7b3b385f9186cba0031ce25b59ad0c20_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7b3b385f9186cba0031ce25b59ad0c20_NeikiAnalytics.exe
Size

182KB
MD5

7b3b385f9186cba0031ce25b59ad0c20
SHA1

d59f7d287eaca2577b903fc8fac5199447de821c
SHA256

c4774c693fb698617127c404a3d44d35fd9b2cf51c07c9e03a36e7378c243c48
SHA512

c3ef484f44725e50ea3483111b9fa4ef43a6bce9c1f1e987f4044862a9e11b6941ae5c826b2fb2667954f483712f46e1a1582681fa1dbe24319eb91dbe408455
SSDEEP

3072:WxW8pihfhR/aVKHv0kDC21QTXVaVJ2geXwvbjO9caMFHt1BWg9RkkBziv:H88hDT8WxCMJjfRZUmR/iv

Score

1^/10

Malware Config

Signatures

Files

7b3b385f9186cba0031ce25b59ad0c20_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

14a9fc096c018cf19c93b3a8fb3c4657

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/05/2024, 13:07

Not After

17/05/2025, 13:07

Subject

SERIALNUMBER=556821-8225,CN=Coffee Stain Studios AB,O=Coffee Stain Studios AB,STREET=Hertig Johans Gata 6,L=Skövde,ST=Västra Götaland,C=SE,1.2.840.113549.1.9.1=#0c14637373697440636f66666565737461696e2e7365,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:36:4d:4c:0e:4e:49:28:b6:0d:c7:5c:e9:1f:98:81:b7:ed:b4:bc:cd:7e:45:9e:79:e4:a0:07:af:fd:46:a2
Signer

Actual PE Digest

ef:36:4d:4c:0e:4e:49:28:b6:0d:c7:5c:e9:1f:98:81:b7:ed:b4:bc:cd:7e:45:9e:79:e4:a0:07:af:fd:46:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryGameEGS-NGXD3D12RHI.pdb

Imports

factorygameegs-core

??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?DoSetup@FThreadSafeStaticStatBase@@IEBAPEBUTStatIdData@@PEBDPEB_W001_N2W4Type@EStatDataType@@22W4EMemoryCounterRegion@FWindowsPlatformMemory@@@Z
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?GetConvertedLength@Private@Core@UE@@YAHPEBW4UTF8CHAR@FGenericPlatformTypes@@PEB_WH@Z
?Convert@Private@Core@UE@@YAPEAW4UTF8CHAR@FGenericPlatformTypes@@PEAW445@HPEB_WH@Z
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
??0FName@@QEAA@PEBDW4EFindName@@@Z
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?IsInRHIThread@@YA_NXZ
?GetPlatformPhysical@IPlatformFile@@SAAEAV1@XZ
?Get@FModuleManager@@SAAEAV1@XZ
?LoadModuleChecked@FModuleManager@@QEAAAEAVIModuleInterface@@VFName@@@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
?Free@FMemory@@SAXPEAX@Z
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
?HandleAtomicsFailure@FWindowsPlatformAtomics@@KAXPEB_WZZ

