22115c910ef82f4258d8638d6843d0c0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

22115c910ef82f4258d8638d6843d0c0_NeikiAnalytics.exe
Size

631KB
MD5

22115c910ef82f4258d8638d6843d0c0
SHA1

2a3259ba13f7827349aae3e19e0a08c3a75d7e1f
SHA256

658fccc19a5b17e2898a2f97ec240c8cd355f5dc4d10c25a1bfb8282fbe25e7b
SHA512

ba85bf6f7f747e52c34ea273b36bcf8415d1923670b7e1251bdc0dd883b50741e16b59695381ab9200158029ac6f1ecb540fc1be09b570a4df4e81d8447dc32f
SSDEEP

6144:phDRX+Rsd+TevUB0f/ZOYYHR3YOOasT1NDyaaSqY+uJMJKc:phD8RE7QU/pYHptwNuSjzMJKc

Score

1^/10

Malware Config

Signatures

Files

22115c910ef82f4258d8638d6843d0c0_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

2bf1fc659e1e270e26d98d8a21b8f037

Code Sign

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/02/2021, 00:00

Not After

25/02/2024, 23:59

Subject

SERIALNUMBER=SC331902,CN=SimpleHelp Ltd,O=SimpleHelp Ltd,POSTALCODE=ML12 6HQ,STREET=Galavale,L=Broughton,ST=Scottish Borders,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/02/2021, 00:00

Not After

25/02/2024, 23:59

Subject

SERIALNUMBER=SC331902,CN=SimpleHelp Ltd,O=SimpleHelp Ltd,POSTALCODE=ML12 6HQ,STREET=Galavale,L=Broughton,ST=Scottish Borders,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

82:1f:3b:e5:a3:79:6b:5c:9d:3f:09:b5:82:d0:58:e9:d0:c4:b9:45:0e:68:72:20:17:0c:55:35:0a:ea:84:9d
Signer

Actual PE Digest

82:1f:3b:e5:a3:79:6b:5c:9d:3f:09:b5:82:d0:58:e9:d0:c4:b9:45:0e:68:72:20:17:0c:55:35:0a:ea:84:9d

Digest Algorithm

sha256

PE Digest Matches

true

d5:f0:bd:79:5a:e4:0a:74:6a:b6:a5:a7:11:66:17:9f:55:8f:34:57
Signer

Actual PE Digest

d5:f0:bd:79:5a:e4:0a:74:6a:b6:a5:a7:11:66:17:9f:55:8f:34:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

wininet

InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetErrorDlg
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

comctl32

InitCommonControlsEx

kernel32

GetLocaleInfoA
GetStringTypeW
LCMapStringW
LCMapStringA
RtlLookupFunctionEntry
RtlVirtualUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStringTypeA
HeapReAlloc
MoveFileExA
FreeLibrary
Sleep
GetProcAddress
LoadLibraryA
GetVersion
GetTempPathA
WaitForSingleObject
SetEvent
TerminateThread
CreateEventA
GetLastError
GetModuleHandleA
CloseHandle
CreateMutexA
ReleaseMutex
CreateThread
SetEnvironmentVariableA
GlobalFree
DeleteFileA
InitializeCriticalSection
SetStdHandle
EnterCriticalSection
DeleteCriticalSection
GetExitCodeProcess
CreateProcessA
GetCurrentDirectoryA
lstrlenA
FormatMessageA
GetShortPathNameA
SetCurrentDirectoryA
LocalAlloc
GetVersionExA
LocalFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
HeapSize
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
TlsSetValue
SetLastError
FlsFree
TlsFree
FlsSetValue
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEndOfFile
LeaveCriticalSection
RaiseException
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
ExitProcess
GetCurrentProcess
GetDateFormatA
GetTimeFormatA
GetDriveTypeA
GetFullPathNameA
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
FlsGetValue

user32

SetTimer
GetWindowRect
KillTimer
SetWindowPos
GetDesktopWindow
DestroyWindow
GetMessageA
GetWindowLongPtrA
PostThreadMessageA
MonitorFromPoint
LoadIconA
SendMessageA
GetMonitorInfoA
TranslateMessage
CreateWindowExA
PeekMessageA
DefWindowProcA
GetCursorPos
ShowWindow
SetWindowLongPtrA
DispatchMessageA
SystemParametersInfoA
LoadCursorA
ValidateRect
RegisterClassA

advapi32

GetExplicitEntriesFromAclA
GetNamedSecurityInfoA
GetUserNameA
EqualSid
ConvertStringSidToSidA
SetNamedSecurityInfoA
SetEntriesInAclA

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bf1fc659e1e270e26d98d8a21b8f037

Code Sign

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7fCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7fCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

82:1f:3b:e5:a3:79:6b:5c:9d:3f:09:b5:82:d0:58:e9:d0:c4:b9:45:0e:68:72:20:17:0c:55:35:0a:ea:84:9dSigner

d5:f0:bd:79:5a:e4:0a:74:6a:b6:a5:a7:11:66:17:9f:55:8f:34:57Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wininet

version

winhttp

comctl32

kernel32

user32

advapi32

Sections

.text Size: 265KB - Virtual size: 265KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 9KB - Virtual size: 73KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 41KB - Virtual size: 40KB

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

82:1f:3b:e5:a3:79:6b:5c:9d:3f:09:b5:82:d0:58:e9:d0:c4:b9:45:0e:68:72:20:17:0c:55:35:0a:ea:84:9d
Signer

d5:f0:bd:79:5a:e4:0a:74:6a:b6:a5:a7:11:66:17:9f:55:8f:34:57
Signer

.text
Size: 265KB - Virtual size: 265KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 9KB - Virtual size: 73KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 41KB - Virtual size: 40KB