1e43d7ded2a5e019759b59753cee78b0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1e43d7ded2a5e019759b59753cee78b0_NeikiAnalytics.exe
Size

2.4MB
MD5

1e43d7ded2a5e019759b59753cee78b0
SHA1

46979e2b9b9ff025b41f78d3032480f237c792ea
SHA256

516f0721d041dc12a2049c14afa6a597e6ecb7e85e2bde13121d173a6d0c514b
SHA512

aa3672c8cf655cbc0fdc4f16320db86e99d48cbc011b104ac6f137c8f7af7820820641491d5d14e23b98a8b5aa79d0b85b796f005ce0bc32526e54fa641ee346
SSDEEP

24576:QhjDmeh0F29wFQPIryhLFTrSh8rfkf5sCV0/cknA7kVqd125hfVlmkkkkkkkalKc:QAOZ9gQHFTry8rfkf5sCOpAcg25Jnc

Score

1^/10

Malware Config

Signatures

Files

1e43d7ded2a5e019759b59753cee78b0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

26033e2a25654fe5c896f169b3b55c4c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:cd:46:3b:11:cb:78:7f:bb:2e:8d:b7:72:11:a5:b0
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

18/09/2023, 00:00

Not After

17/09/2026, 23:59

Subject

SERIALNUMBER=62218101,CN=SUMMER INSTITUTE OF LINGUISTICS\, INC.,O=SUMMER INSTITUTE OF LINGUISTICS\, INC.,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13055465786173,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:f8:b0:e1:20:f3:95:6c:64:b0:cf:92:2c:0d:27:d6:15:88:15:45:64:66:d2:0e:5b:33:cd:8f:d8:62:52:01
Signer

Actual PE Digest

69:f8:b0:e1:20:f3:95:6c:64:b0:cf:92:2c:0d:27:d6:15:88:15:45:64:66:d2:0e:5b:33:cd:8f:d8:62:52:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\82cac59564031c74\keyman\windows\src\engine\keyman64\bin\x64\Release\keyman64.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imm32

ImmIsIME

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalAlloc
LocalFree
GetCommandLineA
GetLocaleInfoW
VerSetConditionMask
GetVersion
VerifyVersionInfoW
GlobalAddAtomA
SetEvent
OpenEventA
MapViewOfFile
UnmapViewOfFile
OpenMutexA
OpenFileMappingA
MultiByteToWideChar
WideCharToMultiByte
GlobalGetAtomNameA
GetVersionExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleA
GetStartupInfoW
GetModuleHandleW
GetModuleFileNameA
RaiseException
GetUserGeoID
GetGeoInfoW
GetDynamicTimeZoneInformation
SetEndOfFile
HeapSize
InitializeCriticalSection
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
WriteFile
GetCurrentThread
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
GetLastError
CloseHandle
GetTempFileNameA
GetTempPathA
InitOnceComplete
CreateFileA
GetModuleFileNameW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
OutputDebugStringA
SetLastError
CreateFileW
FormatMessageA
TryEnterCriticalSection
InitOnceBeginInitialize
IsDebuggerPresent
ExitProcess
ReadFile
WriteConsoleW
GetModuleHandleExW
QueryPerformanceFrequency
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetStdHandle
GetFileType

user32

GetKeyState
GetFocus
SetWindowsHookExW
MessageBeep
GetKeyboardLayoutNameA
PtInRect
WindowFromPoint
SetForegroundWindow
MapVirtualKeyA
CallNextHookEx
FindWindowA
GetParent
GetActiveWindow
IsWindowVisible
ClientToScreen
GetCaretPos
GetWindowRect
GetSystemMetrics
SetWindowPos
ShowWindow
IsChild
MapVirtualKeyExA
UnhookWindowsHookEx
GetKeyboardState
GetForegroundWindow
keybd_event
RegisterWindowMessageA
GetWindowThreadProcessId
GetClassNameA
SendMessageTimeoutA
GetMessageExtraInfo
wsprintfA
GetGUIThreadInfo
GetKeyboardLayout
wsprintfW
IsWindowUnicode
SetKeyboardState
PostMessageA

