6840142e89e81ea6fcde1a50d86d7430_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6840142e89e81ea6fcde1a50d86d7430_NeikiAnalytics.exe
Size

362KB
MD5

6840142e89e81ea6fcde1a50d86d7430
SHA1

6688a222286041edc808522d5d17b592622c7dc4
SHA256

c73e8ffc2cfe41580e169e715e4ac024a7d70e4ac2ab5c6d3d3d7f8d3ecca352
SHA512

b0953df3401529d3e0b06ff682b58a3c9ba6b5e013f025aff632c460e98032498dc7a745ebc3a4cfce27803b01b7445c96386b02243e4d6c69f4f538e48ac06d
SSDEEP

6144:S15HV+nmLDtXWtX+D06yTWFInRw6V4jxnrCf2QbMxESf3H:S1DYHU04jxrvH

Score

1^/10

Malware Config

Signatures

Files

6840142e89e81ea6fcde1a50d86d7430_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

f76fc99d1dd4fbdc42df233906313b31

Code Sign

04:90:59:8a:61:a9:eb:63:c2:c7:87:84:d7:72:f5:df
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/10/2019, 00:00

Not After

18/10/2022, 12:00

Subject

SERIALNUMBER=911101086742533119,CN=北京世纪好未来教育科技有限公司,OU=信息部,O=北京世纪好未来教育科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:90:59:8a:61:a9:eb:63:c2:c7:87:84:d7:72:f5:df
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/10/2019, 00:00

Not After

18/10/2022, 12:00

Subject

SERIALNUMBER=911101086742533119,CN=北京世纪好未来教育科技有限公司,OU=信息部,O=北京世纪好未来教育科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:d6:e5:51:74:16:71:4a:6e:25:8a:74:2a:5b:c5:13:be:00:96:ff:19:43:d3:ff:ed:de:a2:dc:c7:b8:c3:51
Signer

Actual PE Digest

05:d6:e5:51:74:16:71:4a:6e:25:8a:74:2a:5b:c5:13:be:00:96:ff:19:43:d3:ff:ed:de:a2:dc:c7:b8:c3:51

Digest Algorithm

sha256

PE Digest Matches

true

7d:d1:02:01:8c:6d:87:ea:57:b4:b1:c2:f0:31:6b:30:d3:8b:e4:e3
Signer

Actual PE Digest

7d:d1:02:01:8c:6d:87:ea:57:b4:b1:c2:f0:31:6b:30:d3:8b:e4:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
DebugBreak
InterlockedExchangeAdd
SwitchToThread
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsSetValue
GetModuleHandleExW
lstrlenW
GetCurrentThread
SetThreadPriority
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
CreateThread
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
WaitForSingleObjectEx
CreateEventA
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
IsProcessorFeaturePresent
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
RaiseException

user32

PostThreadMessageA
GetMessageA
PeekMessageA

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoTaskMemFree
PropVariantClear
CoUninitialize
CoInitialize

winmm

waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveOutWrite
waveInPrepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetDevCapsW
waveOutGetNumDevs
waveInUnprepareHeader
waveInAddBuffer
waveInStop
waveInStart
waveInReset
waveOutUnprepareHeader

msvcr120

__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
free
memset
calloc
realloc
_stricmp
strchr
_strnicmp
isspace
_CIsinh
_libm_sse2_cos_precise
_libm_sse2_log_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
malloc
_fdclass
fclose
fread
getenv
strtol
__iob_func
_snprintf
strncmp
_libm_sse2_pow_precise
lrintf
_CIatan2
_libm_sse2_acos_precise
_libm_sse2_asin_precise
atoi
strtoul
strtof
_wgetenv
fgetc
sscanf
_snwprintf
_wfopen
isalnum
memmove
strncpy
memcpy
_libm_sse2_exp_precise
_libm_sse2_atan_precise
_libm_sse2_log10_precise
_aligned_free
_aligned_malloc
fflush
fprintf
vfprintf
fegetenv
fesetenv
fesetround
strpbrk
feof
floor
_errno
clearerr
ferror
fputc
fseek
ftell
fwrite
strerror
_except1
_crt_debugger_hook
__crtUnhandledException
_strdup

