18:d5:eb:1d:e6:23:0d:6b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Build\CrossEXService\client\projects\windows\Release\CrossEXService.pdb

Imports

kernel32

ReadConsoleInputA
SetConsoleMode
FindFirstFileA
lstrlenW
GetModuleHandleW
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpA
FileTimeToSystemTime
SystemTimeToFileTime
GetModuleFileNameW
GetCurrentProcessId
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedDecrement
InterlockedIncrement
CompareStringW
lstrcmpW
GlobalFlags
FindClose
GetCurrentThreadId
GlobalAddAtomW
LoadLibraryW
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetModuleHandleA
GetVersionExA
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringA
FileTimeToLocalFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetFileType
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetModuleFileNameA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
SetStdHandle
GetConsoleCP
GetConsoleMode
GetProcessHeap
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetDriveTypeA
GetFullPathNameA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
SetLastError
GetStdHandle
GetTickCount
SetHandleInformation
GetCurrentProcess
TerminateProcess
CreateProcessA
GetExitCodeProcess
Sleep
UnregisterWaitEx
RegisterWaitForSingleObject
DisconnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
UnregisterWait
DeleteCriticalSection
CreateEventW
EnterCriticalSection
LeaveCriticalSection
TerminateThread
InitializeCriticalSection
SetEvent
WaitForSingleObject
ExitProcess
LoadLibraryExA
LockResource
GetProcAddress
SizeofResource
WideCharToMultiByte
GetUserDefaultLangID
LoadResource
FreeLibrary
FindResourceW
CloseHandle
ReleaseMutex
SetNamedPipeHandleState
GetLastError
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
lstrlenA
CreateMutexW

user32

RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DestroyMenu
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CallWindowProcW
CopyRect
GetMenu
GetForegroundWindow
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessagePos
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowsHookExW
CallNextHookEx
GetKeyState
PeekMessageW
ValidateRect
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetTopWindow
DestroyWindow
GetMessageTime
GetMessageW
PostQuitMessage
LoadCursorW
TranslateMessage
RegisterClassExW
LoadIconW
LoadStringW
MapWindowPoints
ShowWindow
CreateWindowExW
UpdateWindow
DefWindowProcW
DispatchMessageW
GetWindowTextW

advapi32

RegOpenKeyExA
RegCloseKey
ReportEventA
RegQueryValueExA
DeregisterEventSource
RegisterEventSourceA

ole32

CoTaskMemAlloc
CoTaskMemFree

ws2_32

sendto
setsockopt
closesocket
recv
ntohs
htons
__WSAFDIsSet
bind
socket
getsockname
gethostbyname
send
getsockopt
listen
accept
shutdown
getpeername
WSASetLastError
ioctlsocket
connect
inet_ntoa
WSAStartup
recvfrom
ntohl
htonl
select
WSAGetLastError

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
SetViewportExtEx
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SaveDC
RestoreDC
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetDeviceCaps
SetBkColor
SetTextColor
SetMapMode
GetClipBox

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 991KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3dcba3971dfa0300e0d5a5436750597

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7fCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7fCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d7:24:9e:fc:5e:96:56:1e:ee:ff:d1:79:72:66:81:2c:62:09:25:53:dc:b0:64:6d:5c:e8:8b:03:9a:5a:d6:e5Signer

56:0b:ef:87:d7:72:8a:99:42:d0:4a:7f:18:d5:eb:1d:e6:23:0d:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

ws2_32

version

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 991KB - Virtual size: 991KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 61KB - Virtual size: 84KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 70KB - Virtual size: 69KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d7:24:9e:fc:5e:96:56:1e:ee:ff:d1:79:72:66:81:2c:62:09:25:53:dc:b0:64:6d:5c:e8:8b:03:9a:5a:d6:e5
Signer

56:0b:ef:87:d7:72:8a:99:42:d0:4a:7f:18:d5:eb:1d:e6:23:0d:6b
Signer

.text
Size: 991KB - Virtual size: 991KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 61KB - Virtual size: 84KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 70KB - Virtual size: 69KB