ceed1b510d002839b9a9e40c1253ca80_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ceed1b510d002839b9a9e40c1253ca80_NeikiAnalytics.exe
Size

623KB
MD5

ceed1b510d002839b9a9e40c1253ca80
SHA1

6e5054bd2d4bcd9679fe5cf38c245d1b04975c18
SHA256

269e630ec4760651af16939ee462cdf384e9aa6293082b6fdf164abbe4a64790
SHA512

15dad48bdc567573636e3092bf17de2c8f31ead2bc785b8ed693387907c34843a2b84ff2282dd3a076cf48604516b499d4487d819b9647fbc3e11e058fea9576
SSDEEP

6144:UAX7rXOqUdWHYP6ldtXUCKi+hz6JcOldhdHSJLzioE85Bhx2X:UAX7rXOqgWH2SnXr+YyuILzhE8OX

Score

1^/10

Malware Config

Signatures

Files

ceed1b510d002839b9a9e40c1253ca80_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

594f3174314d539a38121a9f0a3447b6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2023, 00:00

Not After

15/09/2026, 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:18:7c:ef:ac:3a:74:e8:ed:19:f3:04:c5:8c:fa:6a:49:7a:07:42:67:3a:54:99:df:20:a4:85:df:3c:bd:66
Signer

Actual PE Digest

c6:18:7c:ef:ac:3a:74:e8:ed:19:f3:04:c5:8c:fa:6a:49:7a:07:42:67:3a:54:99:df:20:a4:85:df:3c:bd:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NetworkTools.pdb

Imports

systeminformer.exe

PhSaveWindowPlacementToSetting
PhAllocate
PhQueryPerformanceCounter
PhCreateObjectType
PhFormat
PhGenerateRandomAlphaString
PhSetWindowContext
PhfSetEvent
PhHttpSocketGetErrorMessage
PhGetApplicationIcon
PhShellProcessHacker
PhGetStatusMessage
PhCountStringZ
PhSetFlagsEMenuItem
PhAppendStringBuilder
PhInsertCopyCellEMenuItem
PhConcatStrings
PhDnsQuery
PhDestroyEMenu
PhFindStringInStringRef
PhShowEMenu
PhFinalStringBuilderString
PhRemoveStringBuilder
PhSetClipboardString
PhHexStringToBuffer
PhGetWin32Message
PhHandleCopyCellEMenuItem
PhCreateEMenu
PhAppendFormatStringBuilder
PhDnsFree
PhInitializeStringBuilder
PhConvertUtf16ToMultiByteEx
PhDnsQuery2
PhGetTreeNewText
PhFormatToBuffer
PhCmSaveSettings
PhSetIntegerPairStringRefSetting
PhClearHashtable
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenuEx
PhAddItemList
PhDeleteTreeNewColumnMenu
PhCmLoadSettings
PhClearList
PhCreateDialog
PhSetControlTheme
PhCreateList
PhfResetEvent
PhHttpSocketBeginRequest
PhDeleteCacheFile
PhShowMessage
PhGetBaseDirectory
PhNtStatusToDosError
PhConcatStringRef2
PhDoesFileExistWin32
PhHttpSocketConnect
PhCreateDirectoryFullPathWin32
PhUpdateHash
PhRegisterWindowCallback
PhGetPhVersionNumbers
PhHttpSocketDestroy
PhHttpSocketReadData
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhMoveFileWin32
PhCreateProcessRedirection
PhHttpSocketEndRequest
PhCreateFileWin32Ex
PhHttpSocketCreate
PhEqualStringRef
PhDeleteFileWin32
PhfWaitForEvent
PhFormatString
PhBufferToHexString
PhFinalHash
PhCreateCacheFile
PhInitializeHash
PhUnregisterWindowCallback
PhCreateThreadEx
PhGetSystemDirectory
PhHttpSocketSendRequest
PhZeroExtendToUtf16Ex
PhDeleteStringBuilder
PhLoadLibrary
PhReAllocate
PhFormatBytes
PhCreateString3
PhStringToInteger64
PhFindEMenuItem
PhInitializeGraphState
PhConvertUtf16ToUtf8Ex
PhPluginInvokeWindowCallback
PhDeleteAutoPool
PhInitializeWindowTheme
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhReferenceEmptyString
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetWindowContext
PhDivideSinglesBySingle
PhSetApplicationWindowIcon
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhDrainAutoPool
PhQueueItemWorkQueue
PhCopyCircularBuffer_FLOAT
PhCreateThread2
PhFormatString_V
PhGetWindowDpi
PhCreateObject
PhDeleteWorkQueue
PhSetGraphText
PhInitializeAutoPool
PhFree
PhSetWindowText
PhGetIntegerPairStringRefSetting
PhInitializeWorkQueue
PhGetSystemParametersInfo
PhInitializeCircularBuffer_FLOAT
PhDeleteCircularBuffer_FLOAT
PhAddPlusMaxMemorySingles
PhRemoveWindowContext
PhQueryPerformanceFrequency
PhGetStatisticsTimeString
PhWindowThemeControlColor
PhInitializeLayoutManager
PhDeleteLayoutManager
PhDialogBox
PhGetWindowText
PhGetStringRefSetting
PhAllocateSafe
PhCreateFile
PhGetFileSize
PhSetIntegerStringRefSetting
PhGetDialogItemValue
PhSetStringRefSetting
PhSetDialogItemText
PhAddLayoutItem
PhAutoDereferenceObject
PhCenterWindow
PhLayoutManagerLayout
PhShellExecute
PhSetDialogItemValue
PhInsertEMenuItem
PhCreateString
PhaChoiceDialog
PhFormatSize
PhPluginCreateEMenuItem
PhCreateEMenuItem
PhCompareStringRef
PhAddSettings
PhGetIntegerStringRefSetting
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhPluginGetObjectExtension
PhGetOwnTokenAttributes
PhFormatUInt64
PhAddEntryHashtable
PhQuerySystemTime
PhfReleaseQueuedLockShared
PhConvertUtf8ToUtf16Ex
PhfWakeForReleaseQueuedLock
PhfEndInitOnce
PhLoadImageFormatFromResource
PhCreateHashtable
PhImageListDrawIcon
PhfAcquireQueuedLockShared
PhTimeToSecondsSince1970
PhReferenceObject
PhGetApplicationDataFileName
PhfAcquireQueuedLockExclusive
PhImageListAddBitmap
PhImageListCreate
PhDereferenceObject
PhfBeginInitOnce
PhFindEntryHashtable

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateSection
NtClose
NtWriteFile
RtlIpv6StringToAddressExW
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlIpv4StringToAddressExW

kernel32

GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
HeapFree
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetStdHandle
GetFileType
HeapAlloc
FindClose
GetSystemTimeAsFileTime
FindNextFileW
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStringTypeW
SetStdHandle
SetFilePointerEx
WriteFile
GetLastError
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
FindFirstFileExW

user32

DrawTextW
GetParent
GetDlgItem
EndDialog
SendMessageW
SetFocus
CallWindowProcW
IsIconic
EnableWindow
GetMessageW
PostMessageW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
ShowWindow
DispatchMessageW
IsDialogMessageW
IsChild
InvalidateRect
PostQuitMessage
SetForegroundWindow
TranslateMessage

gdi32

CreateFontIndirectW
DeleteObject
CreateFontW

comctl32

ord345

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

594f3174314d539a38121a9f0a3447b6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c6:18:7c:ef:ac:3a:74:e8:ed:19:f3:04:c5:8c:fa:6a:49:7a:07:42:67:3a:54:99:df:20:a4:85:df:3c:bd:66Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

systeminformer.exe

ntdll

kernel32

user32

gdi32

comctl32

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 300KB - Virtual size: 299KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 8KB - Virtual size: 6KB

.didat Size: 4KB - Virtual size: 224B

_RDATA Size: 4KB - Virtual size: 500B

.rsrc Size: 116KB - Virtual size: 113KB

.reloc Size: 16KB - Virtual size: 14KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c6:18:7c:ef:ac:3a:74:e8:ed:19:f3:04:c5:8c:fa:6a:49:7a:07:42:67:3a:54:99:df:20:a4:85:df:3c:bd:66
Signer

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 300KB - Virtual size: 299KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 8KB - Virtual size: 6KB

.didat
Size: 4KB - Virtual size: 224B

_RDATA
Size: 4KB - Virtual size: 500B

.rsrc
Size: 116KB - Virtual size: 113KB

.reloc
Size: 16KB - Virtual size: 14KB