8365ba9b296a3a2d09bfc2fdba462550_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8365ba9b296a3a2d09bfc2fdba462550_NeikiAnalytics.exe
Size

1.1MB
MD5

8365ba9b296a3a2d09bfc2fdba462550
SHA1

04206843afabccc8f30600136754449263bf1d6c
SHA256

2498e9ea075409fc57cb06009720a835aacea0d6c5793cfbad6d19e98c09501a
SHA512

a25903111b65a3ec444d88806bf46c0e8947761d69bbfbf9e246b9cb24202b48334482a9eb4097ffd6f91b6d92295ee369c3d2d524fa335dcce16ec312aaffc6
SSDEEP

12288:hJAikNN6vwqYfjfkIZs/q4hc5Dqu1NxUQR2I0vYe878U5H1dUHLApNP6bk/vQc:hJ4jceXpuuJcI0vYe879HvUrOtB/vQc

Score

1^/10

Malware Config

Signatures

Files

8365ba9b296a3a2d09bfc2fdba462550_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

36ba498598d2a47381f1e469298fee20

Code Sign

01
Certificate

Issuer

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

Not Before

01/01/1995, 08:00

Not After

31/12/1999, 23:59

Subject

CN=Microsoft Authenticode(tm) Root Authority,O=MSFT,C=US

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2005, 13:46

Not After

01/11/2025, 13:54

Subject

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

0a:40:5c:dd:b4:11:68:04:d6:d5:dd:b3:a3:66:33:b7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/10/2021, 00:00

Not After

11/10/2024, 23:59

Subject

SERIALNUMBER=91440400324837464A,CN=Zhuhai Pantum Electronics Co.\, Ltd.,O=Zhuhai Pantum Electronics Co.\, Ltd.,L=珠海市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:32:dd:37:35:eb:9b:cf:7d:7f:25:fb:cf:dc:e4:95:07:3c:51:5d:6e:7a:65:99:8a:e1:2a:3d:ce:13:75:51
Signer

Actual PE Digest

70:32:dd:37:35:eb:9b:cf:7d:7f:25:fb:cf:dc:e4:95:07:3c:51:5d:6e:7a:65:99:8a:e1:2a:3d:ce:13:75:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\yhong\Project_Git\07_EasyInstall\master\EasyInsatll\Release\Setup.pdb

Imports

kernel32

IsDebuggerPresent
ExitProcess
HeapReAlloc
ExitThread
RtlUnwind
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
SetUnhandledExceptionFilter
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
SetEnvironmentVariableW
UnhandledExceptionFilter
GetStartupInfoW
WritePrivateProfileStringW
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetErrorMode
lstrlenA
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GetModuleHandleA
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
GetOverlappedResult
FreeResource
MulDiv
DeviceIoControl
lstrlenW
GetCurrentProcessId
GetPrivateProfileStringW
TerminateProcess
GetExitCodeProcess
OpenProcess
GetUserDefaultUILanguage
FindNextFileW
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
GetVersion
LocalFree
GetCommandLineW
ResumeThread
WriteFile
WideCharToMultiByte
GetTempPathW
RemoveDirectoryW
DeleteFileW
SetEvent
GetDiskFreeSpaceExW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
ReadFile
CreateFileW
CreateEventW
ReleaseMutex
ResetEvent
CreateMutexW
MultiByteToWideChar
GetWindowsDirectoryW
GetTickCount
GetModuleHandleW
LocalAlloc
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
CopyFileExW
GetSystemDirectoryW
CopyFileW
SetFileAttributesW
CreateDirectoryW
FindClose
FindFirstFileW
Sleep
CreateThread
OutputDebugStringA
RtlCaptureStackBackTrace
GetCurrentProcess
CreateProcessW
GetStdHandle
CreatePipe
OutputDebugStringW
WaitForSingleObject
CloseHandle
GlobalLock
GlobalAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalFree
GetACP
GlobalUnlock

