11f7c6433ef405c00496331f8e4b394d39c881cc99b1fcb816c96113adb560d2_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

11f7c6433ef405c00496331f8e4b394d39c881cc99b1fcb816c96113adb560d2_NeikiAnalytics.exe
Size

952KB
MD5

87ce37085f329f09b5c2a9fc99eada10
SHA1

93c5af43777569edb5f3fb791556ebe849b39d4f
SHA256

11f7c6433ef405c00496331f8e4b394d39c881cc99b1fcb816c96113adb560d2
SHA512

d0f3f80dd0ded678dcda204db27f19801ac700ed5391235ca7510801c21112965823cb9a4ac7d6a3290360146f76f5f3cdc4aef5b7ab86e632c620693fc857bc
SSDEEP

24576:FIkbRbnK8n0d5tznJCuLn2o+yoChF6jkTB9EmNVe:hlG8n0d5xbLn7+TsF64TBT0

Score

1^/10

Malware Config

Signatures

Files

11f7c6433ef405c00496331f8e4b394d39c881cc99b1fcb816c96113adb560d2_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

36718c547fca6685ef0da5ae42995ee2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:cf:88:dd:cc:58:71:9e:fe:34:c7:dc:06:9f:e0:e4
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/09/2021, 00:00

Not After

13/09/2024, 23:59

Subject

CN=Karl-Heinz Otter,O=Karl-Heinz Otter,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d5:6c:5e:bf:f2:14:f1:42:c7:4a:4a:ab:8a:2a:ad:ed:00:c7:f5:d6
Signer

Actual PE Digest

d5:6c:5e:bf:f2:14:f1:42:c7:4a:4a:ab:8a:2a:ad:ed:00:c7:f5:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cmUT18.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeEndPeriod
timeBeginPeriod

advapi32

EqualSid
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenCurrentUser
GetUserNameW
LookupPrivilegeValueW

kernel32

LoadLibraryA
ExitProcess
GetFullPathNameW
GetCommandLineA
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
DeleteFileA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetStdHandle
GetCPInfo
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
RtlUnwind
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetModuleHandleA
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetModuleFileNameA
GetCurrentDirectoryW
ReadProcessMemory
TryEnterCriticalSection
RaiseException
IsBadCodePtr
IsBadReadPtr
GetSystemInfo
FindResourceW
lstrcpynA
GetEnvironmentVariableW
LCMapStringW
MultiByteToWideChar
FormatMessageW
IsBadStringPtrW
GetThreadTimes
GetCurrentProcessId
GetVersion
QueryPerformanceFrequency
GetThreadPriority
WaitForMultipleObjects
GetExitCodeThread
CreateFileMappingW
InterlockedExchangeAdd
ProcessIdToSessionId
ResetEvent
SetThreadPriority
GetACP
TerminateThread
OutputDebugStringW
InterlockedCompareExchange
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
ExpandEnvironmentStringsW
FindNextFileW
GetFileType
FindClose
GetThreadLocale
SetLastError
GetFileSizeEx
GetTempPathW
FlushFileBuffers
ReadFile
LockFile
UnlockFile
SetFilePointerEx
LoadResource
SetErrorMode
FindResourceExW
SetEndOfFile
FindFirstFileW
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
WideCharToMultiByte
GetVolumeInformationW
LocalAlloc
GetSystemTime
SetThreadContext
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalSize
HeapSize
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
GetProcessHeap
CompareStringW
LoadLibraryW
EnumSystemLocalesW
GetFileAttributesW
GetModuleHandleW
CreateProcessW
SwitchToThread
FileTimeToDosDateTime
GetTickCount
SetUnhandledExceptionFilter
GetFileTime
GetModuleFileNameW
VirtualQuery
FileTimeToLocalFileTime
CompareFileTime
SystemTimeToFileTime
GetUserDefaultLCID
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
FileTimeToSystemTime
GetLocalTime
DebugBreak
ResumeThread
GetUserDefaultLangID
DeleteFileW
CreateDirectoryW
GetThreadContext
SuspendThread
WriteFile
SetFilePointer
SetEvent
QueryPerformanceCounter
Sleep
CreateFileW
DuplicateHandle
CreateEventW
LocalFree
GetCurrentThread
GetCurrentThreadId
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
InterlockedExchange

user32

RegisterWindowMessageW
OemToCharW
WaitForInputIdle
SetWindowPos
IsWindow
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
PostMessageW
LockWindowUpdate
LoadStringW
MsgWaitForMultipleObjects
MessageBeep
FindWindowW
TranslateMessage
PeekMessageW
SendMessageTimeoutW
GetSystemMetrics
DispatchMessageW
CharLowerW
CharUpperW
GetUserObjectInformationW
GetProcessWindowStation
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
RegisterClipboardFormatW
SetClipboardData
GetWindowTextW
GetClassNameW
GetWindowLongW
GetFocus
SendMessageW
DestroyCursor
WinHelpW
LoadCursorW
GetParent
GetActiveWindow
GetWindowThreadProcessId
GetDesktopWindow
GetWindow

gdi32

GetObjectType

ole32

StgOpenStorage
CoTaskMemFree
CoCreateInstance
FreePropVariantArray
CoUninitialize
PropVariantClear
CoInitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantChangeType
SysReAllocString
DosDateTimeToVariantTime
VariantCopyInd
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
VariantClear

Exports

Exports

PasDebug
ProfAppendBoolA
ProfAppendBoolW
ProfAppendColorrefA
ProfAppendColorrefW
ProfAppendDoubleA
ProfAppendDoubleW
ProfAppendFileA
ProfAppendFileW
ProfAppendFilesA
ProfAppendFilesW
ProfAppendInt64A
ProfAppendInt64HexA
ProfAppendInt64HexW
ProfAppendInt64W
ProfAppendIntA
ProfAppendIntHexA
ProfAppendIntHexW
ProfAppendIntW
ProfAppendListA
ProfAppendListW
ProfAppendPointA
ProfAppendPointW
ProfAppendRectA
ProfAppendRectLTWHA
ProfAppendRectLTWHW
ProfAppendRectW
ProfAppendStreamA
ProfAppendStreamW
ProfAppendStringA
ProfAppendStringW
ProfCopyList
ProfCreateListA
ProfCreateListW
ProfDebugList
ProfDeleteItemA
ProfDeleteItemW
ProfDeleteListA
ProfDeleteListW
ProfEmptyList
ProfEnumA
ProfEnumW
ProfExtractFilesA
ProfExtractFilesW
ProfGetBoolA
ProfGetBoolW
ProfGetColorrefA
ProfGetColorrefW
ProfGetDoubleA
ProfGetDoubleW
ProfGetError
ProfGetFileA
ProfGetFileW
ProfGetInt64A
ProfGetInt64W
ProfGetIntA
ProfGetIntW
ProfGetListA
ProfGetListW
ProfGetOption
ProfGetPointA
ProfGetPointW
ProfGetRectA
ProfGetRectLTWHA
ProfGetRectLTWHW
ProfGetRectW
ProfGetStreamA
ProfGetStreamW
ProfGetStringA
ProfGetStringLengthA
ProfGetStringLengthW
ProfGetStringW
ProfGetVersion
ProfIsClipboardDataAvailable
ProfJobAddRef
ProfJobClose
ProfJobOpenA
ProfJobOpenClipboard
ProfJobOpenExclusiveA
ProfJobOpenExclusiveW
ProfJobOpenStream
ProfJobOpenStreamObjectA
ProfJobOpenStreamObjectW
ProfJobOpenW
ProfLPSTRtoBOOLA
ProfLPSTRtoBOOLW
ProfLPSTRtoCOLORREFA
ProfLPSTRtoCOLORREFW
ProfLPSTRtoINT64A
ProfLPSTRtoINT64W
ProfLPSTRtoINTA
ProfLPSTRtoINTW
ProfLPSTRtoRECTA
ProfLPSTRtoRECTW
ProfSaveA
ProfSaveToClipboard
ProfSaveToStream
ProfSaveW
ProfSetBoolA
ProfSetBoolW
ProfSetColorrefA
ProfSetColorrefW
ProfSetDebug
ProfSetDoubleA
ProfSetDoubleW
ProfSetInt64A
ProfSetInt64HexA
ProfSetInt64HexW
ProfSetInt64W
ProfSetIntA
ProfSetIntHexA
ProfSetIntHexW
ProfSetIntW
ProfSetOption
ProfSetPointA
ProfSetPointW
ProfSetRectA
ProfSetRectLTWHA
ProfSetRectLTWHW
ProfSetRectW
ProfSetStringA
ProfSetStringW
UtilAddAccessRights
UtilAddAccessRightsForWise
UtilAssert
UtilAtrim
UtilConvertBLOBToString
UtilConvertHGLOBALToString
UtilConvertStreamToString
UtilConvertStringToBLOB
UtilConvertStringToHGLOBAL
UtilConvertStringToStream
UtilCtrlBreakHookAttach
UtilDateTimeFromLocaleString
UtilDateTimeToLocaleString
UtilDebug
UtilDebugExt
UtilDebugExtV
UtilDebugHelpGetModuleList
UtilDebugHelpGetStackTrace
UtilDebugHelpJobClose
UtilDebugHelpJobOpen
UtilDebugHelpSetOption
UtilDebugHelpWriteMiniDump
UtilDocInfoClose
UtilDocInfoGet
UtilDocInfoOpen
UtilEnsureLocalPath
UtilEnsureLocalPathForWise
UtilEnsureUNCPath
UtilEnsureUNCPathForWise
UtilError
UtilExHandlerEndProtection
UtilExHandlerJobClose
UtilExHandlerJobOpen
UtilExHandlerStartProtection
UtilExpandDefaultTokensOfFolderPath
UtilFullpath
UtilGetCurrentUserDomainSID
UtilGetDBGHELPThreadingCS
UtilGetFSInfo
UtilGetFileInfoAccess
UtilGetFlags
UtilGetGDIThreadingCS
UtilGetLikelyCharsetFromString
UtilGetListOfNames
UtilGetOSEnvironmentType
UtilGetSIDOfUser
UtilGetUIInteractionAllowed
UtilGetUserOfSID
UtilGetVersion
UtilGetWindowMessage
UtilGetWindowMessageName
UtilHandleListMgr
UtilHeapCreate
UtilHeapDelete
UtilHeapObjectAlloc
UtilHeapObjectAllocExt
UtilHeapObjectFree
UtilHeapObjectSize
UtilHeapShrink
UtilHeapSize
UtilHeapSizeObjects
UtilHeapValidate
UtilHelp
UtilHelpClose
UtilHelpCursor
UtilHelpDisplay
UtilHelpDisplayContext
UtilHelpIsInHelpMode
UtilHelpOpen
UtilHelpOpenEx
UtilHelpPop
UtilHelpPush
UtilHelpSetHelpMode
UtilHelpShowContents
UtilHelpShowHelpOnHelp
UtilHelpShowIndex
UtilIsRPtr
UtilIsString
UtilIsWPtr
UtilJobClose
UtilJobOpen
UtilLanguageGet
UtilLanguageSet
UtilListModules
UtilLocConvertLocalTimeToUTCTime
UtilLocConvertUTCTimeToLocalTime
UtilLocDateTimeToSYSTEMTIME
UtilLocGetCountryInfo
UtilLocGetCountryList
UtilLocGetDSTStartAndEndInUTC
UtilLocGetLanguageInfo
UtilLocLocaleStringFromSystemTime
UtilLocSystemTimeFromLocaleString
UtilLocaleStrcmp
UtilLocaleStricmp
UtilLocaleStrlwr
UtilLocaleStrncmp
UtilLocaleStrnicmp
UtilLocaleStrupr
UtilLtrim
UtilMemcpy
UtilMemset
UtilMergepath
UtilRemoveDataBP
UtilRtrim
UtilSafeSprintf
UtilSafeStrlen
UtilSetCBTHook
UtilSetDataBP
UtilSetupImpersonateUser
UtilSetupLogoffImpersonatedUser
UtilSetupLogonImpersonatedUser
UtilSplitpath
UtilStackTrace
UtilStrcat
UtilStrchr
UtilStrcmp
UtilStrcpy
UtilStricmp
UtilStrlen
UtilStrncmp
UtilStrncpy
UtilStrnicmp
UtilStrrchr
UtilStrstr
UtilStuff
UtilSubstr
UtilTempFileMgrAdd
UtilTempFileMgrClose
UtilTempFileMgrCreateFile
UtilTempFileMgrOpen
UtilZIPAppend
UtilZIPAppendList
UtilZIPClose
UtilZIPCreate

Sections

.text
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36718c547fca6685ef0da5ae42995ee2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

fd:cf:88:dd:cc:58:71:9e:fe:34:c7:dc:06:9f:e0:e4Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

d5:6c:5e:bf:f2:14:f1:42:c7:4a:4a:ab:8a:2a:ad:ed:00:c7:f5:d6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

winmm

advapi32

kernel32

user32

gdi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 499KB - Virtual size: 499KB

.rdata Size: 224KB - Virtual size: 224KB

.data Size: 127KB - Virtual size: 175KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 47KB - Virtual size: 46KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

fd:cf:88:dd:cc:58:71:9e:fe:34:c7:dc:06:9f:e0:e4
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

d5:6c:5e:bf:f2:14:f1:42:c7:4a:4a:ab:8a:2a:ad:ed:00:c7:f5:d6
Signer

.text
Size: 499KB - Virtual size: 499KB

.rdata
Size: 224KB - Virtual size: 224KB

.data
Size: 127KB - Virtual size: 175KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 47KB - Virtual size: 46KB