5b05dc65576bcd2dee7f5bdca2e83ae0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5b05dc65576bcd2dee7f5bdca2e83ae0_NeikiAnalytics.exe
Size

1.9MB
MD5

5b05dc65576bcd2dee7f5bdca2e83ae0
SHA1

a67424efa0345e3a6f2d1908ac892d20d04cc53c
SHA256

d352966b87bd7f3d48cc1b48c4c8bd352a05169c4a0c6eb964e8d690a17cd804
SHA512

273a88d9fd39a9ea04456f3f91e23455ccb9299c9defb0450a801308521c3dfbd0921fcc425c90a7588a7dd343ab2b6b618eb06d1ae7eab487c58e855cbbf117
SSDEEP

24576:Nq6qAwye6Q29puAlcfh7hPWvksxwZs36IT/9D0rLc1IXS7JUUWpmeEBK3+6TFEYT:pkOPlcfPZmf/9D0r7i1VQ/DCO

Score

1^/10

Malware Config

Signatures

Files

5b05dc65576bcd2dee7f5bdca2e83ae0_NeikiAnalytics.exe
.dll regsvr32 windows:10 windows x86 arch:x86

e7728af47181ac634c9300c02149daa3

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:5a:c6:95:bf:d7:fc:12:91:d0:ba:82:ef:bc:22:8a:3e:ed:57:ad:dc:80:75:6e:06:0f:43:50:41:15:1c:6f
Signer

Actual PE Digest

2d:5a:c6:95:bf:d7:fc:12:91:d0:ba:82:ef:bc:22:8a:3e:ed:57:ad:dc:80:75:6e:06:0f:43:50:41:15:1c:6f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmvcore.pdb

Imports

wmasf

ASFGetTimeBase
ord7
ord18
ASFPresTimeToTime
ASFSendTimeToTime
ord6
ord9
ASFCreateStreamSelector
ASFTimeToPresTime
ASFTimeToSendTime
ord17
ord11
ASFSetDataUnitInfo
ord24
ord8
ord10
ord5

msvcrt

strstr
_ultoa_s
_stricmp
strncmp
sscanf_s
_wtol
_ultow
isalpha
toupper
malloc
qsort
strncpy_s
strcspn
strspn
isxdigit
isspace
wcsspn
iswascii
iswcntrl
_ltoa_s
_ultow_s
wcsftime
gmtime
printf
isalnum
free
realloc
_waccess
swscanf_s
_wcsupr
wcsncpy_s
_itoa_s
_callnewh
_ui64toa_s
towupper
_itow
strpbrk
iswprint
strchr
isdigit
_wcslwr
_XcptFilter
_errno
memcmp
memcpy
srand
_unlock
_lock
__dllonexit
_onexit
_amsg_exit
_initterm
memmove
_beginthreadex
rand
_except_handler4_common
strtoul
??1type_info@@UAE@XZ
iswdigit
time
iswspace
wcstoul
?terminate@@YAXXZ
wcsnlen
wcscspn
strnlen
setlocale
swscanf
wcstol
_wtoi
wcsstr
_vsnwprintf
_vsnprintf
_strnicmp
wcsncmp
wcsrchr
wcspbrk
wcschr
_wcsicmp
_set_error_mode
_purecall
__CxxFrameHandler3
_wcsnicmp
_ftol2
_ftol2_sse
ceil
memchr
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LockResource
GetModuleHandleExA
LoadResource
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls
FreeResource
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameW
SizeofResource

api-ms-win-core-file-l1-1-0

GetFileSizeEx
GetFileAttributesW
SetFilePointerEx
CreateFileW
WriteFile
GetVolumeInformationW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
ReadFile
DeleteFileW
CompareFileTime
SetEndOfFile
SetFilePointer
GetFileSize
GetFileTime
GetFileType

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTime
GetTickCount
GetVersion
GetSystemInfo
GetVersionExW
GetVersionExA
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetLocalTime

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

SetHandleInformation
DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetThreadPriority
GetExitCodeThread
SetThreadPriority
TlsSetValue
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

OpenProcess

oleaut32

VariantCopy
VariantClear
SysStringByteLen
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocString
SafeArrayAccessData
SafeArrayCreate
SysAllocStringLen
VariantInit
SysStringLen
SysFreeString
VariantTimeToSystemTime

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSize
HeapReAlloc

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
SleepEx
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventW
ResetEvent
SetEvent
CreateMutexW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromCLSID
CoInitializeEx
CoGetTreatAsClass
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegCloseKey

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
GetUserDefaultLCID
GetLocaleInfoW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStringsW

ntdll

RtlGetPersistedStateLocation

advapi32

RegDeleteKeyW
CryptAcquireContextA
CryptGenRandom
RegOpenKeyW
CryptReleaseContext
RegEnumKeyW
GetUserNameW

kernel32

lstrlenW
FindAtomW
GlobalLock
GlobalMemoryStatus
GetComputerNameW
SetThreadAffinityMask
MulDiv

user32

PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
ReleaseDC
GetDesktopWindow
GetDC
PostThreadMessageW

gdi32

GetSystemPaletteEntries

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

api-ms-win-core-file-l1-2-4

GetTempPath2W

Exports

Exports

DllRegisterServer
WMCheckURLExtension
WMCheckURLScheme
WMCreateBackupRestorer
WMCreateBackupRestorerPrivate
WMCreateEditor
WMCreateIndexer
WMCreateLicenseRevocationAgentPrivate
WMCreateProfileManager
WMCreateReader
WMCreateReaderPriv
WMCreateSyncReader
WMCreateSyncReaderPriv
WMCreateWriter
WMCreateWriterFileSink
WMCreateWriterNetworkSink
WMCreateWriterPriv
WMCreateWriterPushSink
WMIsAvailableOffline
WMIsContentProtected
WMValidateData

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7728af47181ac634c9300c02149daa3

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2d:5a:c6:95:bf:d7:fc:12:91:d0:ba:82:ef:bc:22:8a:3e:ed:57:ad:dc:80:75:6e:06:0f:43:50:41:15:1c:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wmasf

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-processthreads-l1-1-1

oleaut32

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-com-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

ntdll

advapi32

kernel32

user32

gdi32

api-ms-win-core-debug-l1-1-0

api-ms-win-core-file-l1-2-4

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 20KB - Virtual size: 24KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 1024B - Virtual size: 536B

.rsrc Size: 310KB - Virtual size: 310KB

.reloc Size: 56KB - Virtual size: 56KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2d:5a:c6:95:bf:d7:fc:12:91:d0:ba:82:ef:bc:22:8a:3e:ed:57:ad:dc:80:75:6e:06:0f:43:50:41:15:1c:6f
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 20KB - Virtual size: 24KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 1024B - Virtual size: 536B

.rsrc
Size: 310KB - Virtual size: 310KB

.reloc
Size: 56KB - Virtual size: 56KB