0615b929706fad33e4a8d6d7f6ce3070_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0615b929706fad33e4a8d6d7f6ce3070_NeikiAnalytics.exe
Size

730KB
MD5

0615b929706fad33e4a8d6d7f6ce3070
SHA1

3303eec3933b648f26b7e887249efc43b554dded
SHA256

87b132a7fae696fba8d4a8ebacde07c636071dce15cb5be0b5c7e00fb8aed51b
SHA512

83902d9f5ab0a493f87e77f700cf05bc3e18ab69fb8ff51d000e743af07d4fa6a4e1ce401f0ca510376fa4ed43f1f267df5d5b1401db5a0021f9d8ee3cf1e6f9
SSDEEP

12288:zZGCyRL1nB/tkUB9Y2vM5wc9cdHGFWuuWA/kDNG9BjvrEH7st:ABtkUw2U5l/FWuup/kpGTrEH7st

Score

1^/10

Malware Config

Signatures

Files

0615b929706fad33e4a8d6d7f6ce3070_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

089fdf4dd4a886dc33dc6a1316234518

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

02-10-2022 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

02-10-2022 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:55:58:10:91:92:72:4c:1c:6c:8b:9d:e6:be:5d:4a:a5:42:76:d4:b0:e3:18:b4:66:63:28:76:ad:37:26:79
Signer

Actual PE Digest

ea:55:58:10:91:92:72:4c:1c:6c:8b:9d:e6:be:5d:4a:a5:42:76:d4:b0:e3:18:b4:66:63:28:76:ad:37:26:79

Digest Algorithm

sha256

PE Digest Matches

false

79:b4:05:a0:77:b7:46:e3:c4:39:cd:c2:6f:06:ec:34:89:08:e9:65
Signer

Actual PE Digest

79:b4:05:a0:77:b7:46:e3:c4:39:cd:c2:6f:06:ec:34:89:08:e9:65

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TBNet\SecurePt\Output\Release\NTFSUtil.pdb

Imports

ntfslib

?GetDiskDeviceNumber@CNTFSLib@@SGHPAUIManager@@PAUIManagerItem@@AAH@Z
?LoadSetting@CHardDriveIO@@SAXAAVCHardDriveIOSetting@@@Z
??0CHardDriveIOSetting@@QAE@PAUIManager@@PAVIDevice@@@Z
??0CHardDriveIO@@QAE@XZ
??1CStorageIO@@UAE@XZ
?OpenVolume@CStorageIO@@UAEHPBD@Z
?ReadSector@CStorageIO@@UAEHPAE_JK1@Z
??1CHardDriveIO@@UAE@XZ
?Read@CHardDriveIO@@UAEHPAE_JK@Z
?WriteSector@CHardDriveIO@@UAEHPAE_JK1@Z
?VerifySector@CHardDriveIO@@UAEH_J0@Z
?OpenDisk@CHardDriveIO@@UAEHH@Z
?CloseDisk@CHardDriveIO@@UAEHXZ
?GetGeometryInfo@CHardDriveIO@@UAEHPAUtagGEOMETRY_INFO@@@Z
?GetHardDriveNumber@CHardDriveIO@@UAEHAAH@Z
?SetDevice@CHardDriveIO@@UAEXPAVIDevice@@@Z
?GetDevice@CHardDriveIO@@UAEPAVIDevice@@XZ
?IsVolumeDevice@CHardDriveIO@@UAEHXZ
?GetSectorSize@CHardDriveIO@@UAEKXZ
??1CVolumeIO@@UAE@XZ
?OpenVolume@CVolumeIO@@UAEHPBD@Z
?ReadSector@CVolumeIO@@UAEHPAE_JK1@Z
??1CHardDriveIOSetting@@UAE@XZ

callbackoperator

??1CCallBackOperate@@QAE@XZ
?DoMessageLoop@CCallBackOperate@@QAEKXZ
?StartChildOperation@CCallBackOperate@@QAEKKK@Z
?EndCurChildOperation@CCallBackOperate@@QAEKXZ
?SetCurChildOperationValue@CCallBackOperate@@QAEKK@Z
??0CCallBackOperate@@QAE@P6GKPAUtagOC_PARAM@@PAX@Z1@Z

kernel32

GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
InterlockedExchange
ReadFile
WriteFile
SetFilePointerEx
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
DeviceIoControl
CloseHandle
InterlockedCompareExchange
Sleep
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?max_size@?$allocator@D@std@@QBEIXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr90

_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__RTDynamicCast
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
memcpy
_CxxThrowException
_amsg_exit
memmove_s
mbstowcs
vsprintf
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
strcpy_s
_purecall
??3@YAXPAX@Z
strcat_s
??2@YAPAXI@Z
memmove
wcsncpy_s
_wcsnicmp
setlocale
wcscpy_s
?terminate@@YAXXZ
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
_malloc_crt
free
_encoded_null
_initterm
_initterm_e

Exports

Exports

??0CHardDriveIO@@QAE@ABV0@@Z
??0CHardDriveIOSetting@@QAE@ABV0@@Z
??0CStorageIO@@QAE@ABV0@@Z
??0CVolumeIO@@QAE@ABV0@@Z
??0IDevice@@QAE@ABV0@@Z
??0IDevice@@QAE@XZ
??1IDevice@@UAE@XZ
??4CCallBackOperate@@QAEAAV0@ABV0@@Z
??4CHardDriveIO@@QAEAAV0@ABV0@@Z
??4CHardDriveIOSetting@@QAEAAV0@ABV0@@Z
??4CNTFSLib@@QAEAAV0@ABV0@@Z
??4CStorageIO@@QAEAAV0@ABV0@@Z
??4CVolumeIO@@QAEAAV0@ABV0@@Z
??4IDevice@@QAEAAV0@ABV0@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??_7CHardDriveIO@@6B@
??_7CHardDriveIOSetting@@6B@
??_7CStorageIO@@6B@
??_7CVolumeIO@@6B@
??_7IDevice@@6B@
?GetTotalSecs@CStorageIO@@UAE_JXZ
?GetTotalSecs@CVolumeIO@@UAE_JXZ
?IfMustUseNTFSUtilCopy@@YG_NPAUIManager@@PAUIManagerItem@@1PAVIDevice@@@Z
?IfMustUseNTFSUtilCopy@@YG_NPAVIDevice@@0@Z
?NTFSChkdsk@@YGKPAVIDevice@@@Z
?NTFSFileClean@@YGKPAVIFDMount@@PB_WHIPAVIExcludeFilter@@PAH@Z
?NTFSFileFilter@@YGKPAVIDevice@@PAVIFileFilter@@@Z
?NTFSUtilCalcUsedSizeWhenSectorSizeChanged@@YGKPAVIDevice@@HAA_K@Z
?NTFSUtilCopyVolume2@@YGKP6GKPAUtagOC_PARAM@@PAX@Z1PAVIDevice@@3_J_KKKPA_KK@Z
?NTFSUtilCopyVolume@@YGKPAUIManager@@PAUIManagerItem@@1P6GKPAUtagOC_PARAM@@PAX@Z3PAVIDevice@@PA_KK@Z
?SetSectorSize@IDevice@@QAEXK@Z
?SetStorage@CStorageIO@@QAEXPAUIStorageDevice@@@Z
GetModule

Sections

.text
Size: 463KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

089fdf4dd4a886dc33dc6a1316234518

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3Certificate

Extended Key Usages

Key Usages

ea:55:58:10:91:92:72:4c:1c:6c:8b:9d:e6:be:5d:4a:a5:42:76:d4:b0:e3:18:b4:66:63:28:76:ad:37:26:79Signer

79:b4:05:a0:77:b7:46:e3:c4:39:cd:c2:6f:06:ec:34:89:08:e9:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntfslib

callbackoperator

kernel32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 463KB - Virtual size: 462KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 54KB - Virtual size: 56KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 14KB - Virtual size: 14KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

ea:55:58:10:91:92:72:4c:1c:6c:8b:9d:e6:be:5d:4a:a5:42:76:d4:b0:e3:18:b4:66:63:28:76:ad:37:26:79
Signer

79:b4:05:a0:77:b7:46:e3:c4:39:cd:c2:6f:06:ec:34:89:08:e9:65
Signer

.text
Size: 463KB - Virtual size: 462KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 54KB - Virtual size: 56KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 14KB - Virtual size: 14KB