80ff5540549c2e2310bb464bc5266e40_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

80ff5540549c2e2310bb464bc5266e40_NeikiAnalytics.exe
Size

166KB
MD5

80ff5540549c2e2310bb464bc5266e40
SHA1

9f1362e1b00ad16c747a4789a14734e0adf9a9c3
SHA256

3612d5f21501a919432d3539f588c7bc84ded256747291fe3eb95c3416ba5a30
SHA512

18def9fea3533e717d8c984927721ca0ab201411ee72a7afb9ac0278ce0819a438785c1f4883bf1f6f345b3c2d2c03c84cc2560485def2227fa2e84b99baeb70
SSDEEP

3072:DhKPW7d8Z+5cgBCSfGAYfr1RRcNNNO7ykzX/F:DhKcDYDRVyuXN

Score

1^/10

Malware Config

Signatures

Files

80ff5540549c2e2310bb464bc5266e40_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

c771c7e786f1a06b390c2e60a33e4e81

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:1d:53:7a:5d:d6:01:86:57:f6:9b:83:e6:1d:02:7c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

20/09/2024, 23:59

Subject

SERIALNUMBER=4152954,CN=Amazon Web Services\, Inc.,OU=AWS HPC and Visualization - NICE,O=Amazon Web Services\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:2f:64:5f:b8:b7:db:cf:29:dd:fe:ee:34:2e:50:6b:b7:dc:0e:d2:62:db:cf:79:7d:ab:da:b7:73:b1:b5:bc
Signer

Actual PE Digest

b9:2f:64:5f:b8:b7:db:cf:29:dd:fe:ee:34:2e:50:6b:b7:dc:0e:d2:62:db:cf:79:7d:ab:da:b7:73:b1:b5:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

k5sprt64

krb5int_ipc_stream_write_int32
krb5int_ipc_stream_read_uint32
krb5int_ipc_stream_read_int64
krb5int_ipc_stream_write_int64
krb5int_asprintf
krb5int_ipc_stream_read_int32
krb5int_ipc_stream_write_string
krb5int_ipc_stream_read_string
krb5int_ipc_stream_write_uint32
krb5int_ipc_stream_data
krb5int_ipc_stream_write
krb5int_ipc_stream_free_string
krb5int_ipc_stream_size
krb5int_ipc_stream_new
krb5int_ipc_stream_release
krb5int_ipc_stream_read

rpcrt4

RpcStringFreeA
UuidCreate
NdrServerCall2
NdrAsyncClientCall
NdrClientCall2
RpcAsyncInitializeHandle
RpcRaiseException
RpcBindingServerFromClient
RpcServerRegisterAuthInfoA
RpcBindingInqAuthClientA
RpcRevertToSelf
RpcImpersonateClient
RpcMgmtWaitServerListen
RpcServerUseProtseqEpA
RpcServerRegisterIf
RpcServerListen
UuidToStringA
RpcStringBindingParseA
RpcStringBindingComposeA
RpcBindingToStringBindingA
RpcBindingFromStringBindingA
RpcBindingFree

advapi32

LookupAccountSidA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
MakeSelfRelativeSD
IsValidSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetLengthSid
CopySid
AddAccessAllowedAce
SetThreadToken
GetUserNameA
GetTokenInformation
EqualSid
OpenThreadToken
OpenProcessToken

user32

wsprintfA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

GetCurrentProcessId
TlsSetValue
TlsGetValue
DuplicateHandle
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ProcessIdToSessionId
CreateEventA
ResetEvent
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
lstrlenW
lstrlenA
lstrcpynA
FormatMessageA
GetModuleFileNameA
GetSystemTime
GetTimeFormatA
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LoadLibraryA
GetVersionExA
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
CloseHandle
GetLastError
SetEvent
OpenEventA
GetCurrentProcess
GetCurrentThread

vcruntime140

memset
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
__std_exception_copy
__std_exception_destroy
memmove
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
realloc
_set_new_mode
malloc
free

api-ms-win-crt-string-l1-1-0

strlen
strcpy
strncpy
tolower
strcat
_strdup
strcmp
strncat

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
terminate
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
__p___argc
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
exit
abort
_beginthread
_endthread
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_wassert
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
_set_fmode
__stdio_common_vsprintf
__stdio_common_vfprintf

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c771c7e786f1a06b390c2e60a33e4e81

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:1d:53:7a:5d:d6:01:86:57:f6:9b:83:e6:1d:02:7cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b9:2f:64:5f:b8:b7:db:cf:29:dd:fe:ee:34:2e:50:6b:b7:dc:0e:d2:62:db:cf:79:7d:ab:da:b7:73:b1:b5:bcSigner

Headers

DLL Characteristics

File Characteristics

Imports

k5sprt64

rpcrt4

advapi32

user32

msvcp140

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 36KB - Virtual size: 38KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 164B

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:1d:53:7a:5d:d6:01:86:57:f6:9b:83:e6:1d:02:7c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b9:2f:64:5f:b8:b7:db:cf:29:dd:fe:ee:34:2e:50:6b:b7:dc:0e:d2:62:db:cf:79:7d:ab:da:b7:73:b1:b5:bc
Signer

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 36KB - Virtual size: 38KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 164B