3ee69b4a0dc6f8803cdab8935ce0ade0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3ee69b4a0dc6f8803cdab8935ce0ade0_NeikiAnalytics.exe
Size

4.3MB
MD5

3ee69b4a0dc6f8803cdab8935ce0ade0
SHA1

ed98cb8386be4dc87e44741400b99ff594361c0d
SHA256

c63fb8c73874cb28267ea810f9e5605b44a22a1a2ceae6710ff0d68c40b6234d
SHA512

228ef60692329aecf44c00316bd2d6e354c84329fa5048b9f0d74b03f2ebe36285fe05eea806c0766bd0835948c42dc7c87f6f256b6e991ce59ae3353a962eb6
SSDEEP

98304:RA+6C1gFySrLzzTvwlBvZPy55W7aEM84dqI:m+6C1gFyMTs7aEM84dZ

Score

1^/10

Malware Config

Signatures

Files

3ee69b4a0dc6f8803cdab8935ce0ade0_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

eddfd60a3b89261548ee583bd434bbb4

Code Sign

61:3b:c7:91:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 20:15

Not After

15/04/2021, 20:25

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:8d:a6:4b:7b:d5:2c:4f:d1:8e:a4:cb:bb:86:9d:b6
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

03/08/2022, 10:16

Not After

02/08/2024, 10:16

Subject

CN=Hans Roes,O=Hans Roes,L=Tielen,C=BE,1.2.840.113549.1.9.1=#0c1568616e732e63657274756d406d6f6470726f2e6265

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b2:da:6e:a7:11:95:6f:3f:25:f6:07:1b:08:0e:38:68:af:d7:fd:06:6f:34:b0:26:fb:68:57:9b:57:9c:82:92
Signer

Actual PE Digest

b2:da:6e:a7:11:95:6f:3f:25:f6:07:1b:08:0e:38:68:af:d7:fd:06:6f:34:b0:26:fb:68:57:9b:57:9c:82:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\67cb58dabc057465\Build\Symbols\Nightly_Win32\Client Deathmatch.pdb

Imports

bass

BASS_ChannelRemoveSync
BASS_ErrorGetCode
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_MusicLoad
BASS_ChannelBytes2Seconds
BASS_ChannelSeconds2Bytes
BASS_ChannelGetInfo
BASS_ChannelGetTags
BASS_ChannelFlags
BASS_ChannelPlay
BASS_ChannelPause
BASS_ChannelSetAttribute
BASS_PluginLoad
BASS_Stop
BASS_Free
BASS_Init
BASS_SetConfigPtr
BASS_GetConfig
BASS_SetConfig
BASS_FXGetParameters
BASS_FXSetParameters
BASS_ChannelRemoveFX
BASS_ChannelSetFX
BASS_ChannelGetAttribute
BASS_ChannelSetSync
BASS_ChannelGetData
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelSetPosition
BASS_ChannelGetLength
BASS_ChannelStop

bass_fx

BASS_FX_BPM_BeatCallbackSet
BASS_FX_BPM_Free
BASS_FX_BPM_CallbackSet
BASS_FX_BPM_DecodeGet
BASS_FX_ReverseCreate
BASS_FX_TempoGetSource
BASS_FX_TempoCreate
BASS_FX_BPM_BeatFree