user32

GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgItem
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetSubMenu
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
IsDialogMessageW
SetWindowTextW
MoveWindow
EnableWindow
GetWindowRect
GetParent
GetWindowLongW
GetSystemMetrics
GetClientRect
IsWindowEnabled
CheckMenuItem
GetMenuState
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetNextDlgTabItem
TabbedTextOutW
DrawTextW
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
GetCapture
CopyRect
GetSysColor
FillRect
ReleaseDC
SetRect
ExitWindowsEx
PtInRect
GetCursorPos
LoadCursorW
GetDC
GetClassInfoW
GetSystemMenu
EnableMenuItem
DrawIcon
IsIconic
SetWindowPos
LoadIconW
IsWindowVisible
LoadBitmapW
KillTimer
MessageBoxW
FindWindowW
SetTimer
PostMessageW
SetForegroundWindow
DispatchMessageW
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetFocus
IsWindow
GetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
SendMessageW
TrackMouseEvent
InvalidateRect
GetClassLongW
CallNextHookEx
SetWindowsHookExW
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
ShowWindow
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
EndDialog
CreateDialogIndirectParamW
SetCapture
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
MessageBeep
UnregisterClassW
GetSysColorBrush
SetCursor
GetMessageW
TranslateMessage
ValidateRect
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
DestroyMenu
CharUpperW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
PostThreadMessageW

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetStockObject
CreateFontW
DeleteDC
GetDeviceCaps
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
GetObjectW
ExtSelectClipRgn
CreateSolidBrush
DeleteObject

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
XcvDataW
AddPrinterW
ClosePrinter
ord203
ord204
DeletePrinterDriverExW
GetPrinterW
EnumJobsW
DeleteMonitorW
GetPrintProcessorDirectoryW
EnumPortsW
SetPrinterW
DocumentPropertiesW
GetPrinterDriverDirectoryW
AddMonitorW
AddPrintProcessorW
AddPrinterDriverW
DeletePrinter
EnumPrintersW

advapi32

AdjustTokenPrivileges
RegCloseKey
RegQueryValueW
RegOpenKeyW
RegCreateKeyW
EnumDependentServicesW
QueryServiceStatusEx
StartServiceW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegOpenKeyExW
LookupPrivilegeValueW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathAddBackslashW
StrStrW
PathIsDirectoryW
PathAppendW
StrRChrW
StrChrW
PathIsDirectoryEmptyW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
OleLoadPicture
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
CM_Locate_DevNodeW
CM_Reenumerate_DevNode
SetupDiSetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsExW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupCopyOEMInfW

gdiplus

GdipDisposeImageAttributes
GdipSetImageAttributesGamma
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipCloneImage
GdipCreateImageAttributes
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromResource
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipGetImageWidth
GdipFree

dbghelp

SymInitialize
SymFromAddr

newdev

UpdateDriverForPlugAndPlayDevicesW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

sensapi

IsNetworkAlive

ws2_32

htons
setsockopt
socket
WSAWaitForMultipleEvents
WSACleanup
WSAStartup
inet_addr
bind
sendto
closesocket
recvfrom
inet_ntoa
getaddrinfo
WSAGetLastError
gethostname
gethostbyname
WSACreateEvent
WSARecvFrom
freeaddrinfo
WSACloseEvent

iphlpapi

GetIpAddrTable
GetAdaptersAddresses
GetAdaptersInfo
NotifyAddrChange

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36ba498598d2a47381f1e469298fee20

Code Sign

01Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38Certificate

Key Usages

0a:40:5c:dd:b4:11:68:04:d6:d5:dd:b3:a3:66:33:b7Certificate

Extended Key Usages

Key Usages

70:32:dd:37:35:eb:9b:cf:7d:7f:25:fb:cf:dc:e4:95:07:3c:51:5d:6e:7a:65:99:8a:e1:2a:3d:ce:13:75:51Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

setupapi

gdiplus

dbghelp

newdev

version

sensapi

ws2_32

iphlpapi

psapi

Sections

.text Size: 697KB - Virtual size: 697KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 45KB - Virtual size: 66KB

.rsrc Size: 179KB - Virtual size: 179KB

.reloc Size: 65KB - Virtual size: 64KB

01
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

72:94:04:10:1f:3e:0c:a3:47:83:7f:ca:17:5a:84:38
Certificate

0a:40:5c:dd:b4:11:68:04:d6:d5:dd:b3:a3:66:33:b7
Certificate

70:32:dd:37:35:eb:9b:cf:7d:7f:25:fb:cf:dc:e4:95:07:3c:51:5d:6e:7a:65:99:8a:e1:2a:3d:ce:13:75:51
Signer

.text
Size: 697KB - Virtual size: 697KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 45KB - Virtual size: 66KB

.rsrc
Size: 179KB - Virtual size: 179KB

.reloc
Size: 65KB - Virtual size: 64KB