7177ea36eb9e52db12b966d95a7cac80_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7177ea36eb9e52db12b966d95a7cac80_NeikiAnalytics.exe
Size

4.2MB
MD5

7177ea36eb9e52db12b966d95a7cac80
SHA1

572e88c3cc0fc61db19dbb7cbfa96df66bf9a348
SHA256

e0109d77da859bf3b16d3b64f1c34d10015876f39da7ceb6d31ac103a3e2090b
SHA512

8332565adf132c59ed20206b57144b9915e605756f9580ccc0b948390e9b1446dfe3470c006457127711510bfeec6e28fbb0d670ed6662239ecdb959a8027576
SSDEEP

98304:75tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEe:QssbCGo3yW8dLfZeNjR2e

Score

1^/10

Malware Config

Signatures

Files

7177ea36eb9e52db12b966d95a7cac80_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

e5db47083f44f9a06eeb1aa24006f602

Code Sign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-07-2021 00:00

Not After

27-07-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:b6:db:ae:bf:b2:94:4c:9d:9a:69:ec:a8:1f:f8:2c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03-03-2022 00:00

Not After

05-03-2025 23:59

Subject

SERIALNUMBER=2158113,CN=NortonLifeLock Inc.,OU=Norton Product Engineering - CM,O=NortonLifeLock Inc.,L=Tempe,ST=Arizona,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:05:c7:82:cd:0c:53:e1:93:44:c1:66:1d:0e:74:6f:d3:df:8c:07:30:06:85:bf:7f:03:fd:1c:43:07:75:33
Signer

Actual PE Digest

7f:05:c7:82:cd:0c:53:e1:93:44:c1:66:1d:0e:74:6f:d3:df:8c:07:30:06:85:bf:7f:03:fd:1c:43:07:75:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\fsd_5_36_0_4\VS141\Bin\Win32\Release\FSDUI.pdb

Imports

gdiplus

GdipFree
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreatePath
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageRotateFlip
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImagePointRectI
GdipDeletePath
GdipResetPath
GdipClosePathFigure
GdipAddPathLineI
GdipAlloc
GdipAddPathArcI
GdipCreateFromHDC
GdipDrawImageRectRect
GdipDrawImagePointsI
GdipDrawImageRectI
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdipSetPageUnit
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageGraphicsContext

kernel32

FileTimeToSystemTime
DeviceIoControl
CreateProcessW
GetExitCodeProcess
SetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
OpenProcess
GetSystemDirectoryW
GetLocaleInfoW
GetLocalTime
GetFileAttributesExW
SetFileTime
VirtualFree
VirtualAlloc
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatus
WaitForMultipleObjects
GetFileSize
SetFilePointer
MoveFileW
GetTempPathW
GetModuleHandleA
SystemTimeToFileTime
GetSystemTime
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesA
ExpandEnvironmentStringsW
GetSystemDefaultLCID
ResumeThread
GetThreadContext
LoadLibraryW
TerminateProcess
GetCurrentThread
VirtualQuery
GlobalMemoryStatusEx
QueryDosDeviceW
DecodePointer
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
FormatMessageA
CreateWaitableTimerA
OpenEventA
GetStartupInfoW
UnhandledExceptionFilter
FindClose
lstrcmpA
SetUnhandledExceptionFilter
ReadProcessMemory
ReleaseMutex
CreateMutexW
WaitForMultipleObjectsEx
UnregisterWaitEx
SetWaitableTimer
CancelWaitableTimer
GetProcessTimes
lstrlenA
GetLongPathNameW
GetCommandLineW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
lstrcpyW
OpenEventW
DuplicateHandle
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
AreFileApisANSI
FindFirstFileExW
GetStringTypeW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
IsWow64Process
GetTempFileNameW
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemDefaultLangID
WaitForSingleObjectEx
SetDllDirectoryW
LoadLibraryExA
VirtualProtect
GetModuleFileNameW
lstrcmpiW
GetCurrentProcess
GetSystemTimeAsFileTime
WideCharToMultiByte
GetModuleHandleW
IsProcessorFeaturePresent
DeleteFileW
CompareStringW
SetLastError
WaitForSingleObject
RemoveDirectoryW
CreateDirectoryW
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
ReleaseSemaphore
GetCurrentProcessId
RaiseException
MultiByteToWideChar
lstrlenW
LocalAlloc
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreW
CreateEventW
InitializeCriticalSection
LCMapStringW
MoveFileExW
GetFileInformationByHandle
FlushFileBuffers
SetEndOfFile
GetFileSizeEx
SetFilePointerEx
WriteFile
ReadFile
InitializeCriticalSectionAndSpinCount
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpW
GlobalUnlock
GetCurrentThreadId
InitializeCriticalSectionEx
VerSetConditionMask
VerifyVersionInfoW
Sleep
GetTickCount
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
CreateFileW
GetFileAttributesW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
IsValidCodePage
GetUserDefaultLCID
GetACP

