3156573a719326f1d20e46b5b3edf0d0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3156573a719326f1d20e46b5b3edf0d0_NeikiAnalytics.exe
Size

407KB
MD5

3156573a719326f1d20e46b5b3edf0d0
SHA1

6c9aee6771db74f8bba9dc41e3d572acc1a38cb8
SHA256

308a7f1293b1f09abd8865eaa1db20ae89467b60222c353a3f3ff13448b6ae7e
SHA512

bc5663df8be3c2e86675adbe59e4c65f4b4bcbdaf6fad0a8b71e9afca6d191a8cd9c2ab68ce5f56c0f40f41ee3e149559089ab0f4b67990aad984e10a00b9613
SSDEEP

12288:RgR+XcVE7ElIeVYKlycWwLeaeeetbMI76M+y:RgR+Mz9VYKlo7H+y

Score

1^/10

Malware Config

Signatures

Files

3156573a719326f1d20e46b5b3edf0d0_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

cdeeb81407a555b9778f6d88c90344d3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:7d:e3:d8:45:44:11:80:5d:bf:c9:db:d0:f5:12:b5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/04/2023, 00:00

Not After

26/04/2026, 23:59

Subject

CN=MAGIX Software GmbH,O=MAGIX Software GmbH,L=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:fc:0d:40:10:ea:01:09:2c:f2:69:82:06:9c:5a:d7:17:6b:ae:2e:ba:ba:4a:c1:49:26:a5:42:67:79:bb:1a
Signer

Actual PE Digest

21:fc:0d:40:10:ea:01:09:2c:f2:69:82:06:9c:5a:d7:17:6b:ae:2e:ba:ba:4a:c1:49:26:a5:42:67:79:bb:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\GitLab-Runner\builds\NightlyBuild\BUILD sonic3\build32\ffplugs\ac3studio\Release\ac3studioplug.pdb

Imports

sharedk

_SfReadFile@20
?WriteCreatorAppWindowClassNameToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteCreatorAppInfoToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteProjectDataToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteAppTemplateDataToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteTemplateDataToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteTemplateNameToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteRendererGuidToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteCommandLineToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?WriteProjectPathToStream@CSfLinkProjectInfo@@QAEJPAUIStream@@@Z
?Validate@CSfLinkProjectInfo@@QAEJXZ
?ProjectLinkRiff_LoadInfo@@YGJPAXPAVCSfLinkProjectInfo@@PAH@Z
?MediaMgrRiff_LoadPropertyInfo@@YGJPAXPAU_sfmeta_mediamgrchunk@@PAUtSFLIST@@PAH@Z
?acidriff_LoadAcidizeInfo@@YGJPAXPAU_tagSFFIO_acidchunk@@PAHPAU_tagSFFIO_stretchinfo@@PAUtSFLIST@@2PAUtWAVEFORMATEX@@_J@Z
?SfFMMeta_fillCDInfoFromFile@@YGJPAXPAPAXPAKH@Z
?SfProtectedStream_CreateFromMemory@@YGJPAXKKPAPAVISfProtectedStream@@@Z
?SfMetaStream_CreateUnknownChunk@@YGJPAXP6GH0K@ZPAPAUIStream@@@Z
?SfMetaStream_CreateGeneric@@YGJPAUtSFLIST@@U_GUID@@PAPAUIStream@@@Z
?SfFMMeta_fillCDTracksFromFile@@YGJPAXPAUtSFLIST@@@Z
?SfFMMeta_fillDetectedBeatsFromFile@@YGJPAXPAUtSFLIST@@@Z
?SfFMMeta_fillBeatMarkersFromFile@@YGJPAXPAUtSFLIST@@@Z
?SfFMMeta_fillStretchInfo2FromFile@@YGJPAXPAUtSFLIST@@@Z
?SfFMMeta_fillSummaryFromFileEx@@YGJPAXPAUtSFLIST@@1@Z
?SfFMMeta_fillCuesFromFileEx@@YGJPAXKPAUtSFLIST@@1@Z
?SfFMMeta_IsMetaFile@@YGHPB_W0@Z
?SfFMMeta_CreateMetaName@@YGJPB_WPA_WJH@Z
_SfGetModulePath@12
?FreeMemory@CSfLinkProjectInfo@@QAEXXZ
_SfList_Destroy@4
_SfList_DeleteList@16
?SfFio_SetMetric@@YGJPAUISfFileIOManager@@HK@Z
?SfFio_ConstrainValueToTable@@YGKKPBKIHPAH@Z
?Init@CSfLinkProjectInfo@@QAEXXZ
??1CSfLinkProjectInfo@@QAE@XZ
?InitAsWfx@_sfwaveformat@@QAEXGKGGKK@Z
?SfAudio_GetAttribsText@@YGJPBU_sfwaveformat@@PA_WI@Z
?SfFio_IsUpliftedV1Template@@YGHPBUtagSFTEMPLATExV2@@@Z
?SfFio_CopyTemplate@@YGJPAPAUtagSFTEMPLATExV2@@PBU1@@Z
?SfFio_InitGUIDFromTemplateMD5DataHash@@YGJPAU_GUID@@PBUtagSFTEMPLATExV2@@H@Z
?SfFio_SetTemplate@@YGJAAPAUtagSFTEMPLATExV2@@PBU1@K@Z
?SfFio_GetMetric@@YGKPAUISfFileIOManager@@HK@Z
?SfFio_GetTemplateInfo@@YGJPBUtagSFTEMPLATExV2@@KPAXIW4SFFIO_TEMPLATE_INFO@@@Z
_SfLoadResourceCustom@16
?SfLoadString@@YGHPAUHSFLANG__@@IPA_WH@Z
_SfGetModuleFileName@12
_SfAboutBox@12
_SfDialogBoxParam@20
_SfList_InsertList@16
?SfFMMeta_openAndWriteMetaStreamEx@@YGJPA_WHKPAUISfReadMeta@@W4SFFIO_TYPESOFMETADATA@@2@Z
?acidriff_openAndWriteAcidInfo@@YGJPA_WPAUISfReadMeta@@H@Z
?MediaMgrRiff_openAndWriteInfo@@YGJPA_WPAUISfReadMeta@@H@Z
?ProjectLinkRiff_openAndWriteInfo@@YGJPA_WPAUISfReadMeta@@H@Z
_SfWndCenter@16
??0CSfLinkProjectInfo@@QAE@XZ
_SfLang_Open@16
_SfAudio_IsEqualFormat@8
_SfLang_Close@4
_SfList_CreateExZ@32
_SfDoesFileExist@8
_SfList_FindSortedInsertIndexRange@20
_SfYUVImageBytesAndOffsets@8
_SfCreateDirectory@8
_SfDeleteDirectoryTree@8
_SfGetFileSizeByName@8
?SfAudio_CopyWfx@@YGXPAUtWAVEFORMATEX@@IPBU1@W4SFWAVEFORMAT_COPY_DEST@@@Z
?SfAudio_GeneralCopyWfx@@YGPAUtWAVEFORMATEX@@PAU1@IABU_sfwaveformat@@W4SFWAVEFORMAT_COPY_DEST@@@Z
?SfFio_SetStreamFormatInfo@@YGXPAU_SFFILESTREAMFORMATINFOv2@@PBUtWAVEFORMATEX@@PBUtSFAUDIOEXTENSION@@_J@Z
?SfAudio_GetWaveFormatTag@@YGGPBUtWAVEFORMATEX@@@Z
SfPrintF
?SfFio_FillStreamFormatInfo@@YGJPAUISfReadStream@@W4SFFILESTREAMTYPE@@PAU_SFFILESTREAMFORMATINFOv2@@@Z
?SfGetString@@YGPB_WPAUHSFLANG__@@I@Z
_SfErrorHandler_TranslateWin32Error@4
_SfGetFileNameExtensionPtrW@4
?SfFio_FillBstrArrayFromStringResourceMap@@YGJPAUHSFLANG__@@PBW4SFFIO_FILECLASS_INFO_TEXT@@KPAPA_WPBUFILECLASS_INFO_STRING_MAP@@KPB_W@Z
_SfLang_UpdateLCID@8
_SfLang_GetLCID@4
?SfFio_GetMetricBool@@YGHPAUISfFileIOManager@@HH@Z
_SfAudio_Copy@24
_SfAddSlashToPathName@8

mfplat

MFCreateSample
MFCreateMediaType
MFCreateMemoryBuffer

winmm

mmioRead
mmioDescend
mmioClose
mmioOpenW
mmioSeek
mmioAscend

kernel32

GetCurrentProcessId
OpenProcess
DuplicateHandle
GetCurrentProcess
RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MapViewOfFile
CloseHandle
GlobalUnlock
GlobalFree
GlobalHandle
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
GetLastError
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetLastError
GlobalLock
ReadProcessMemory
WriteProcessMemory
UnmapViewOfFile
lstrcmpiW
CreateFileW
WaitForSingleObject
ReleaseMutex
SetFilePointer
LockResource
WriteFile
CreateMutexW
SetFilePointerEx
GetTickCount
GetTempFileNameW
CopyFileW
DeleteFileW
GetFileAttributesW
GetShortPathNameW
GetFileTime
GetFileSizeEx
GetFileSize
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReadFile
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
CreateFileMappingW
DisableThreadLibraryCalls
GlobalAlloc

user32

SetWindowTextW
ShowWindow
GetDlgItem
SendMessageW
EndDialog
SetWindowLongW
UnregisterClassW
GetWindowLongW

ole32

CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysFreeString

vcruntime140

_except_handler4_common
memset
__std_type_info_destroy_list
memmove
memcpy
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
__std_terminate
_purecall
__current_exception

api-ms-win-crt-string-l1-1-0

wcsncat_s
strcpy
wmemmove_s
wmemcpy_s
wcsncpy_s

api-ms-win-crt-heap-l1-1-0

_recalloc
free
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

terminate
_invalid_parameter_noinfo
_errno
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

