77f61678ab859a4be3043ef5bb986420_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

77f61678ab859a4be3043ef5bb986420_NeikiAnalytics.exe
Size

348KB
MD5

77f61678ab859a4be3043ef5bb986420
SHA1

675ad664c85be9889bb870cd6109eeb79329170d
SHA256

48c9e45b43d389ff913b60f23fcd2296c07d0f7ea6005fcef70c0c48990b57eb
SHA512

6bdf3b1b23b7574315561ea1a54e7c2bca9e39a6a88c9319aa85fb827ac19b86ec22ceb19bfedc19cd2c950707579422c178871bb06ee8125c7a4fe7d3cdb2d6
SSDEEP

6144:EQgh9/ivQYWSelO5OxJsgkd2K0nP+lc0BV+UdvrEFp7hKlN:EXQT4xJsPdYP+lvBjvrEH7M

Score

1^/10

Malware Config

Signatures

Files

77f61678ab859a4be3043ef5bb986420_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

b46034780e47302dbbc4cb4f9594f0a5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

38:22:b5:b0:85:ec:63:83:c5:d3:d5:73:52:f0:b8:b7
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

31/03/2023, 00:00

Not After

30/03/2026, 23:59

Subject

SERIALNUMBER=135-81-89111,CN=Interezen. Co.\,Ltd,O=Interezen. Co.\,Ltd,ST=Seoul,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:22:b5:b0:85:ec:63:83:c5:d3:d5:73:52:f0:b8:b7
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

31/03/2023, 00:00

Not After

30/03/2026, 23:59

Subject

SERIALNUMBER=135-81-89111,CN=Interezen. Co.\,Ltd,O=Interezen. Co.\,Ltd,ST=Seoul,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:71:f8:ce:c9:3c:56:f8:92:30:e8:fd:00:3a:74:a2:bd:f4:54:7d:7f:ad:99:6a:cb:eb:03:6d:f0:3e:0b:36
Signer

Actual PE Digest

42:71:f8:ce:c9:3c:56:f8:92:30:e8:fd:00:3a:74:a2:bd:f4:54:7d:7f:ad:99:6a:cb:eb:03:6d:f0:3e:0b:36

Digest Algorithm

sha256

PE Digest Matches

false

cf:0e:80:70:1b:18:7d:7c:6a:56:8a:3a:21:71:57:d8:83:d4:47:13
Signer

Actual PE Digest

cf:0e:80:70:1b:18:7d:7c:6a:56:8a:3a:21:71:57:d8:83:d4:47:13

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ipinside_windows_client\trunk\client\LWS\Windows_original\bin\bin32\I3GMainSvc.pdb

Imports

kernel32

HeapReAlloc
VirtualAlloc
ExitThread
CreateThread
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
VirtualFree
HeapFree
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
GetCurrentProcess
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalUnlock
LocalFree
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
GlobalAddAtomA
GetCurrentThreadId
GetTickCount
SetLastError
OutputDebugStringA
SetConsoleCtrlHandler
ResetEvent
InitializeCriticalSection
WritePrivateProfileStringA
WriteFile
CreateFileA
FormatMessageA
CompareStringA
GetVersion
lstrlenA
MultiByteToWideChar
CompareStringW
lstrcmpiA
EnterCriticalSection
SetEvent
LeaveCriticalSection
InterlockedExchange
DeleteCriticalSection
CreateEventA
WideCharToMultiByte
LoadLibraryA
GetProcAddress
GetLastError
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
Sleep
WaitForSingleObject
FindResourceA
LoadResource
LockResource
SizeofResource
Process32Next
TerminateProcess
OpenProcess
Process32First
CloseHandle
HeapDestroy
CreateToolhelp32Snapshot

user32

ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
ShowWindow
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
ValidateRect
GetCursorPos
DestroyWindow
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
UnhookWindowsHookEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
UnregisterClassA
DestroyMenu
PeekMessageA
GetKeyState
SendMessageA
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
PostQuitMessage
PostMessageA
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetMessageTime

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetMapMode

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

CreateProcessAsUserA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
OpenSCManagerA
UnlockServiceDatabase
LockServiceDatabase
OpenServiceA
EnumServicesStatusA
DeleteService
CreateServiceA
QueryServiceConfigA
QueryServiceStatus
StartServiceA
ControlService
CloseServiceHandle
DeregisterEventSource
RegCreateKeyExA
RegDeleteValueA
RegFlushKey
RegDeleteKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegSetValueExA
OpenProcessToken
RegQueryValueExA
RegCloseKey

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b46034780e47302dbbc4cb4f9594f0a5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

38:22:b5:b0:85:ec:63:83:c5:d3:d5:73:52:f0:b8:b7Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

38:22:b5:b0:85:ec:63:83:c5:d3:d5:73:52:f0:b8:b7Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

42:71:f8:ce:c9:3c:56:f8:92:30:e8:fd:00:3a:74:a2:bd:f4:54:7d:7f:ad:99:6a:cb:eb:03:6d:f0:3e:0b:36Signer

cf:0e:80:70:1b:18:7d:7c:6a:56:8a:3a:21:71:57:d8:83:d4:47:13Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 24KB - Virtual size: 20KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

38:22:b5:b0:85:ec:63:83:c5:d3:d5:73:52:f0:b8:b7
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

38:22:b5:b0:85:ec:63:83:c5:d3:d5:73:52:f0:b8:b7
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

42:71:f8:ce:c9:3c:56:f8:92:30:e8:fd:00:3a:74:a2:bd:f4:54:7d:7f:ad:99:6a:cb:eb:03:6d:f0:3e:0b:36
Signer

cf:0e:80:70:1b:18:7d:7c:6a:56:8a:3a:21:71:57:d8:83:d4:47:13
Signer

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 24KB - Virtual size: 20KB