Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
6117d83bbbf2facc85bf76137cd8afd0_NeikiAnalytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6117d83bbbf2facc85bf76137cd8afd0_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
Target
6117d83bbbf2facc85bf76137cd8afd0_NeikiAnalytics.exe
Size
494KB
MD5
6117d83bbbf2facc85bf76137cd8afd0
SHA1
9c070a95e1a30feac88249315f95f92e6aea9243
SHA256
f25ea21caed9bc738f045075fb3926041fc0579f8dfeb4bf889e59425b86afeb
SHA512
6c7c19364bcc18d1a60ff564522764543dcf1a4c4dfab8fec8e4447a793f44067f2cee5d3781547db690de57c5fe1801c31ccc09253d67ca32c656b2ac198253
SSDEEP
12288:7R/CKreJJ8XfhyKSgog0YS/1r7IM1QJqn6643ya:78PJJJaob/1rJ18+6j
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
trf.pdb
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptDecodeObject
CryptUnprotectData
CryptProtectData
CertFreeCertificateChain
htonl
inet_addr
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules
GetModuleFileNameExA
GetMappedFileNameA
EnumProcesses
EnumDeviceDrivers
GetProcessMemoryInfo
GetDeviceDriverBaseNameA
StrStrIA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InterlockedExchange
GetProcAddress
LoadLibraryA
GetTickCount
GetCurrentProcess
GetCurrentThread
ResumeThread
GetThreadContext
SuspendThread
SearchPathW
GetSystemDirectoryW
QueryPerformanceCounter
GetModuleHandleA
QueryPerformanceFrequency
InterlockedCompareExchange
InterlockedDecrement
SleepEx
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FreeLibrary
GetModuleFileNameA
MultiByteToWideChar
GetModuleFileNameW
GetFileTime
CreateFileA
GetFullPathNameA
DeleteFileW
MoveFileW
CopyFileW
CreateDirectoryW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsA
FindNextFileA
FindFirstFileA
CompareFileTime
OpenProcess
ReadProcessMemory
ProcessIdToSessionId
GetConsoleWindow
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFileAttributesW
Module32FirstW
Thread32Next
Thread32First
GetExitCodeProcess
CreateProcessA
DeleteFileA
GetProcessId
VirtualQuery
RtlCaptureContext
GetSystemInfo
TerminateProcess
DebugBreak
GetUserDefaultLangID
lstrcpynA
LockResource
LoadResource
FindResourceW
GetModuleHandleW
UnmapViewOfFile
QueryDosDeviceA
GetLogicalDriveStringsA
MapViewOfFile
CreateFileMappingW
GetFileSize
LoadLibraryExW
HeapSetInformation
CreateProcessW
lstrcmpA
CreateFileW
GetVersionExW
GetVersionExA
OpenSemaphoreA
CreateSemaphoreA
CreateEventW
SetEvent
ResetEvent
LockFileEx
UnlockFileEx
FlushInstructionCache
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
RaiseException
LocalAlloc
GetSystemTimeAsFileTime
InterlockedExchangeAdd
GetLastError
LocalFree
InitializeCriticalSection
InterlockedIncrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
WideCharToMultiByte
FormatMessageA
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
Module32NextW
OutputDebugStringA
SetForegroundWindow
GetSystemMenu
DeleteMenu
GetDesktopWindow
GetWindowThreadProcessId
ShowWindow
GetWindowTextA
GetForegroundWindow
EnumDisplayMonitors
MonitorFromPoint
GetParent
EnumWindows
MessageBoxExA
CloseDesktop
GetUserObjectInformationA
GetThreadDesktop
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
PrintWindow
GetClientRect
GetWindowRect
GetDC
GetWindowDC
wsprintfW
MonitorFromWindow
DeleteObject
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
SelectObject
FreeSid
CryptGenRandom
CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
CryptAcquireContextA
InitiateSystemShutdownW
GetSidSubAuthority
ConvertSidToStringSidA
AllocateAndInitializeSid
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetNamedSecurityInfoW
CryptReleaseContext
GetEffectiveRightsFromAclW
SetEntriesInAclW
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorA
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserA
ShellExecuteExA
CoCreateInstance
printf
exit
fprintf
__iob_func
memset
memcpy
fread
_setmode
_fileno
??3@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
sprintf
strncpy
_filelength
feof
fclose
fwrite
_gmtime64
toupper
isspace
strncpy_s
strncmp
tolower
sscanf
strstr
isalnum
_mkgmtime32
sscanf_s
_stricmp
strtok_s
_strdup
??2@YAPAXI@Z
strchr
sprintf_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??_V@YAXPAX@Z
_purecall
_chsize_s
fseek
fflush
_time64
_errno
strcpy_s
_tzset
_vsnprintf_s
isxdigit
isdigit
_wcsicmp
wcsstr
wcscpy_s
wcscat_s
_get_errno
memmove_s
realloc
vsprintf
_snprintf_s
_setjmp3
longjmp
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
_CxxThrowException
wcsrchr
_waccess
_wfullpath
_wstat64i32
_splitpath_s
_wfopen
_wfopen_s
_set_errno
_wchmod
wcsncat_s
wcsncpy_s
_snwprintf_s
swscanf_s
qsort
setvbuf
_fdopen
_open_osfhandle
strncat_s
swprintf_s
_strnicmp
_get_heap_handle
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_wcsdup
clock
?terminate@@YAXXZ
_except_handler4_common
_vsnprintf
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
strtol
atoi
malloc
memcpy_s
free
calloc
strrchr
memmove
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?facet_Register@facet@locale@std@@CAXPAV123@@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
0001
0002
0003
0004
0005
0006
0007
0008
0009
000a
000b
000c
000d
000e
000f
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
001a
001b
001c
001d
001e
001f
0020
0021
0022
0023
0024
0025
0026
0027
0028
0029
002a
002b
002c
002d
002e
002f
0030
0031
0032
0033
0034
0035
0036
0037
0038
0039
003a
003b
003c
003d
003e
003f
0040
0041
0042
0043
0044
0045
0046
0047
0048
0049
004a
004b
004c
004d
004e
004f
0050
0051
0052
0053
0054
0055
0056
0057
0058
0059
005a
005b
005c
005d
005e
005f
0060
0061
0062
0063
0064
0065
0066
0067
0068
0069
006a
006b
006c
006d
006e
006f
0070
0071
0072
0073
0074
0075
0076
0077
0078
0079
007a
007b
007c
007d
007e
007f
0080
0081
0082
0083
0084
0085
0086
0087
0088
0089
008a
008b
008c
008d
008e
008f
0090
0091
0092
0093
0094
0095
0096
0097
0098
0099
009a
009b
009c
009d
009e
009f
00a0
00a1
00a2
00a3
00a4
00a5
00a6
00a7
00a8
00a9
00aa
00ab
00ac
00ad
00ae
00af
00b0
00b1
00b2
00b3
00b4
00b5
00b6
00b7
00b8
00b9
00ba
00bb
00bc
00bd
00be
00bf
00c0
00c1
00c2
00c3
00c4
00c5
00c6
00c7
00c8
00c9
00ca
00cb
00cc
00cd
00ce
00cf
00d0
00d1
00d2
00d3
00d4
00d5
00d6
00d7
00d8
00d9
00da
00db
00dc
00dd
00de
00df
00e0
00e1
00e2
00e3
00e4
00e5
00e6
00e7
00e8
00e9
00ea
00eb
00ec
00ed
00ee
00ef
00f0
00f1
00f2
00f3
00f4
00f5
00f6
00f7
00f8
00f9
00fa
00fb
00fc
00fd
00fe
00ff
0100
0101
0102
0103
0104
0105
0106
0107
0108
0109
010a
010b
010c
010d
010e
010f
0110
0111
0112
0113
0114
0115
0116
0117
0118
0119
011a
011b
011c
011d
011e
011f
0120
0121
0122
0123
0124
0125
0126
0127
0128
0129
012a
012b
012c
012d
012e
012f
0130
0131
0132
0133
0134
0135
0136
0137
0138
0139
013a
013b
013c
013d
013e
013f
0140
0141
0142
0143
0144
0145
0146
0147
0148
0149
014a
014b
014c
014d
014e
014f
0150
0151
0152
0153
0154
0155
0156
0157
0158
0159
015a
015b
015c
015d
015e
015f
0160
0161
0162
0163
0164
0165
0166
0167
0168
0169
016a
016b
016c
016d
016e
016f
0170
0171
0172
0173
0174
0175
0176
0177
0178
0179
017a
017b
017c
017d
017e
017f
0180
0181
0182
0183
0184
0185
0186
0187
0188
0189
018a
018b
018c
018d
018e
018f
0190
0191
0192
0193
0194
0195
0196
0197
0198
0199
019a
019b
019c
019d
019e
019f
01a0
01a1
01a2
01a3
01a4
01a5
01a6
01a7
01a8
01a9
01aa
01ab
01ac
01ad
01ae
01af
01b0
01b1
01b2
01b3
01b4
01b5
01b6
01b7
01b8
01b9
01ba
01bb
01bc
01bd
01be
01bf
01c0
01c1
01c2
01c3
01c4
01c5
01c6
01c7
01c8
01c9
01ca
01cb
01cc
01cd
01ce
01cf
01d0
01d1
01d2
01d3
01d4
01d5
01d6
01d7
01d8
01d9
01da
01db
01dc
01dd
01de
01df
01e0
01e1
01e2
01e3
01e4
01e5
01e6
01e7
01e8
01e9
01ea
01eb
01ec
01ed
01ee
01ef
01f0
01f1
01f2
01f3
01f4
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