??0CMappingOfSfMemoryToken@@QAE@ABU_sfmemorytoken@@K@Z
??0COutOfProcessMemoryToken@@QAE@AAU_sfmemorytoken@@KH@Z
??1CMappingOfSfMemoryToken@@QAE@XZ
??1COutOfProcessMemoryToken@@QAE@XZ
??4CMappingOfSfMemoryToken@@QAEAAV0@ABV0@@Z
??4COutOfProcessMemoryToken@@QAEAAV0@ABV0@@Z
??4CSfLinkProjectInfo@@QAEAAV0@ABV0@@Z
?Close@CMappingOfSfMemoryToken@@QAEXXZ
?DataSize@CMappingOfSfMemoryToken@@QAEJXZ
?Dispose@CMappingOfSfMemoryToken@@QAEXXZ
?GetAppTemplateData@CSfLinkProjectInfo@@QAEPAXXZ
?GetAppTemplateDataPtr@CSfLinkProjectInfo@@QAEPAPAXXZ
?GetAppTemplateDataSize@CSfLinkProjectInfo@@QAEKXZ
?GetAppTemplateDataSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetCommandLinePtr@CSfLinkProjectInfo@@QAEPAPA_WXZ
?GetCommandLineSize@CSfLinkProjectInfo@@QAEKXZ
?GetCommandLineSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetCommandLineW@CSfLinkProjectInfo@@QAEPA_WXZ
?GetCreatorAppInfo@CSfLinkProjectInfo@@QAEPA_WXZ
?GetCreatorAppInfoPtr@CSfLinkProjectInfo@@QAEPAPA_WXZ
?GetCreatorAppInfoSize@CSfLinkProjectInfo@@QAEKXZ
?GetCreatorAppInfoSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetCreatorAppWindowClassName@CSfLinkProjectInfo@@QAEPA_WXZ
?GetCreatorAppWindowClassNamePtr@CSfLinkProjectInfo@@QAEPAPA_WXZ
?GetCreatorAppWindowClassNameSize@CSfLinkProjectInfo@@QAEKXZ
?GetCreatorAppWindowClassNameSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetMemoryToken@COutOfProcessMemoryToken@@QAEJAAU_sfmemorytoken@@@Z
?GetPointer@CMappingOfSfMemoryToken@@QAEJPAPAX@Z
?GetProjectData@CSfLinkProjectInfo@@QAEPAXXZ
?GetProjectDataPtr@CSfLinkProjectInfo@@QAEPAPAXXZ
?GetProjectDataSize@CSfLinkProjectInfo@@QAEKXZ
?GetProjectDataSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetProjectPath@CSfLinkProjectInfo@@QAEPA_WXZ
?GetProjectPathPtr@CSfLinkProjectInfo@@QAEPAPA_WXZ
?GetProjectPathSize@CSfLinkProjectInfo@@QAEKXZ
?GetProjectPathSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetRendererGuid@CSfLinkProjectInfo@@QAEPAU_GUID@@XZ
?GetTemplateData@CSfLinkProjectInfo@@QAEPAXXZ
?GetTemplateDataPtr@CSfLinkProjectInfo@@QAEPAPAXXZ
?GetTemplateDataSize@CSfLinkProjectInfo@@QAEKXZ
?GetTemplateDataSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetTemplateName@CSfLinkProjectInfo@@QAEPA_WXZ
?GetTemplateNamePtr@CSfLinkProjectInfo@@QAEPAPA_WXZ
?GetTemplateNameSize@CSfLinkProjectInfo@@QAEKXZ
?GetTemplateNameSizePtr@CSfLinkProjectInfo@@QAEPAKXZ
?GetVersion@CSfLinkProjectInfo@@QAEKXZ
?Pointer@CMappingOfSfMemoryToken@@QAEPAXXZ
DllCanUnloadNow
DllGetClassObject
DllInitClasses

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdeeb81407a555b9778f6d88c90344d3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:7d:e3:d8:45:44:11:80:5d:bf:c9:db:d0:f5:12:b5Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

21:fc:0d:40:10:ea:01:09:2c:f2:69:82:06:9c:5a:d7:17:6b:ae:2e:ba:ba:4a:c1:49:26:a5:42:67:79:bb:1aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sharedk

mfplat

winmm

kernel32

user32

ole32

oleaut32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 11KB - Virtual size: 10KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:7d:e3:d8:45:44:11:80:5d:bf:c9:db:d0:f5:12:b5
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

21:fc:0d:40:10:ea:01:09:2c:f2:69:82:06:9c:5a:d7:17:6b:ae:2e:ba:ba:4a:c1:49:26:a5:42:67:79:bb:1a
Signer

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 11KB - Virtual size: 10KB