bassmix

BASS_Mixer_StreamCreate
BASS_Mixer_StreamAddChannel

tags

TAGS_Read

kernel32

HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
HeapAlloc
HeapFree
OutputDebugStringW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
DuplicateHandle
SetStdHandle
SetEndOfFile
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetDateFormatW
GetCommandLineA
ExitProcess
FreeLibraryAndExitThread
ExitThread
SetEnvironmentVariableW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
GetLongPathNameW
ReadFile
SetFileAttributesA
GetTempPathW
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcess
GetCommandLineW
TerminateProcess
GetCurrentThreadId
OpenThread
GetThreadTimes
OpenProcess
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTime
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
LocalFree
MoveFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
K32GetModuleFileNameExW
K32GetModuleInformation
K32QueryWorkingSet
K32GetProcessMemoryInfo
CreateThread
FreeLibrary
CreateTimerQueueTimer
DeleteTimerQueueTimer
WriteFile
SetHandleInformation
CreatePipe
PeekNamedPipe
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
Sleep
SetThreadPriority
ResumeThread
GetLocaleInfoEx
SetLastError
GetModuleFileNameA
FormatMessageA
DeleteFileW
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetCurrentProcessId
CreateEventA
InitializeCriticalSectionEx
WideCharToMultiByte
MultiByteToWideChar
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetFileInformationByHandleEx
GetModuleHandleW
AreFileApisANSI
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
SleepConditionVariableSRW
WakeAllConditionVariable
GetSystemTimeAsFileTime
GetVersion
GlobalFree
GetEnvironmentVariableA
SetEvent
ResetEvent
GetVersionExA
LocalAlloc
WaitForSingleObjectEx
GetExitCodeThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
CreateDirectoryW
FindFirstFileExW

user32

ClientToScreen
SetActiveWindow
SetFocus
FlashWindowEx
GetAsyncKeyState
GetCursorPos
CloseClipboard
GetDesktopWindow
MessageBoxW
OpenClipboard
GetKeyState
SetClipboardData
EmptyClipboard

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExW
RegCloseKey

shell32

SHFileOperationW
SHGetFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

pcre3

?no_arg@RE@pcrecpp@@2VArg@2@A
??0StringPiece@pcrecpp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?parse_string@Arg@pcrecpp@@CA_NPBDHPAX@Z
?PartialMatch@RE@pcrecpp@@QBE_NABVStringPiece@2@ABVArg@2@111111111111111@Z
??1RE@pcrecpp@@QAE@XZ
?FindAndConsume@RE@pcrecpp@@QBE_NPAVStringPiece@2@ABVArg@2@111111111111111@Z
?GlobalReplace@RE@pcrecpp@@QBEHABVStringPiece@2@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0RE@pcrecpp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVRE_Options@1@@Z