user32

DestroyMenu
MonitorFromPoint
TrackPopupMenuEx
SetMenuInfo
AppendMenuW
CreateDialogParamW
GetCursorPos
CreateMenu
LoadIconW
SetMenuDefaultItem
PeekMessageW
CharNextW
EqualRect
CopyRect
CharPrevW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageA
DispatchMessageA
FindWindowW
EndDialog
GetDesktopWindow
DialogBoxParamW
GetFocus
GetSysColor
SetRectEmpty
ScreenToClient
DispatchMessageW
TranslateMessage
DrawFocusRect
GetMessageW
ExitWindowsEx
GetWindowTextLengthW
GetWindowTextW
OffsetRect
ReleaseDC
SetCapture
ReleaseCapture
PtInRect
ClientToScreen
GetCapture
SetTimer
GetDlgCtrlID
KillTimer
CreateWindowExW
GetClassNameW
IsWindowEnabled
DestroyWindow
IsWindowVisible
IsDialogMessageW
AttachThreadInput
GetWindowThreadProcessId
SetForegroundWindow
GetForegroundWindow
MessageBoxW
SetRect
GetDC
DrawTextW
FrameRect
FillRect
EnableMenuItem
GetSystemMenu
MoveWindow
SetFocus
AdjustWindowRectEx
EndPaint
BeginPaint
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
MapWindowPoints
SetWindowPos
SystemParametersInfoW
SetScrollPos
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetClientRect
ShowWindow
PostQuitMessage
GetKeyState
InvalidateRect
PostMessageW
GetWindow
SetWindowTextW
EnableWindow
GetDlgItem
GetMenu
SendMessageW
RegisterClassExW
GetSystemMetrics
GetClassInfoExW
RegisterWindowMessageW
LoadImageW
SetCursor
LoadCursorW
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetParent
wsprintfW
CharUpperW
IsCharAlphaNumericW
IsWindow
GetWindowDC

gdi32

GetDeviceCaps
CreateFontW
BitBlt
GetTextColor
SetBkMode
SetTextColor
CreateSolidBrush
CreatePen
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
DeleteDC
GetStockObject
DeleteObject
RoundRect
CreateFontIndirectW
SetLayout
GetObjectW

advapi32

RevertToSelf
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ControlTraceW
ConvertStringSidToSidW
GetNamedSecurityInfoW
QueryServiceStatus
ImpersonateLoggedOnUser
DuplicateTokenEx
EnumerateTraceGuids
QueryTraceW
FlushTraceW
StopTraceW
EnableTrace
StartTraceW
FreeSid
AllocateAndInitializeSid
MapGenericMask
SetSecurityInfo
GetSecurityInfo
OpenProcessToken
DuplicateToken
RegNotifyChangeKeyValue
LookupPrivilegeNameW
QueryServiceStatusEx
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorDacl
RegEnumValueW
CryptDecrypt
CryptDestroyKey
CryptSetKeyParam
CryptImportKey
StartServiceW
ControlService
RegFlushKey
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetAce
GetAclInformation
AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
TraceMessage
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
SetTokenInformation
CreateProcessAsUserW
ConvertSidToStringSidW
OpenThreadToken
CryptGenRandom
UnregisterTraceGuids
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
CheckTokenMembership
RegisterTraceGuidsW

ole32

CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoTaskMemFree
StringFromIID
PropVariantClear
IIDFromString

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
VariantCopy
SysFreeString
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantCopyInd
SafeArrayCreate
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
VarUI4FromStr

shlwapi

PathFindFileNameW
PathSkipRootW
SHDeleteEmptyKeyW
PathIsUNCW
PathIsUNCServerW
SHDeleteKeyW
PathIsDirectoryW
PathAppendW
PathMatchSpecW
UrlCanonicalizeW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW

comctl32

_TrackMouseEvent
InitCommonControlsEx

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

psapi

GetProcessImageFileNameW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5db47083f44f9a06eeb1aa24006f602

Code Sign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8fCertificate

Extended Key Usages

Key Usages

0f:b6:db:ae:bf:b2:94:4c:9d:9a:69:ec:a8:1f:f8:2cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7f:05:c7:82:cd:0c:53:e1:93:44:c1:66:1d:0e:74:6f:d3:df:8c:07:30:06:85:bf:7f:03:fd:1c:43:07:75:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

comctl32

rpcrt4

psapi

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 552KB - Virtual size: 552KB

.data Size: 13KB - Virtual size: 34KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 154KB - Virtual size: 154KB

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

0f:b6:db:ae:bf:b2:94:4c:9d:9a:69:ec:a8:1f:f8:2c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7f:05:c7:82:cd:0c:53:e1:93:44:c1:66:1d:0e:74:6f:d3:df:8c:07:30:06:85:bf:7f:03:fd:1c:43:07:75:33
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 552KB - Virtual size: 552KB

.data
Size: 13KB - Virtual size: 34KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 154KB - Virtual size: 154KB