82df870a5167d3f4a433cf92051dcf50_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

82df870a5167d3f4a433cf92051dcf50_NeikiAnalytics.exe
Size

979KB
MD5

82df870a5167d3f4a433cf92051dcf50
SHA1

07d50b95f65024a8d7a27a389b8f0f0b01342aa5
SHA256

a1a37849283745e449eefadc4c044913660fe418a1acd7bc110f9626ebc58416
SHA512

edc7310829ce246083fdb567e996b58b5c67d79c92cd28f3bac1326cbbeb22493e22b820688e8e0f64e743dcc483b240485719fbd2565c16abf2ee5c19881178
SSDEEP

24576:nyjqyeOqVyGsXb7EcyUp/jAUcJdJYYov0Kvx2C+lp95nEWJPOJdx9iT5tnX38pN9:y+v5UGsr7EcyUp/jAUcJdJYYov0Kvx2w

Score

1^/10

Malware Config

Signatures

Files

82df870a5167d3f4a433cf92051dcf50_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

4ac983c59f4541f1e75dae60acdd2b5f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:72:bc:44:f5:59:f6:94:64:40:b5:8d:0a:19:21:a0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/06/2023, 00:00

Not After

26/06/2026, 23:59

Subject

CN=Azul Systems\, Inc.,O=Azul Systems\, Inc.,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:73:46:36:54:59:f6:57:d6:bd:d2:50:f1:3f:ae:3f:e9:43:bc:18:36:e2:b6:8a:d6:e4:71:ea:a8:a9:eb:4c
Signer

Actual PE Digest

06:73:46:36:54:59:f6:57:d6:bd:d2:50:f1:3f:ae:3f:e9:43:bc:18:36:e2:b6:8a:d6:e4:71:ea:a8:a9:eb:4c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcruntime140

__std_exception_destroy
__std_exception_copy
_CxxThrowException
memchr
__C_specific_handler
strrchr
strstr
strchr
memset
memmove
memcpy
__std_type_info_destroy_list
memcmp

api-ms-win-crt-stdio-l1-1-0

_write
_read
__stdio_common_vsprintf
__stdio_common_vsscanf
_commit
_close

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_execute_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_errno
_cexit
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

strtoul
strtol

api-ms-win-crt-string-l1-1-0

strncmp
strcspn
strspn
strcmp
strcpy
isxdigit
strlen

api-ms-win-crt-math-l1-1-0

atan2
log10
ceil
cos
sqrt
tan
floor
exp
fabs
ldexp
pow
sin

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-utility-l1-1-0

_swab

glib-lite

ord18
ord20
ord14
ord15
ord386
ord387
ord406
ord408
ord392
ord413
ord401
ord396
ord398
ord393
ord394
ord397
ord468
ord458
ord467
ord457
ord472
ord471
ord460
ord459
ord446
ord449
ord488
ord537
ord535
ord511
ord73
ord47
ord86
ord414
ord514
ord502
ord106
ord107
ord108
ord117
ord118
ord119
ord516
ord517
ord486
ord485
ord487
ord484
ord528
ord505
ord513
ord520
ord499
ord529
ord506
ord522
ord501
ord531
ord508
ord521
ord530
ord518
ord497
ord515
ord503
ord131
ord519
ord498
ord388
ord534
ord22
ord31
ord29
ord232
ord231
ord233
ord234
ord61
ord60
ord63
ord62
ord64
ord125
ord455
ord473
ord444
ord443
ord452
ord445
ord349
ord345
ord243
ord267
ord281
ord268
ord28
ord334
ord335
ord59
ord186
ord187
ord196
ord182
ord184
ord185
ord194
ord133
ord146
ord139
ord140
ord320
ord321
ord313
ord317
ord315
ord326
ord324
ord314
ord383
ord447
ord512
ord251
ord523
ord490
ord524
ord27
ord342
ord56
ord54
ord57
ord55
ord102
ord217
ord358
ord360
ord355
ord357
ord395
ord329
ord474
ord461
ord241
ord424
ord367
ord371
ord372
ord364
ord5
ord2
ord7
ord12
ord34
ord35
ord33
ord475
ord291
ord465
ord464
ord255
ord310
ord385
ord110
ord58
ord333
ord332
ord197
ord180
ord181
ord195
ord19
ord418
ord417
ord419
ord538
ord526
ord330
ord40
ord390
ord466
ord252
ord250
ord240
ord247
ord533
ord130
ord462
ord454
ord228
ord225
ord230
ord352
ord261
ord111
ord30
ord32
ord68
ord483
ord67
ord183
ord23
ord403
ord470
ord448
ord450
ord347
ord158
ord242
ord246
ord254
ord260
ord256
ord280
ord277
ord4
ord10
ord154
ord153
ord149
ord156
ord157
ord150
ord152
ord151
ord155
ord539
ord275
ord270
ord282
ord9
ord3
ord273
ord510
ord337
ord340
ord341
ord143
ord148
ord377
ord380
ord399
ord312
ord109
ord120
ord363
ord426
ord427
ord99
ord95
ord92
ord90
ord77
ord78
ord89
ord88
ord84
ord80
ord81
ord83
ord85
ord82
ord98
ord87
ord8
ord469
ord536
ord278
ord283
ord279
ord285
ord286
ord287
ord284
ord276
ord43
ord290
ord199
ord145
ord147
ord13
ord410
ord17
ord16
ord479
ord478
ord409
ord37
ord36
ord38
ord542
ord540
ord541
ord274
ord177
ord382
ord381
ord257
ord128
ord288
ord480
ord376
ord543
ord104
ord105
ord103
ord289
ord481
ord482
ord391
ord405
ord379
ord378
ord316
ord544
ord229
ord227
ord226
ord343
ord422
ord423
ord415
ord191
ord127
ord375
ord272
ord302
ord301
ord300
ord305
ord304
ord303
ord297
ord306
ord299
ord298
ord96
ord97
ord440
ord438
ord441
ord238
ord236
ord237
ord193
ord354
ord356
ord25
ord412
ord269
ord253
ord65
ord69
ord235
ord239
ord411
ord39
ord41
ord162
ord1
ord11
ord491
ord504
ord141
ord138
ord142
ord527
ord494
ord507
ord500
ord492
ord496
ord495
ord489
ord493
ord532
ord509
ord456
ord384
ord178
ord309
ord308
ord42
ord353
ord331
ord351
ord350
ord202
ord216
ord223
ord215
ord71
ord214
ord121
ord70
ord74
ord72
ord101
ord46
ord264
ord263
ord439
ord249
ord453
ord100
ord75
ord161
ord45
ord49
ord66
ord48
ord200
ord189
ord359
ord21
ord262
ord190
ord134
ord159
ord160
ord361
ord362
ord435
ord433
ord434
ord436
ord325
ord327
ord122
ord201
ord442
ord113

ws2_32

WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASetLastError

kernel32

GetLastError
SetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CloseHandle
GetModuleFileNameW
GetModuleHandleA
SetThreadErrorMode
FreeLibrary
LoadLibraryW
RaiseException
FormatMessageA
LoadLibraryA
GetCurrentThread
GetProcAddress
QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LocalFree
Sleep
QueryPerformanceFrequency
GetModuleFileNameA

user32

GetDesktopWindow

ole32

CoUninitialize
CoCreateInstance
CoInitialize

dsound

ord1

Sections

.text
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ac983c59f4541f1e75dae60acdd2b5f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:72:bc:44:f5:59:f6:94:64:40:b5:8d:0a:19:21:a0Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

06:73:46:36:54:59:f6:57:d6:bd:d2:50:f1:3f:ae:3f:e9:43:bc:18:36:e2:b6:8a:d6:e4:71:ea:a8:a9:eb:4cSigner

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

glib-lite

ws2_32

kernel32

user32

ole32

dsound

Sections

.text Size: 677KB - Virtual size: 676KB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 10KB - Virtual size: 18KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 8KB - Virtual size: 7KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:72:bc:44:f5:59:f6:94:64:40:b5:8d:0a:19:21:a0
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

06:73:46:36:54:59:f6:57:d6:bd:d2:50:f1:3f:ae:3f:e9:43:bc:18:36:e2:b6:8a:d6:e4:71:ea:a8:a9:eb:4c
Signer

.text
Size: 677KB - Virtual size: 676KB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 10KB - Virtual size: 18KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 8KB - Virtual size: 7KB