1005fea32c0773d74d95ebdd2a5b0430d61a37d9aa887ff083baae51358de7bb_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1005fea32c0773d74d95ebdd2a5b0430d61a37d9aa887ff083baae51358de7bb_NeikiAnalytics.exe
Size

2.4MB
MD5

330b42f1f36ee62ffac29b0ac5e1e060
SHA1

effbfe92e27378878ec7cf947de1a7ad6d5cb3a6
SHA256

1005fea32c0773d74d95ebdd2a5b0430d61a37d9aa887ff083baae51358de7bb
SHA512

a268a51cee4306eae9fd61c1daf75d6e4ec079f31983614e4a518663d1724e7d32c2ba3c558b32064dbfeef0f0679877294e884547b15c96af3f042eeab68fc2
SSDEEP

49152:zZwrw+UmsRWoeI3fJsK+rnJ+5vbF8r4vE:zZwr5Umsf3OKw8byV

Score

1^/10

Malware Config

Signatures

Files

1005fea32c0773d74d95ebdd2a5b0430d61a37d9aa887ff083baae51358de7bb_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

840dee19089f1ad56450d0ce8c31b97f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:1c:6e:a2:2c:cf:05:7a:92:7e:99:6d:c4:98:29:4b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18-04-2023 00:00

Not After

13-05-2026 23:59

Subject

CN=Fasoo Co.\, Ltd.,O=Fasoo Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:e4:5f:d0:23:d0:92:84:fa:ad:b5:cb:2c:3a:a1:46:ab:f3:99:b9:5e:38:97:e0:ed:be:54:aa:f9:3a:0f:b9
Signer

Actual PE Digest

81:e4:5f:d0:23:d0:92:84:fa:ad:b5:cb:2c:3a:a1:46:ab:f3:99:b9:5e:38:97:e0:ed:be:54:aa:f9:3a:0f:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\DRM_Client_Build\workspace\fsp3c(209)\label\DRM_Client_Slave\Release_Fasoo ePrint (x64)\FSP3C.pdb

Imports

msimg32

AlphaBlend

rpcrt4

UuidCreate

kernel32

CreateDirectoryW
RemoveDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
LoadLibraryExW
GetUserDefaultLangID
ExitProcess
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExW
FreeResource
LoadResource
LockResource
SizeofResource
MulDiv
FindResourceW
SystemTimeToTzSpecificLocalTime
CreateProcessW
GetSystemWow64DirectoryW
GetFileInformationByHandle
lstrcatW
lstrlenW
IsBadReadPtr
GetVersion
IsDBCSLeadByte
TzSpecificLocalTimeToSystemTime
GetNativeSystemInfo
CreateMutexA
ReleaseMutex
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualProtect
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
CreateThread
FreeLibraryAndExitThread
IsBadWritePtr
lstrlenA
SetEnvironmentVariableA
WriteConsoleW
FindFirstFileExW
GetConsoleCP
GetFullPathNameW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetFileType
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
ExitThread
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
EncodePointer
GetStringTypeW
LoadLibraryExA
FindClose
TryEnterCriticalSection
FileTimeToLocalFileTime
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetLastError
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
HeapCompact
SetFilePointer
HeapAlloc
QueryPerformanceCounter
HeapFree
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetTempPathA
AreFileApisANSI
DeleteFileA
CreateFileMappingW
GetExitCodeThread
WaitForSingleObject
GetComputerNameW
GetFileTime
GetFileAttributesW
LocalFree
LocalAlloc
ProcessIdToSessionId
GetCurrentProcess
CompareFileTime
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
GetLocalTime
GetSystemTime
CreateMutexW
WideCharToMultiByte
DeleteFileW
SetEndOfFile
GetLongPathNameW
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
VirtualQuery
GetCurrentThread
GlobalUnlock
GlobalLock
SetLastError
MultiByteToWideChar
GetCommandLineW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
WriteFile
FileTimeToSystemTime
Sleep
CloseHandle
GetFileSizeEx
FindNextFileW
SetStdHandle

user32

SetRectEmpty
GetWindowLongW
GetParent
GetWindowRect
EnumChildWindows
GetClassNameW
GetWindowThreadProcessId
RegisterWindowMessageW
LoadStringW
DialogBoxParamW
EndDialog
SetDlgItemTextW
ScreenToClient
SendDlgItemMessageW
IsDlgButtonChecked
BringWindowToTop
SetRect
ReleaseDC
GetDC
FindWindowExW
IsWindow
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetSysColorBrush
GetSysColor
GetDlgCtrlID
SetWindowPos
ShowWindow
SendMessageW
MessageBoxW
GetWindowTextW
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
GetDlgItem
FindWindowW
SetForegroundWindow
wsprintfW
EnumWindows
IsWindowEnabled
SendMessageTimeoutW
GetClassNameA
IsRectEmpty
GetForegroundWindow
InternalGetWindowText
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowTextW
SetActiveWindow
EnableWindow
GetFocus
GetActiveWindow
SetFocus
MoveWindow

