c2d7f052326b66b42f48743a9d797660_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c2d7f052326b66b42f48743a9d797660_NeikiAnalytics.exe
Size

706KB
MD5

c2d7f052326b66b42f48743a9d797660
SHA1

3b304856825a70b469a9f563a6ed8dd736adfcf4
SHA256

2c5a0972cbf88aa16ed4d95231507115b71e0726f832409a104500b8de8c483e
SHA512

3182d8af73a8694ab145294bbcd07c482907480754f28870390a4794241634150a51c8edd251cfc228fa2d7f47737a276031f0d6d62296a4cce91912942e3879
SSDEEP

12288:L5TOXeqHwTHCU228NWDQ7O6cRAyp4Hg1vrugTDuFAyKIpEC7n0BTMj:L5TqH0CB28s1ykZyKO0Wj

Score

1^/10

Malware Config

Signatures

Files

c2d7f052326b66b42f48743a9d797660_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

a63edb092ea614cf6bc20187634edc57

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/10/2023, 00:00

Not After

19/11/2026, 23:59

Subject

CN=Information Security Technology Corporation,O=Information Security Technology Corporation,L=Neihu District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:60:a8:61:d5:d0:d1:12:4a:fe:52:62:38:c9:85:83:3f:91:fe:14:be:cb:76:46:0f:9f:c1:38:1a:1e:3c:b1
Signer

Actual PE Digest

8b:60:a8:61:d5:d0:d1:12:4a:fe:52:62:38:c9:85:83:3f:91:fe:14:be:cb:76:46:0f:9f:c1:38:1a:1e:3c:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
GetProcessVersion
GlobalSize
GetCPInfo
GetOEMCP
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapAlloc
HeapFree
GetACP
RaiseException
ExitProcess
ExitThread
HeapSize
HeapReAlloc
FatalAppExitA
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetCurrentDirectoryA
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
MoveFileExA
RemoveDirectoryW
CopyFileW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
GetCurrentDirectoryW
GetSystemDirectoryW
MoveFileW
CreateFileW
VirtualQueryEx
GetModuleFileNameW
CreateProcessW
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
CreateProcessA
ReadProcessMemory
GetThreadPriority
LoadLibraryW
FormatMessageW
FindResourceExA
OutputDebugStringW
GetExitCodeThread
WaitForMultipleObjects
TerminateThread
ResetEvent
GetModuleHandleW
GetLogicalDrives
QueryDosDeviceW
SetVolumeLabelA
DefineDosDeviceA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFlags
MulDiv
SetLastError
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrlenW
GlobalUnlock
SuspendThread
SetThreadPriority
ResumeThread
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetShortPathNameA
lstrcmpiA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
lstrcpynA
lstrcpyA
SleepEx
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
PulseEvent
SetEndOfFile
UnlockFile
LockFile
MoveFileExW
FlushFileBuffers
SetFilePointer
WriteFile
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
CreateEventA
SetEvent
WaitForSingleObject
TerminateProcess
SetPriorityClass
GetPriorityClass
GetDriveTypeA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
OutputDebugStringA
MoveFileA
CopyFileA
lstrcmpA
RemoveDirectoryA
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryA
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetFileInformationByHandle
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
ReadFile
LoadLibraryExA
FreeLibrary
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
QueryDosDeviceA
GetDriveTypeW
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetCommandLineA
DeviceIoControl
GetTickCount
CreateFileA
GetSystemDirectoryA
Sleep
OpenMutexA
GetLastError
GetUserDefaultLCID
CloseHandle

user32

SetWindowPlacement
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
TrackPopupMenu
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GrayStringA
DrawTextA
GetMenu
DestroyMenu
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ScreenToClient
GetMenuStringA
DeleteMenu
InsertMenuA
GetMenuItemCount
GetDesktopWindow
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
SendDlgItemMessageA
GetSubMenu
GetWindowTextLengthA
GetMenuCheckMarkDimensions
RegisterClassA
GetClassInfoA
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
AdjustWindowRectEx
IsWindow
SetActiveWindow
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
AppendMenuA
RemoveMenu
TabbedTextOutA
wvsprintfA
ValidateRect
PeekMessageA
EndPaint
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
SendMessageA
PostMessageA
PostQuitMessage
GetSystemMetrics
CharUpperA
wsprintfA
OemToCharA
CharToOemA
GetWindowTextW
GetWindowTextA
EnumWindows
IsWindowVisible
GetParent
GetWindowLongA
GetWindowThreadProcessId
EnumDesktopWindows
MessageBoxW
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
CloseDesktop
FindWindowA
ScrollWindowEx
MsgWaitForMultipleObjects

gdi32

CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
SetColorAdjustment
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDCOrgEx
GetObjectA
CopyMetaFileA
GetClipRgn
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateDCA
PolyBezierTo
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
CreateBitmap
CreateSolidBrush
DeleteDC
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegConnectRegistryA
RegSetValueExW
RegEnumKeyA
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
SetFileSecurityA
RegSetKeySecurity
RegCreateKeyW
RegCreateKeyExW
RegSetValueA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
GetUserNameA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
ChangeServiceConfigA
CloseServiceHandle
RegQueryValueExW

shell32

SHGetFileInfoA
DragAcceptFiles

comctl32

ord17

ole32

OleRegGetUserType
ReadFmtUserTypeStg
WriteFmtUserTypeStg
ReadClassStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CoCreateInstance
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
SetConvertStg
WriteClassStg

oleaut32

SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysReAllocStringLen
SysStringLen

wsock32

ioctlsocket

mpr

WNetGetConnectionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

Control
Start
Stop
Valid

Sections

.text
Size: 560KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a63edb092ea614cf6bc20187634edc57

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

8b:60:a8:61:d5:d0:d1:12:4a:fe:52:62:38:c9:85:83:3f:91:fe:14:be:cb:76:46:0f:9f:c1:38:1a:1e:3c:b1Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

mpr

version

Exports

Exports

Sections

.text Size: 560KB - Virtual size: 558KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 32KB - Virtual size: 86KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 36KB - Virtual size: 35KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:85:6e:31:97:a7:aa:92:3d:ba:cd:4d:ee:46:8f:23
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

8b:60:a8:61:d5:d0:d1:12:4a:fe:52:62:38:c9:85:83:3f:91:fe:14:be:cb:76:46:0f:9f:c1:38:1a:1e:3c:b1
Signer

.text
Size: 560KB - Virtual size: 558KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 32KB - Virtual size: 86KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 36KB - Virtual size: 35KB