203c236de49a62b9a3fe6b48d9379790_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

203c236de49a62b9a3fe6b48d9379790_NeikiAnalytics.exe
Size

194KB
MD5

203c236de49a62b9a3fe6b48d9379790
SHA1

ff3eeaddaa4b438dbd24965d1faf68f4765ba39b
SHA256

5cd000de9d84911b5bf9e065b97ae9c8fb82fa5729ae496ea574c47cb896641f
SHA512

021cb9faad3ac2deda860ca4774d862df9c55d1a98375660cdeccf295e5371d5c5fdc930dcc36995e5a77edbd1b8b3a61bc31e53b2603b537837d0d37878fc05
SSDEEP

3072:vbmiL9IbzgRmGG0vTS8TtcNRyKuQ9QgNNj+JTyOZtoCQ3QgYC1:v6iLozgRmGnTSjyK3mgN1QpoCcV

Score

1^/10

Malware Config

Signatures

Files

203c236de49a62b9a3fe6b48d9379790_NeikiAnalytics.exe
.dll regsvr32 windows:10 windows x64 arch:x64

91b4923df90727a246764fd02f331163

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:38:b7:bf:fd:57:1a:54:6e:83:62:ee:ca:cd:8c:75:9b:a6:2e:1b:95:1a:a5:ba:77:be:47:78:3c:de:3f:7f
Signer

Actual PE Digest

68:38:b7:bf:fd:57:1a:54:6e:83:62:ee:ca:cd:8c:75:9b:a6:2e:1b:95:1a:a5:ba:77:be:47:78:3c:de:3f:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

imkrhjd.pdb

Imports

msvcrt

_wcsicmp
wcsnlen
_vsnwprintf_s
_read
wcsncat_s
_vsnprintf_s
_vsnwprintf
_close
_wsopen_s
_wsplitpath_s
_wmakepath_s
_filelength
_wremove
_waccess
_write
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
memmove
memcpy
_CxxThrowException
_callnewh
_resetstkoflw
memmove_s
_purecall
wcscat_s
wcscpy_s
memcpy_s
malloc
wcsncpy_s
free
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

kernel32

SetLastError
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
ReleaseSemaphore
InitializeCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
OutputDebugStringW
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTickCount64
CreateMutexW
InitOnceBeginInitialize
InitOnceComplete
GetVersionExW
LocalFree
SetThreadpoolTimer
CreateThreadpoolTimer
CloseHandle
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
SleepConditionVariableSRW
WakeAllConditionVariable
CompareFileTime
GetFileSize
GetFileInformationByHandle
WriteFile
SetFilePointer
ReadFile
GetFileSizeEx
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
CreateFileW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
FormatMessageW
CreateMutexExW

user32

CharNextW
UnregisterClassA

advapi32

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegQueryValueExW
RegDeleteKeyW
EventActivityIdControl

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadTypeLi
SafeArrayCreate
SysAllocStringLen
SafeArrayPutElement
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayUnlock
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91b4923df90727a246764fd02f331163

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

68:38:b7:bf:fd:57:1a:54:6e:83:62:ee:ca:cd:8c:75:9b:a6:2e:1b:95:1a:a5:ba:77:be:47:78:3c:de:3f:7fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 1024B - Virtual size: 916B

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

68:38:b7:bf:fd:57:1a:54:6e:83:62:ee:ca:cd:8c:75:9b:a6:2e:1b:95:1a:a5:ba:77:be:47:78:3c:de:3f:7f
Signer

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 1024B - Virtual size: 916B