factorygameegs-rhi

?GIsRunningRHIInSeparateThread_InternalUseOnly@@3_NA

factorygameegs-ngxrhi

?GetNGXDLSSCreateParams@FRHIDLSSArguments@@QEBA?AUNVSDK_NGX_DLSS_Create_Params@@XZ
?GetNGXDLSSRRCreateParams@FRHIDLSSArguments@@QEBA?AUNVSDK_NGX_DLSSD_Create_Params@@XZ
??1NGXDLSSFeature@@UEAA@XZ
?Tick@NGXDLSSFeature@@QEAAXI@Z
??0NGXDLSSFeature@@QEAA@PEAUNVSDK_NGX_Handle@@PEAUNVSDK_NGX_Parameter@@AEBUFDLSSFeatureDesc@@I@Z
?RequiresFeatureRecreation@FDLSSState@@QEAA_NAEBUFRHIDLSSArguments@@@Z
?HasValidFeature@FDLSSState@@QEBA_NXZ
?QueryDLSSSupport@FDLSSQueryFeature@NGXRHI@@QEAAXXZ
??1NGXRHI@@UEAA@XZ
?NGXInitialized@NGXRHI@@SA_NXZ
??0NGXRHI@@IEAA@AEBUFNGXRHICreateArguments@@@Z
?RegisterFeature@NGXRHI@@IEAAXV?$TSharedPtr@VNGXDLSSFeature@@$00@@@Z
?FindFreeFeature@NGXRHI@@IEAA?AV?$TSharedPtr@VNGXDLSSFeature@@$00@@AEBUFRHIDLSSArguments@@@Z
?ReleaseAllocatedFeatures@NGXRHI@@IEAAXXZ
?ApplyCommonNGXParameterSettings@NGXRHI@@IEAAXPEAUNVSDK_NGX_Parameter@@AEBUFRHIDLSSArguments@@@Z
?Validate@FRHIDLSSArguments@@QEBAXXZ
?IsSafeToShutdownNGX@NGXRHI@@IEBA_NXZ
?bNGXInitialized@NGXRHI@@1_NA
?bIsIncompatibleAPICaptureToolActive@NGXRHI@@1_NA
?GetFeatureDesc@FRHIDLSSArguments@@QEBA?AUFDLSSFeatureDesc@@XZ
?GetNGXLogDirectory@NGXRHI@@KA?AVFString@@XZ

kernel32

VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
CloseHandle
InitializeCriticalSection
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExA
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
VerifyVersionInfoW
GetStdHandle
OutputDebugStringA
GetCurrentProcessId
AllocConsole
WriteConsoleA
SetConsoleTitleA
GetConsoleWindow
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentThreadId
DeleteCriticalSection
GetProcAddress
EnterCriticalSection
GetLastError
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

user32

GetWindowThreadProcessId
MessageBoxA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

IIDFromString

vcruntime140

_purecall
memmove
memset
__CxxFrameHandler3
wcsrchr
wcsstr
memcmp
memcpy
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

_wcsdup
isalpha
isdigit
wcscat_s
strncmp
_wcsnicmp
_wcsicmp
wcstok
_strnicmp
wcscpy_s

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_set_invalid_parameter_handler
_register_onexit_function
terminate
_initterm_e
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit

api-ms-win-crt-stdio-l1-1-0

_wfsopen
fclose
fflush
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
__stdio_common_vfprintf
fputs
__stdio_common_vfprintf_s
__acrt_iob_func

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
strftime

Exports

Exports

InitializeModule
NVSDK_NGX_D3D12_AllocateParameters
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_DestroyParameters
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_EvaluateFeature_C
NVSDK_NGX_D3D12_GetCapabilityParameters
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetParameters
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_Parameter_GetD
NVSDK_NGX_Parameter_GetD3d11Resource
NVSDK_NGX_Parameter_GetD3d12Resource
NVSDK_NGX_Parameter_GetF
NVSDK_NGX_Parameter_GetI
NVSDK_NGX_Parameter_GetUI
NVSDK_NGX_Parameter_GetULL
NVSDK_NGX_Parameter_GetVoidPointer
NVSDK_NGX_Parameter_SetD
NVSDK_NGX_Parameter_SetD3d11Resource
NVSDK_NGX_Parameter_SetD3d12Resource
NVSDK_NGX_Parameter_SetF
NVSDK_NGX_Parameter_SetI
NVSDK_NGX_Parameter_SetUI
NVSDK_NGX_Parameter_SetULL
NVSDK_NGX_Parameter_SetVoidPointer
NVSDK_NGX_UpdateFeature

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14a9fc096c018cf19c93b3a8fb3c4657

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ef:36:4d:4c:0e:4e:49:28:b6:0d:c7:5c:e9:1f:98:81:b7:ed:b4:bc:cd:7e:45:9e:79:e4:a0:07:af:fd:46:a2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factorygameegs-core

factorygameegs-rhi

factorygameegs-ngxrhi

kernel32

user32

advapi32

ole32

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 67KB

.uedbg Size: 512B - Virtual size: 167B

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 99KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 512B - Virtual size: 380B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ef:36:4d:4c:0e:4e:49:28:b6:0d:c7:5c:e9:1f:98:81:b7:ed:b4:bc:cd:7e:45:9e:79:e4:a0:07:af:fd:46:a2
Signer

.text
Size: 67KB - Virtual size: 67KB

.uedbg
Size: 512B - Virtual size: 167B

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 99KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 380B