Exports

Exports

alAuxiliaryEffectSlotf
alAuxiliaryEffectSlotfv
alAuxiliaryEffectSloti
alAuxiliaryEffectSlotiv
alBuffer3f
alBuffer3i
alBufferData
alBufferSamplesSOFT
alBufferSubDataSOFT
alBufferSubSamplesSOFT
alBufferf
alBufferfv
alBufferi
alBufferiv
alDeferUpdatesSOFT
alDeleteAuxiliaryEffectSlots
alDeleteBuffers
alDeleteEffects
alDeleteFilters
alDeleteFontsoundsSOFT
alDeletePresetsSOFT
alDeleteSoundfontsSOFT
alDeleteSources
alDisable
alDistanceModel
alDopplerFactor
alDopplerVelocity
alEffectf
alEffectfv
alEffecti
alEffectiv
alEnable
alFilterf
alFilterfv
alFilteri
alFilteriv
alFontsound2iSOFT
alFontsoundModulatoriSOFT
alFontsoundiSOFT
alFontsoundivSOFT
alGenAuxiliaryEffectSlots
alGenBuffers
alGenEffects
alGenFilters
alGenFontsoundsSOFT
alGenPresetsSOFT
alGenSoundfontsSOFT
alGenSources
alGetAuxiliaryEffectSlotf
alGetAuxiliaryEffectSlotfv
alGetAuxiliaryEffectSloti
alGetAuxiliaryEffectSlotiv
alGetBoolean
alGetBooleanv
alGetBuffer3f
alGetBuffer3i
alGetBufferSamplesSOFT
alGetBufferf
alGetBufferfv
alGetBufferi
alGetBufferiv
alGetDouble
alGetDoublev
alGetEffectf
alGetEffectfv
alGetEffecti
alGetEffectiv
alGetEnumValue
alGetError
alGetFilterf
alGetFilterfv
alGetFilteri
alGetFilteriv
alGetFloat
alGetFloatv
alGetFontsoundModulatorivSOFT
alGetFontsoundivSOFT
alGetInteger
alGetInteger64SOFT
alGetInteger64vSOFT
alGetIntegerv
alGetListener3f
alGetListener3i
alGetListenerf
alGetListenerfv
alGetListeneri
alGetListeneriv
alGetPresetivSOFT
alGetProcAddress
alGetSoundfontivSOFT
alGetSource3dSOFT
alGetSource3f
alGetSource3i
alGetSource3i64SOFT
alGetSourcedSOFT
alGetSourcedvSOFT
alGetSourcef
alGetSourcefv
alGetSourcei
alGetSourcei64SOFT
alGetSourcei64vSOFT
alGetSourceiv
alGetString
alIsAuxiliaryEffectSlot
alIsBuffer
alIsBufferFormatSupportedSOFT
alIsEffect
alIsEnabled
alIsExtensionPresent
alIsFilter
alIsFontsoundSOFT
alIsPresetSOFT
alIsSoundfontSOFT
alIsSource
alListener3f
alListener3i
alListenerf
alListenerfv
alListeneri
alListeneriv
alLoadSoundfontSOFT
alMidiEventSOFT
alMidiGainSOFT
alMidiPauseSOFT
alMidiPlaySOFT
alMidiResetSOFT
alMidiSoundfontSOFT
alMidiSoundfontvSOFT
alMidiStopSOFT
alMidiSysExSOFT
alPresetFontsoundsSOFT
alPresetiSOFT
alPresetivSOFT
alProcessUpdatesSOFT
alSoundfontPresetsSOFT
alSource3dSOFT
alSource3f
alSource3i
alSource3i64SOFT
alSourcePause
alSourcePausev
alSourcePlay
alSourcePlayv
alSourceQueueBuffers
alSourceRewind
alSourceRewindv
alSourceStop
alSourceStopv
alSourceUnqueueBuffers
alSourcedSOFT
alSourcedvSOFT
alSourcef
alSourcefv
alSourcei
alSourcei64SOFT
alSourcei64vSOFT
alSourceiv
alSpeedOfSound
alcCaptureCloseDevice
alcCaptureOpenDevice
alcCaptureSamples
alcCaptureStart
alcCaptureStop
alcCloseDevice
alcCreateContext
alcDestroyContext
alcDevicePauseSOFT
alcDeviceResumeSOFT
alcGetContextsDevice
alcGetCurrentContext
alcGetEnumValue
alcGetError
alcGetInteger64vSOFT
alcGetIntegerv
alcGetProcAddress
alcGetString
alcGetThreadContext
alcIsExtensionPresent
alcIsRenderFormatSupportedSOFT
alcLoopbackOpenDeviceSOFT
alcMakeContextCurrent
alcOpenDevice
alcProcessContext
alcRenderSamplesSOFT
alcSetThreadContext
alcSuspendContext

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f76fc99d1dd4fbdc42df233906313b31

Code Sign

04:90:59:8a:61:a9:eb:63:c2:c7:87:84:d7:72:f5:dfCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

04:90:59:8a:61:a9:eb:63:c2:c7:87:84:d7:72:f5:dfCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

05:d6:e5:51:74:16:71:4a:6e:25:8a:74:2a:5b:c5:13:be:00:96:ff:19:43:d3:ff:ed:de:a2:dc:c7:b8:c3:51Signer

7d:d1:02:01:8c:6d:87:ea:57:b4:b1:c2:f0:31:6b:30:d3:8b:e4:e3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

winmm

msvcr120

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 1024B - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 13KB - Virtual size: 12KB

04:90:59:8a:61:a9:eb:63:c2:c7:87:84:d7:72:f5:df
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

04:90:59:8a:61:a9:eb:63:c2:c7:87:84:d7:72:f5:df
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

05:d6:e5:51:74:16:71:4a:6e:25:8a:74:2a:5b:c5:13:be:00:96:ff:19:43:d3:ff:ed:de:a2:dc:c7:b8:c3:51
Signer

7d:d1:02:01:8c:6d:87:ea:57:b4:b1:c2:f0:31:6b:30:d3:8b:e4:e3
Signer

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 1024B - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 13KB - Virtual size: 12KB