99c29e44c53ea27c2dff5c90266ac9d0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

99c29e44c53ea27c2dff5c90266ac9d0_NeikiAnalytics.exe
Size

854KB
MD5

99c29e44c53ea27c2dff5c90266ac9d0
SHA1

27025f4f618bbda9ad10e40c22ec6406f080f708
SHA256

f5ffba7f4b911706d347c2ff5ea2f1c51fa2af687c0f9f34fc72985e5226cf28
SHA512

2d5166cc8a4e7bc57aaa0db368ae421e5ccf661ad27008f6baa2abe8e97a1c7b436452d3c7b28de93ac4d6a49fcec6ee308db01f352edb91e690a21659a7af75
SSDEEP

12288:28eNxZgQyObm4PyALs6gjsM3jGkWlR7QfMoyYwM5E+e80aW04:22QPbLs6goM3jGkUVYwmErlW4

Score

1^/10

Malware Config

Signatures

Files

99c29e44c53ea27c2dff5c90266ac9d0_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

ec28f192d36a699cb59453b02a95cc7b

Code Sign

33:00:00:03:84:d9:68:7d:66:cc:75:4b:a1:00:00:00:00:03:84
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2023, 23:45

Not After

15/09/2024, 23:45

Subject

CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:c9:ff:33:f4:d7:3c:12:d2:e5:7f:85:e0:30:12:72:29:3b:fa:66:36:c1:86:82:e0:e9:c4:bd:f1:f8:61:71
Signer

Actual PE Digest

fa:c9:ff:33:f4:d7:3c:12:d2:e5:7f:85:e0:30:12:72:29:3b:fa:66:36:c1:86:82:e0:e9:c4:bd:f1:f8:61:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\__w\1\s\winfile\src\Win32\Release\Winfile.pdb

Imports

kernel32

GetEnvironmentVariableW
GetSystemDirectoryW
GlobalAlloc
GlobalFree
LoadLibraryW
SetCurrentDirectoryW
GetProcAddress
GlobalLock
FreeLibrary
WideCharToMultiByte
GlobalUnlock
GetShortPathNameW
SetFileAttributesW
DeleteFileW
CreateThread
IsDBCSLeadByte
GetModuleHandleW
MoveFileW
GetUserDefaultLCID
FileTimeToSystemTime
GetNumberFormatW
FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
DeleteCriticalSection
GetVolumeInformationW
GetCompressedFileSizeW
LocalFileTimeToFileTime
ExpandEnvironmentStringsW
GetLastError
ExitThread
GetDiskFreeSpaceExW
CreateHardLinkW
GetTempPathW
GetFileInformationByHandle
CreateDirectoryExW
SetThreadPriority
GetCurrentThreadId
Sleep
SwitchToThread
SetErrorMode
GetCurrentThread
ResetEvent
ExitProcess
GetDriveTypeW
SizeofResource
SetThreadLocale
GetPrivateProfileIntW
GetThreadLocale
SetThreadUILanguage
GetLocaleInfoW
GetVersionExW
FreeResource
LoadResource
FindResourceW
GetCurrentDirectoryW
MulDiv
LocalUnlock
LocalSize
CompareFileTime
GetTickCount
GetCommandLineW
RemoveDirectoryW
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
LocalReAlloc
GetProfileStringW
WriteProfileStringW
lstrcmpW
lstrcatW
CompareStringW
lstrcmpiW
GetPrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameW
WritePrivateProfileStringW
FormatMessageW
GetProcessHeap
HeapAlloc
HeapFree
CopyFileExW
lstrcpyW
CopyFileW
LocalFree
VerLanguageNameW
DeviceIoControl
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
GetFileAttributesW
CreateFileW
LocalAlloc
SystemTimeToFileTime
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
FindClose
lstrlenW
FindNextFileW
GetFullPathNameW
SetLastError
FindFirstFileExW
FindFirstFileW
WriteFile
CreateDirectoryW
GetStartupInfoW

gdi32

GetStockObject
GetLayout
SetLayout
CreateCompatibleDC
CreateDIBitmap
CreateFontW
GetDeviceCaps
DeleteDC
SetBkMode
GetObjectW
CreateFontIndirectW
TextOutW
PatBlt
GetTextExtentPoint32W
ExtTextOutW
BitBlt
SelectObject
GetTextMetricsW
SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush

user32

ReleaseCapture
PtInRect
SetRect
CharUpperBuffW
SetCursor
SetCapture
TranslateMessage
TranslateAcceleratorW
IntersectRect
FrameRect
DragObject
PeekMessageW
ClientToScreen
TranslateMDISysAccel
DispatchMessageW
GetCapture
MessageBeep
InflateRect
PostMessageW
CharLowerW
GetKeyState
GetMessageW
GetWindowTextW
DialogBoxParamW
CharNextW
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
SetWindowTextW
MessageBoxW
CharUpperW
GetWindowTextLengthW
MsgWaitForMultipleObjects
ShowCursor
KillTimer
CheckMenuItem
SetClipboardData
InsertMenuW
LoadCursorW
WinHelpW
EmptyClipboard
CloseClipboard
SetTimer
OpenClipboard
SetActiveWindow
RegisterClipboardFormatW
CreateDialogParamW
DrawIconEx
IsWindow
GetCursorPos
GetDesktopWindow
SystemParametersInfoW
CheckDlgButton
IsIconic
IsDlgButtonChecked
TrackPopupMenu
GetWindowPlacement
LoadMenuW
OffsetRect
SetWindowPos
GetDoubleClickTime
DrawMenuBar
DeleteMenu
SetForegroundWindow
IsDialogMessageW
RedrawWindow
CallWindowProcW
DestroyIcon
RegisterWindowMessageW
LoadIconW
SetWindowsHookW
LoadAcceleratorsW
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetLastActivePopup
DefMDIChildProcW
GetActiveWindow
SetCursorPos
DrawIcon
GetScrollPos
InternalGetWindowText
wvsprintfW
PostQuitMessage
DefFrameProcW
CallNextHookEx
GetSystemMenu
GetWindowLongW
DefWindowProcW
GetWindow
GetWindowRect
EnumChildWindows
ScreenToClient
SendMessageW
EndDialog
GetSystemMetrics
GetClassNameA
BeginDeferWindowPos
RegisterClassW
EnableWindow
GetMenuState
GetMenu
MapWindowPoints
MoveWindow
RegisterClassA
GetUpdateRect
GetClassNameW
EndDeferWindowPos
SetWindowLongW
GetClientRect
GetFocus
DestroyWindow
GetDC
FillRect
CreateWindowExW
GetSubMenu
ShowWindow
DrawFocusRect
GetSysColor
SetFocus
GetMenuStringW
GetDlgItem
DrawTextW
EnableMenuItem
UpdateWindow
DestroyMenu
IsWindowUnicode
GetParent
DrawFrameControl
InvalidateRect
BeginPaint
EndPaint
LoadStringW
ReleaseDC
wsprintfW
DeferWindowPos

advapi32

RegOpenKeyW
RegEnumKeyExW
RegFlushKey
RegQueryValueW
RegDeleteKeyW
RegEnumKeyW
RegCloseKey
RegQueryValueExW
RegSetValueW
RegOpenKeyExW

oleaut32

VarDateFromStr
VariantTimeToSystemTime

ole32

CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
ReleaseStgMedium
RevokeDragDrop
OleUninitialize
OleInitialize

shell32

DragQueryFileW
ord42
ShellExecuteExW
SHFormatDrive
ord66
ShellExecuteW
ExtractIconExW

shlwapi

StrCpyNW
StrChrW
StrRChrW
PathFileExistsW
PathIsDirectoryW
PathAppendW
PathFindExtensionW

comctl32

CreateToolbarEx
CreateStatusWindowW
ord4
ord2

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memmove
wcsrchr
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
wcsstr
_CxxThrowException
__current_exception
__current_exception_context
memset
_except_handler4_common
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
_set_fmode
__p__commode

api-ms-win-crt-string-l1-1-0

wcsncat_s
wcsncpy_s
_wcslwr_s
wcstok_s
tolower
wcsncmp
wcscpy_s
_wcsicmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_crt_atexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_controlfp_s
_initterm
_register_onexit_function
_initialize_onexit_table
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec28f192d36a699cb59453b02a95cc7b

Code Sign

33:00:00:03:84:d9:68:7d:66:cc:75:4b:a1:00:00:00:00:03:84Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

fa:c9:ff:33:f4:d7:3c:12:d2:e5:7f:85:e0:30:12:72:29:3b:fa:66:36:c1:86:82:e0:e9:c4:bd:f1:f8:61:71Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

advapi32

oleaut32

ole32

shell32

shlwapi

comctl32

version

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 222KB - Virtual size: 222KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 3KB - Virtual size: 203KB

.rsrc Size: 578KB - Virtual size: 578KB

.reloc Size: 21KB - Virtual size: 21KB

33:00:00:03:84:d9:68:7d:66:cc:75:4b:a1:00:00:00:00:03:84
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

fa:c9:ff:33:f4:d7:3c:12:d2:e5:7f:85:e0:30:12:72:29:3b:fa:66:36:c1:86:82:e0:e9:c4:bd:f1:f8:61:71
Signer

.text
Size: 222KB - Virtual size: 222KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 203KB

.rsrc
Size: 578KB - Virtual size: 578KB

.reloc
Size: 21KB - Virtual size: 21KB