winmm

timeKillEvent
timeSetEvent
timeGetTime

Exports

Exports

??0Bitmap@lunasvg@@QAE@$$QAV01@@Z
??0Bitmap@lunasvg@@QAE@ABV01@@Z
??0Bitmap@lunasvg@@QAE@II@Z
??0Bitmap@lunasvg@@QAE@PAEIII@Z
??0Bitmap@lunasvg@@QAE@XZ
??0Box@lunasvg@@QAE@ABVRect@1@@Z
??0Box@lunasvg@@QAE@NNNN@Z
??0Box@lunasvg@@QAE@XZ
??0Document@lunasvg@@AAE@XZ
??0Matrix@lunasvg@@QAE@ABVTransform@1@@Z
??0Matrix@lunasvg@@QAE@NNNNNN@Z
??0Matrix@lunasvg@@QAE@XZ
??1Bitmap@lunasvg@@QAE@XZ
??1Document@lunasvg@@QAE@XZ
??4Bitmap@lunasvg@@QAEAAV01@$$QAV01@@Z
??4Bitmap@lunasvg@@QAEAAV01@ABV01@@Z
??4Box@lunasvg@@QAEAAV01@$$QAV01@@Z
??4Box@lunasvg@@QAEAAV01@ABV01@@Z
??4Matrix@lunasvg@@QAEAAV01@$$QAV01@@Z
??4Matrix@lunasvg@@QAEAAV01@ABV01@@Z
??DMatrix@lunasvg@@QBE?AV01@ABV01@@Z
??XMatrix@lunasvg@@QAEAAV01@ABV01@@Z
?box@Document@lunasvg@@QBE?AVBox@2@XZ
?clear@Bitmap@lunasvg@@QAEXI@Z
?convert@Bitmap@lunasvg@@QAEXHHHH_N@Z
?convertToRGBA@Bitmap@lunasvg@@QAEXXZ
?data@Bitmap@lunasvg@@QBEPAEXZ
?height@Bitmap@lunasvg@@QBEIXZ
?height@Document@lunasvg@@QBENXZ
?identity@Matrix@lunasvg@@QAEAAV12@XZ
?invert@Matrix@lunasvg@@QAEAAV12@XZ
?inverted@Matrix@lunasvg@@QBE?AV12@XZ
?loadFromData@Document@lunasvg@@SA?AV?$unique_ptr@VDocument@lunasvg@@U?$default_delete@VDocument@lunasvg@@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?loadFromData@Document@lunasvg@@SA?AV?$unique_ptr@VDocument@lunasvg@@U?$default_delete@VDocument@lunasvg@@@std@@@std@@PBD@Z
?loadFromData@Document@lunasvg@@SA?AV?$unique_ptr@VDocument@lunasvg@@U?$default_delete@VDocument@lunasvg@@@std@@@std@@PBDI@Z
?loadFromFile@Document@lunasvg@@SA?AV?$unique_ptr@VDocument@lunasvg@@U?$default_delete@VDocument@lunasvg@@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?matrix@Document@lunasvg@@QBE?AVMatrix@2@XZ
?postmultiply@Matrix@lunasvg@@QAEAAV12@ABV12@@Z
?premultiply@Matrix@lunasvg@@QAEAAV12@ABV12@@Z
?render@Document@lunasvg@@QBEXVBitmap@2@ABVMatrix@2@@Z
?renderToBitmap@Document@lunasvg@@QBE?AVBitmap@2@III@Z
?reset@Bitmap@lunasvg@@QAEXII@Z
?reset@Bitmap@lunasvg@@QAEXPAEIII@Z
?rotate@Matrix@lunasvg@@QAEAAV12@N@Z
?rotate@Matrix@lunasvg@@QAEAAV12@NNN@Z
?rotated@Matrix@lunasvg@@SA?AV12@N@Z
?rotated@Matrix@lunasvg@@SA?AV12@NNN@Z
?scale@Matrix@lunasvg@@QAEAAV12@NN@Z
?scaled@Matrix@lunasvg@@SA?AV12@NN@Z
?setMatrix@Document@lunasvg@@QAEXABVMatrix@2@@Z
?shear@Matrix@lunasvg@@QAEAAV12@NN@Z
?sheared@Matrix@lunasvg@@SA?AV12@NN@Z
?stride@Bitmap@lunasvg@@QBEIXZ
?transform@Box@lunasvg@@QAEAAV12@ABVMatrix@2@@Z
?transform@Matrix@lunasvg@@QAEAAV12@NNNNNN@Z
?transformed@Box@lunasvg@@QBE?AV12@ABVMatrix@2@@Z
?translate@Matrix@lunasvg@@QAEAAV12@NN@Z
?translated@Matrix@lunasvg@@SA?AV12@NN@Z
?valid@Bitmap@lunasvg@@QBE_NXZ
?width@Bitmap@lunasvg@@QBEIXZ
?width@Document@lunasvg@@QBENXZ
GetLibMtaVersion
InitClient

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 830KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eddfd60a3b89261548ee583bd434bbb4

Code Sign

61:3b:c7:91:00:00:00:00:00:34Certificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

32:8d:a6:4b:7b:d5:2c:4f:d1:8e:a4:cb:bb:86:9d:b6Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

b2:da:6e:a7:11:95:6f:3f:25:f6:07:1b:08:0e:38:68:af:d7:fd:06:6f:34:b0:26:fb:68:57:9b:57:9c:82:92Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bass

bass_fx

bassmix

tags

kernel32

user32

advapi32

shell32

ole32

oleaut32

pcre3

winmm

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 830KB - Virtual size: 830KB

.data Size: 104KB - Virtual size: 1.1MB

_RDATA Size: 68KB - Virtual size: 67KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 175KB - Virtual size: 175KB

61:3b:c7:91:00:00:00:00:00:34
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

32:8d:a6:4b:7b:d5:2c:4f:d1:8e:a4:cb:bb:86:9d:b6
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

b2:da:6e:a7:11:95:6f:3f:25:f6:07:1b:08:0e:38:68:af:d7:fd:06:6f:34:b0:26:fb:68:57:9b:57:9c:82:92
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 830KB - Virtual size: 830KB

.data
Size: 104KB - Virtual size: 1.1MB

_RDATA
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 175KB - Virtual size: 175KB