30b43019e92e0fbf59d15e0fa6214d00_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

30b43019e92e0fbf59d15e0fa6214d00_NeikiAnalytics.exe
Size

4.5MB
MD5

30b43019e92e0fbf59d15e0fa6214d00
SHA1

e4b1989b3e4aa65f702b299410e5a1e060ba6d19
SHA256

459a96fddd532abd9a9a42410523d4c010ac1db84713d7e3c7c95244c7b62c84
SHA512

efa1c408701e13c2e684464dd0de144fd4a6399dfc8f1cb4b9abd4e41572da34e5079fb405bdbd677db670f60cf331f62368e0a799c7f262cb405496af8da8e8
SSDEEP

98304:n95I6zhOqu9L5WwDJNaykK0p8kc0k8CPIF//NDB09z:9e6wquLWw3aNc0PnDB0V

Score

1^/10

Malware Config

Signatures

Files

30b43019e92e0fbf59d15e0fa6214d00_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

528962a7296ee4fe970e20099971446d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:3d:28:f8:40:f9:f7:f1:e9:17:78:f4:97:99:0c:aa
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/05/2022, 00:00

Not After

05/05/2025, 23:59

Subject

CN=NEXON Korea Corporation.,O=NEXON Korea Corporation.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:3d:28:f8:40:f9:f7:f1:e9:17:78:f4:97:99:0c:aa
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/05/2022, 00:00

Not After

05/05/2025, 23:59

Subject

CN=NEXON Korea Corporation.,O=NEXON Korea Corporation.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:05:6a:57:16:b1:7d:44:27:76:20:cb:88:17:8b:58:e7:ac:72:2e:be:22:1c:40:af:14:13:28:a8:b1:8d:42
Signer

Actual PE Digest

25:05:6a:57:16:b1:7d:44:27:76:20:cb:88:17:8b:58:e7:ac:72:2e:be:22:1c:40:af:14:13:28:a8:b1:8d:42

Digest Algorithm

sha256

PE Digest Matches

true

9d:32:a5:be:f7:97:8e:d4:63:bd:5a:60:94:ed:d7:d7:34:71:bc:9a
Signer

Actual PE Digest

9d:32:a5:be:f7:97:8e:d4:63:bd:5a:60:94:ed:d7:d7:34:71:bc:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\bamboo-home\xml-data\build-dir\NGS-REL435-NB\_Build\NGClient\x86\Output\Release\NGClient.pdb

Imports

kernel32

TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetModuleHandleA
ReadFile
GetSystemDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
GetTimeZoneInformation
GetSystemTimeAsFileTime
OpenMutexW
OpenEventW
OpenFileMappingW
MapViewOfFile
WaitForSingleObject
SetEvent
ReleaseMutex
MultiByteToWideChar
Sleep
CreateFileMappingW
GetFileSize
SetLastError
LoadLibraryW
GetCurrentThread
GetConsoleMode
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
ResetEvent
InterlockedCompareExchange
InterlockedExchange
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
CopyFileW
GetCurrentProcess
DeleteFileW
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryA
WaitForMultipleObjects
GetCurrentThreadId
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
ExpandEnvironmentStringsW
GetLongPathNameW
GetStdHandle
DuplicateHandle
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
GetConsoleWindow
WriteFile
FindClose
FindFirstFileW
FindNextFileW
GetEnvironmentVariableA
SetEnvironmentVariableA
CreatePipe
CreateMutexW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
QueryPerformanceCounter
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
LoadLibraryExW
GetModuleHandleExW
HeapReAlloc
ExitProcess
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
ReadConsoleW
HeapSize
CreateFileW
GetModuleFileNameA
InterlockedDecrement
QueryPerformanceFrequency
GetCurrentDirectoryW
DisableThreadLibraryCalls
GetModuleHandleW
CloseHandle
UnmapViewOfFile
GetModuleFileNameW
FreeLibrary
GetLastError
Module32NextW
GetCurrentProcessId
OpenProcess
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatusEx
GetLocaleInfoA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

netapi32

NetWkstaGetInfo
NetApiBufferFree

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject

advapi32

CryptGenRandom
QueryServiceConfigW
CloseServiceHandle
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 935KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vlizer
Size: 3.1MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

528962a7296ee4fe970e20099971446d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:3d:28:f8:40:f9:f7:f1:e9:17:78:f4:97:99:0c:aaCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:3d:28:f8:40:f9:f7:f1:e9:17:78:f4:97:99:0c:aaCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

25:05:6a:57:16:b1:7d:44:27:76:20:cb:88:17:8b:58:e7:ac:72:2e:be:22:1c:40:af:14:13:28:a8:b1:8d:42Signer

9d:32:a5:be:f7:97:8e:d4:63:bd:5a:60:94:ed:d7:d7:34:71:bc:9aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

version

psapi

netapi32

wintrust

crypt32

advapi32

ws2_32

Sections

.text Size: 935KB - Virtual size: 935KB

.rdata Size: 320KB - Virtual size: 320KB

.data Size: 81KB - Virtual size: 95KB

.gfids Size: 1024B - Virtual size: 652B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 63KB - Virtual size: 62KB

.vm_sec Size: 32KB - Virtual size: 32KB

.vlizer Size: 3.1MB - Virtual size: 9.0MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:3d:28:f8:40:f9:f7:f1:e9:17:78:f4:97:99:0c:aa
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:3d:28:f8:40:f9:f7:f1:e9:17:78:f4:97:99:0c:aa
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

25:05:6a:57:16:b1:7d:44:27:76:20:cb:88:17:8b:58:e7:ac:72:2e:be:22:1c:40:af:14:13:28:a8:b1:8d:42
Signer

9d:32:a5:be:f7:97:8e:d4:63:bd:5a:60:94:ed:d7:d7:34:71:bc:9a
Signer

.text
Size: 935KB - Virtual size: 935KB

.rdata
Size: 320KB - Virtual size: 320KB

.data
Size: 81KB - Virtual size: 95KB

.gfids
Size: 1024B - Virtual size: 652B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 63KB - Virtual size: 62KB

.vm_sec
Size: 32KB - Virtual size: 32KB

.vlizer
Size: 3.1MB - Virtual size: 9.0MB