gdi32

GetGlyphOutlineA
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
PolyBezier
Polyline
MoveToEx
StrokePath
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath
CreateDIBSection
ModifyWorldTransform
SetWorldTransform
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileA
SetROP2
SetPolyFillMode
SetDIBits
SelectClipRgn
SaveDC
RestoreDC
LineTo
GetTextExtentPoint32A
GetStockObject
GetDIBits
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgn
CreatePen
CreateFontIndirectA
CreateDIBPatternBrushPt
CreateCompatibleDC
ResetDCW
ExtEscape
SetEnhMetaFileBits
GetArcDirection
SetArcDirection
GetEnhMetaFileBits
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
SetTextAlign
SetTextCharacterExtra
SetStretchBltMode
SetMapMode
SetBkMode
SetBkColor
PatBlt
GetTextCharacterExtra
GetStretchBltMode
GetBkColor
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
TextOutW
TextOutA
GetObjectW
ExtCreatePen
GetWorldTransform
SetTextColor
StretchDIBits
StretchBlt
SetDIBitsToDevice
PlgBlt
GetWindowOrgEx
GetWindowExtEx
GetViewportOrgEx
GetViewportExtEx
GetTextExtentPoint32W
GetTextColor
GetTextAlign
GetObjectType
GetMapMode
GetGraphicsMode
GetCurrentObject
CreatePenIndirect
CreateBrushIndirect
BitBlt
GetGlyphOutlineW

winspool.drv

GetPrinterW
OpenPrinterW
SetPrinterW
ClosePrinter
GetJobW
DocumentPropertiesW
EnumJobsW

advapi32

RegOpenKeyExW
RegCreateKeyExW
GetUserNameW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize
OleRun

oleaut32

VariantInit
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantClear
GetErrorInfo
VariantChangeType
SysFreeString

oleacc

GetRoleTextW
AccessibleChildren
AccessibleObjectFromEvent
AccessibleObjectFromWindow

iphlpapi

GetAdaptersInfo

Exports

Exports

FSPDLL_DRAWWATERMARK
FSPEXT_ENDSECUREPRINT
FSPEXT_SETFSPINFO
FSPEXT_STARTSECUREPRINT
FSPEXT_fnc01
FSPEXT_fnc02
FSPEXT_fnc03
FSPM_Proc01
FSPProc01
FSP_AdvancedDocumentPropertiesACallbackBefore
FSP_AdvancedDocumentPropertiesWCallbackBefore
FSP_AttachProcess
FSP_BitBltCallbackBefore
FSP_BitBltCallbackBeforeEx
FSP_ClosePrinterCallbackBefore
FSP_CreateDCACallbackEx
FSP_CreateDCWCallbackEx
FSP_DetachProcess
FSP_DocumentEventCallbackAfter
FSP_DocumentEventCallbackBefore
FSP_DocumentPropertiesACallbackAfter
FSP_DocumentPropertiesWCallbackAfter
FSP_EndDocCallbackAfter
FSP_EndDocCallbackBefore
FSP_EndPageCallbackAfter
FSP_EndPageCallbackBefore
FSP_EscapeCallbackAfter
FSP_EscapeCallbackBefore
FSP_ExtEscapeCallbackAfter
FSP_ExtEscapeCallbackBefore
FSP_ExtTextOutACallbackAfter
FSP_ExtTextOutACallbackBefore
FSP_ExtTextOutACallbackEx
FSP_ExtTextOutWCallbackAfter
FSP_ExtTextOutWCallbackBefore
FSP_ExtTextOutWCallbackEx
FSP_Initialize
FSP_OpenPrinterACallbackAfter
FSP_OpenPrinterACallbackBefore
FSP_OpenPrinterWCallbackAfter
FSP_OpenPrinterWCallbackBefore
FSP_PlgBltCallbackBefore
FSP_ResetPrinterACallbackAfter
FSP_ResetPrinterWCallbackAfter
FSP_SelectObjectCallbackBefore
FSP_SelectObjectCallbackEx
FSP_SetDIBitsToDeviceCallbackBefore
FSP_SetDIBitsToDeviceCallbackEx
FSP_SetPSPrint
FSP_SetPrinterACallbackBefore
FSP_SetPrinterWCallbackBefore
FSP_StartDocACallbackAfter
FSP_StartDocACallbackAfterEx
FSP_StartDocACallbackBefore
FSP_StartDocACallbackBeforeEx
FSP_StartDocDlgACallbackAfter
FSP_StartDocDlgWCallbackAfter
FSP_StartDocWCallbackAfter
FSP_StartDocWCallbackAfterEx
FSP_StartDocWCallbackBefore
FSP_StartDocWCallbackBeforeEx
FSP_StartPageCallbackAfter
FSP_StartPageCallbackBefore
FSP_StretchBltCallbackBefore
FSP_StretchDIBitsCallbackBefore
FSP_StretchDIBitsCallbackEx
FSP_Terminate
FSP_TextOutACallbackAfter

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

840dee19089f1ad56450d0ce8c31b97f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:1c:6e:a2:2c:cf:05:7a:92:7e:99:6d:c4:98:29:4bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

81:e4:5f:d0:23:d0:92:84:fa:ad:b5:cb:2c:3a:a1:46:ab:f3:99:b9:5e:38:97:e0:ed:be:54:aa:f9:3a:0f:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

rpcrt4

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

oleacc

iphlpapi

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 527KB - Virtual size: 526KB

.data Size: 48KB - Virtual size: 73KB

.pdata Size: 78KB - Virtual size: 77KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:1c:6e:a2:2c:cf:05:7a:92:7e:99:6d:c4:98:29:4b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

81:e4:5f:d0:23:d0:92:84:fa:ad:b5:cb:2c:3a:a1:46:ab:f3:99:b9:5e:38:97:e0:ed:be:54:aa:f9:3a:0f:b9
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 527KB - Virtual size: 526KB

.data
Size: 48KB - Virtual size: 73KB

.pdata
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB