6ce466b39a7d4dbd22a58a3a9b9b7700_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6ce466b39a7d4dbd22a58a3a9b9b7700_NeikiAnalytics.exe
Size

1.8MB
MD5

6ce466b39a7d4dbd22a58a3a9b9b7700
SHA1

ea6bedba06bd8e0c59151ba5f8ccb0a8e859af8a
SHA256

f37446be0a847bc7c82ebf2e2ff743da8f483791585376abeae2e97e93d1f017
SHA512

8447bcd3504dc451df85bf46b3c3831eacc48d35d84de8ae08a084a159a78c410cdb655668d8ef1a9bf5ab68b2416e0681154aa4afda2605ebea51b07fec2b19
SSDEEP

49152:QOjYf3JhsUkxzUpQ9zpdq4yhOiOCDDXY0NIz:QuYP3czUpvDzO

Score

1^/10

Malware Config

Signatures

Files

6ce466b39a7d4dbd22a58a3a9b9b7700_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

472a03fa3f42e95bc70b722402190397

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

28/05/2024, 23:59

Subject

CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:8d:b2:9f:a7:15:31:c2:00:79:04:9f:24:bb:5f:b4:b3:9b:22:09:b5:49:ad:5f:f0:00:cb:aa:6b:10:ee:e4
Signer

Actual PE Digest

5a:8d:b2:9f:a7:15:31:c2:00:79:04:9f:24:bb:5f:b4:b3:9b:22:09:b5:49:ad:5f:f0:00:cb:aa:6b:10:ee:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\MGame\Zipper\ZipperInstAndUinst\Uinst\uninst.pdb

Imports

kernel32

lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
Sleep
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
VerifyVersionInfoW
SetLastError
VerSetConditionMask
ResetEvent
RtlCaptureStackBackTrace
SystemTimeToFileTime
GetSystemTime
WritePrivateProfileStringW
GetFileInformationByHandle
CompareFileTime
FindFirstChangeNotificationW
FindCloseChangeNotification
SetFileTime
GetTempFileNameW
GetShortPathNameW
CreateDirectoryW
SearchPathW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
WriteConsoleW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleW
FreeLibrary
FindResourceExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
HeapDestroy
CloseHandle
SetFilePointer
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetFileAttributesExW
CreateFileW
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
InitializeCriticalSectionEx
WaitForSingleObject
CreateProcessW
GetStartupInfoW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
ReadFile
RemoveDirectoryW
SetFileAttributesW
GetCurrentProcess
GetTickCount
MoveFileExW
GetFileSizeEx
GetLocalTime
OutputDebugStringA
OutputDebugStringW
lstrcpynW
SetEvent
GetEnvironmentVariableW
GetVersionExW
TerminateProcess
GetExitCodeProcess
GetWindowsDirectoryW
MoveFileW
CreateFileA
DeleteFileA
WriteFile
GetTempPathA
GetTempFileNameA
CreateEventW
WaitForMultipleObjects
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FormatMessageW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
FreeResource
GetSystemWindowsDirectoryW
DeviceIoControl
lstrcmpA
lstrcmpiA
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer

user32

RegisterClassExW
SendMessageTimeoutW
LoadStringW
GetShellWindow
CopyRect
RegisterWindowMessageW
SendNotifyMessageW
FindWindowW
OffsetRect
UnionRect
EqualRect
DrawFocusRect
DestroyCursor
GetMessageW
UnregisterClassA
IsDialogMessageW
SetFocus
EndDialog
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
SetCursor
PtInRect
BeginPaint
GetClassInfoExW
SendMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
UnregisterClassW
CreateWindowExW
IsWindow
ShowWindow
CharLowerBuffW
ReleaseDC
GetDC
SetForegroundWindow
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
IsIconic
DialogBoxParamW
DestroyWindow
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
wsprintfW
MoveWindow
GetActiveWindow
GetAsyncKeyState
SetCapture
ReleaseCapture
EndPaint

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
CreateFontW
RestoreDC
SaveDC
SelectClipRgn
SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
RectVisible
DeleteObject
EnumFontFamiliesW
OffsetViewportOrgEx

advapi32

RegEnumValueW
CryptGenRandom
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptContextAddRef
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ConvertSidToStringSidW
RegSetKeySecurity
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
RegDeleteTreeW
CryptSetKeyParam
RegDeleteKeyValueW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHChangeNotify
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
ord165

ole32

CoInitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoCreateGuid
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleRun

oleaut32

VarUI4FromStr
VariantCopy
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysStringLen
VarBstrCmp
VariantClear

shlwapi

PathRemoveFileSpecW
PathAppendW
wnsprintfW
PathFindFileNameW
PathFindFileNameA
PathRenameExtensionA
PathFileExistsW
SHGetValueA
StrToIntExW
StrCmpIW
StrStrIW
StrStrIA
StrTrimA
StrCmpNIW
SHGetValueW
PathIsRelativeW
PathCombineW
PathFindExtensionW
PathIsRootW
SHSetValueA
AssocQueryStringW
SHDeleteKeyW
PathIsPrefixW
SHSetValueW
SHDeleteValueW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipDisposeImageAttributes
GdipSetStringFormatTrimming
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipGetImageHeight
GdipGetImageWidth
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipSetImageAttributesColorMatrix
GdipSetStringFormatLineAlign
GdipCreateImageAttributes

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

Exports

Exports

_BasicEntry@8

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

472a03fa3f42e95bc70b722402190397

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

5a:8d:b2:9f:a7:15:31:c2:00:79:04:9f:24:bb:5f:b4:b3:9b:22:09:b5:49:ad:5f:f0:00:cb:aa:6b:10:ee:e4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 26KB - Virtual size: 51KB

.rsrc Size: 457KB - Virtual size: 457KB

.reloc Size: 54KB - Virtual size: 54KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

5a:8d:b2:9f:a7:15:31:c2:00:79:04:9f:24:bb:5f:b4:b3:9b:22:09:b5:49:ad:5f:f0:00:cb:aa:6b:10:ee:e4
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 26KB - Virtual size: 51KB

.rsrc
Size: 457KB - Virtual size: 457KB

.reloc
Size: 54KB - Virtual size: 54KB