advapi32

RegEnumKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegQueryInfoKeyW
GetSecurityInfo
SetEntriesInAclA
GetSecurityDescriptorSacl
CreateWellKnownSid
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
EventUnregister
EventRegister
RegSetValueExA
RegCreateKeyExA
RegCloseKey
EventWrite
RegEnumKeyExW
RegOpenKeyExW

ole32

CoCreateGuid
StringFromGUID2
IIDFromString

Exports

Exports

GetActiveKeymanID
GetKeyboardPreservedKeys
KMDisplayIM
KMGetActiveKeyboard
KMGetContext
KMGetKeyboardPath
KMHideIM
KMQueueAction
KMSetOutput
Keyman_Exit
Keyman_GetInitialised
Keyman_GetLastActiveWindow
Keyman_GetLastFocusWindow
Keyman_Initialise
Keyman_PostControllers
Keyman_PostMasterController
Keyman_RegisterControllerThread
Keyman_RegisterControllerWindow
Keyman_RegisterMasterController
Keyman_ResetInitialisation
Keyman_RestartEngine
Keyman_SendMasterController
Keyman_StartExit
Keyman_UnregisterControllerThread
Keyman_UnregisterControllerWindow
Keyman_UnregisterMasterController
Keyman_WriteDebugEvent
Keyman_WriteDebugEventW
TIPActivateEx
TIPActivateKeyboard
TIPIsKeymanRunning
TIPProcessKey
km_core_context_clear
km_core_context_get
km_core_context_item_list_size
km_core_context_items_dispose
km_core_context_length
km_core_context_set
km_core_cu_dispose
km_core_event
km_core_get_engine_attrs
km_core_keyboard_dispose
km_core_keyboard_get_attrs
km_core_keyboard_get_imx_list
km_core_keyboard_get_key_list
km_core_keyboard_imx_list_dispose
km_core_keyboard_key_list_dispose
km_core_keyboard_load
km_core_options_list_size
km_core_process_event
km_core_process_queued_actions
km_core_state_action_items
km_core_state_app_context
km_core_state_clone
km_core_state_context
km_core_state_context_clear
km_core_state_context_debug
km_core_state_context_set_if_needed
km_core_state_create
km_core_state_dispose
km_core_state_get_actions
km_core_state_get_intermediate_context
km_core_state_imx_deregister_callback
km_core_state_imx_register_callback
km_core_state_option_lookup
km_core_state_options_to_json
km_core_state_options_update
km_core_state_queue_action_items
km_core_state_to_json

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SHARDAT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26033e2a25654fe5c896f169b3b55c4c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

c3:cd:46:3b:11:cb:78:7f:bb:2e:8d:b7:72:11:a5:b0Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

69:f8:b0:e1:20:f3:95:6c:64:b0:cf:92:2c:0d:27:d6:15:88:15:45:64:66:d2:0e:5b:33:cd:8f:d8:62:52:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

imm32

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 660KB - Virtual size: 660KB

.data Size: 18KB - Virtual size: 32KB

.pdata Size: 87KB - Virtual size: 87KB

.SHARDAT Size: 1KB - Virtual size: 1KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 12KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

c3:cd:46:3b:11:cb:78:7f:bb:2e:8d:b7:72:11:a5:b0
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

69:f8:b0:e1:20:f3:95:6c:64:b0:cf:92:2c:0d:27:d6:15:88:15:45:64:66:d2:0e:5b:33:cd:8f:d8:62:52:01
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 660KB - Virtual size: 660KB

.data
Size: 18KB - Virtual size: 32KB

.pdata
Size: 87KB - Virtual size: 87KB

.SHARDAT
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 12KB