9a2567f1b8647427152b26890a5f2c90_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9a2567f1b8647427152b26890a5f2c90_NeikiAnalytics.exe
Size

74KB
MD5

9a2567f1b8647427152b26890a5f2c90
SHA1

bb5980cb9d4f0e1f40bf4c03144a5f3cf8518ffb
SHA256

55832e4041c57756313dd60a9320cbcf61df35fadc78e0b2904bf8fd3751ef9a
SHA512

c79f7323e19febcf60c67460f0ab153c3906b400c83006974018d6474018033a28f34311a960c841a82b5402543536adecddbd7aaa5930d728645e89fafdb7ec
SSDEEP

1536:zgRhxafe021ARszOTdFArO9uGLFKatVA9s5ei+:zgRhk2021gWBjaLA9/3

Score

1^/10

Malware Config

Signatures

Files

9a2567f1b8647427152b26890a5f2c90_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

1da14742c8f1fc8e97d32871029d0243

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:60:05:c1:eb:b9:75:b9:5d:40:c6:fe:ca:12:64:05
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

28/02/2023, 00:00

Not After

27/02/2026, 23:59

Subject

SERIALNUMBER=91440300695594115R,CN=SHENZHEN QIXINGSHI TECHNOLOGY CO.\,LTD,O=SHENZHEN QIXINGSHI TECHNOLOGY CO.\,LTD,ST=广东省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:db:a8:c1:ff:a3:d2:23:8b:8e:30:f5:19:3c:ff:30:8e:2a:de:9b:83:b8:aa:87:f8:05:47:4e:90:03:da:fe
Signer

Actual PE Digest

2d:db:a8:c1:ff:a3:d2:23:8b:8e:30:f5:19:3c:ff:30:8e:2a:de:9b:83:b8:aa:87:f8:05:47:4e:90:03:da:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\software\106.heic-converter-gui-mobikin-2.1\projects\gui\Release\Module.Title.pdb

Imports

libbasic

?GetProductThemesDir@BASUtilityApp@@SAPA_WXZ
?GetUserDefaults@BASUserDefaults@@SAPAV1@PBD@Z
?GetRGB@BASUserDefaults@@QAEKPBD@Z
?Free@BASUtilityString@@SAXPAX@Z
?InitUserDefaults@BASUserDefaults@@SA_NPBDPB_W@Z
?OpenUrl@BASUtilityApp@@SAXPBD@Z
?ConvertUtf8ToUnicode@BASUtilityString@@SAPA_WPBD@Z

gdiplus

GdipFree
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipMeasureString
GdipSetInterpolationMode
GdipCloneImage
GdipSetSmoothingMode
GdipCreateFromHWND
GdipSetPixelOffsetMode
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDrawLineI

libi18n

wxGetLocale
wxGetTranslation

module.view

?SetFont@DhImgButton@@QAEXPAUHFONT__@@@Z
?GetDllModuleDir@Utils@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAUHINSTANCE__@@@Z
??BDhImgButton@@QAEPAUHWND__@@XZ
?SetTooltip@DhImgButton@@QAEXPB_W@Z
?SetBkgColor@DhImgButton@@QAEXK@Z
?Init@DhImgButton@@QAEHPAVBitmap@Gdiplus@@HH0PB_WHHHH@Z
?CreateButton@DhImgButton@@QAEPAUHWND__@@PAU2@V_U_MENUorID@ATL@@_N@Z
?SetDpiScale@DhImgButton@@QAEXM@Z
??1DhImgButton@@QAE@XZ
??0DhImgButton@@QAE@XZ
?GetWindowRelativeRect@Utils@@SA?AUtagRECT@@PAUHWND__@@@Z
?DrawImage@Utils@@SAXAAVGraphics@Gdiplus@@PAVImage@3@VRect@3@@Z
?DrawTextInRect@Utils@@SAXAAVGraphics@Gdiplus@@VRectF@3@PB_WPAVFont@3@PAVColor@3@@Z

kernel32

WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
ResetEvent
CloseHandle
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
SetEvent
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
GetProcAddress
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetLastError
EnterCriticalSection
lstrlenW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentThreadId
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap

user32

GetSysColor
SetClassLongW
RegisterClassExW
UnregisterClassW
GetSystemMetrics
SendMessageW
SetWindowLongW
FillRect
SetWindowPos
GetDC
GetWindow
PostMessageW
CallWindowProcW
MoveWindow
GetWindowLongW
AppendMenuW
DestroyMenu
ClientToScreen
CopyRect
GetMonitorInfoW
ShowWindow
TrackPopupMenu
CreatePopupMenu
GetMenu
MonitorFromPoint
AdjustWindowRectEx
GetDlgItem
GetClientRect
LoadCursorW
DrawTextW
GetClassInfoExW
GetParent
UpdateWindow
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
CreateWindowExW
DefWindowProcW

gdi32

GetStockObject
DeleteDC
GetTextExtentPoint32W
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetBkColor
MoveToEx
CreatePen
LineTo
ExtTextOutW
CreateSolidBrush
DeleteObject
SetBkColor
SetViewportOrgEx
SelectObject
SetBkMode

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

longjmp
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
__CxxFrameHandler3
memcpy
memset
_setjmp3

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_recalloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_wassert

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

RegisterModule

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1da14742c8f1fc8e97d32871029d0243

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

6e:60:05:c1:eb:b9:75:b9:5d:40:c6:fe:ca:12:64:05Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

2d:db:a8:c1:ff:a3:d2:23:8b:8e:30:f5:19:3c:ff:30:8e:2a:de:9b:83:b8:aa:87:f8:05:47:4e:90:03:da:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libbasic

gdiplus

libi18n

module.view

kernel32

user32

gdi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

6e:60:05:c1:eb:b9:75:b9:5d:40:c6:fe:ca:12:64:05
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

2d:db:a8:c1:ff:a3:d2:23:8b:8e:30:f5:19:3c:ff:30:8e:2a:de:9b:83:b8:aa:87:f8:05:47:4e:90:03:da:fe
Signer

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB