205a6b25e20eb7bbe5441ebf405c4fb21eafb29c5effd396de6971e43fb23778_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

205a6b25e20eb7bbe5441ebf405c4fb21eafb29c5effd396de6971e43fb23778_NeikiAnalytics.exe
Size

1.1MB
MD5

e603d3c3bb527a13221a349af8f78450
SHA1

36ea8b495e85833ccaaeb6d5041c1a6ca577fa3d
SHA256

205a6b25e20eb7bbe5441ebf405c4fb21eafb29c5effd396de6971e43fb23778
SHA512

a5bb451b929386a9957953a20bfb0eeb870546b170e42c814b4ac6fbe29b2771002dabba47abd556a7a58ecd006ce0555f8a595d36145b29bbe7c7c817db186d
SSDEEP

12288:PDaV5EbpImC5/jYRbF9WxRpr1z19mlrsRaNrtS9kuGtAO65nC+ShShv:PDu5E7C5/qbFk9IlYRaNrtFk5r8E

Score

1^/10

Malware Config

Signatures

Files

205a6b25e20eb7bbe5441ebf405c4fb21eafb29c5effd396de6971e43fb23778_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

e5a0c88b4b619c813dccf960e1670f73

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:a2:44:f0:0f:15:22:76:20:d6:b8:be
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/11/2023, 08:44

Not After

27/11/2024, 08:44

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:9f:d4:e7:20:6d:2e:44:a4:33:76:0f:f8:7a:8c:3d:c9:00:57:63:d8:cb:97:a7:2a:e9:1d:12:de:99:d2:40
Signer

Actual PE Digest

36:9f:d4:e7:20:6d:2e:44:a4:33:76:0f:f8:7a:8c:3d:c9:00:57:63:d8:cb:97:a7:2a:e9:1d:12:de:99:d2:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\Code\UNO3.0\UNO\v110\Release_x64\UNO.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

advapi32

RegDeleteKeyA
SetEntriesInAclW
SetNamedSecurityInfoW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountNameW
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
GetNamedSecurityInfoW
RegDeleteValueA
RegEnumKeyExA
RegEnumKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
AllocateAndInitializeSid

kernel32

LCMapStringW
SetEnvironmentVariableA
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetLastError
GetFileSize
WriteFile
ReadFile
SetFilePointer
CloseHandle
CreateFileA
CreateFileW
IsDBCSLeadByteEx
MultiByteToWideChar
HeapAlloc
SetLastError
FreeLibrary
GetProcAddress
GetCurrentProcess
LoadLibraryA
LocalFree
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
LockFile
UnlockFile
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
FormatMessageA
FormatMessageW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryW
GetTempPathA
GetTempPathW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
GetFullPathNameW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
DeleteFileA
DeleteFileW
AreFileApisANSI
QueryPerformanceCounter
GetVersionExA
RaiseException
SetStdHandle
WaitForSingleObject
LoadResource
SizeofResource
FindClose
GetLocalTime
GetTimeZoneInformation
lstrcmpiA
lstrlenW
CreateMutexA
CreateMutexW
LoadLibraryExA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
FindResourceA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
CreateTimerQueueTimer
DeleteTimerQueueTimer
IsDBCSLeadByte
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
CreateThread
SetThreadPriority
TerminateThread
SetEvent
ResetEvent
CreateEventA
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointerEx
ReadConsoleW
HeapSize
GetFileType
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
LoadLibraryExW
GetStringTypeW
GetCurrentThread
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FatalAppExitA
GetCurrentThreadId
GetCommandLineA
CreateDirectoryW
VirtualQuery
VirtualProtect
VirtualAlloc
HeapReAlloc
GetModuleHandleExW
ExitProcess
ReleaseMutex
QueryPerformanceFrequency
DecodePointer
EncodePointer
RtlPcToFileHeader
IsProcessorFeaturePresent
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent

user32

CharNextA

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid

oleaut32

VarUI4FromStr
CreateErrorInfo
GetErrorInfo
SetErrorInfo
SysFreeString

wininet

InternetSetOptionW
InternetSetOptionA
InternetWriteFile
HttpOpenRequestA
InternetConnectW
InternetConnectA
InternetCloseHandle
InternetOpenW
InternetOpenA
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestW
HttpSendRequestExA
HttpSendRequestExW
HttpEndRequestA
InternetReadFile
InternetGetConnectedState
InternetGetCookieW
InternetOpenUrlW
HttpQueryInfoW
HttpQueryInfoA

urlmon

FindMimeFromData

rpcrt4

UuidToStringW
RpcStringFreeW

secur32

GetUserNameExW

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

UNO_Config
UNO_GetUUID
UNO_Init
UNO_Log
UNO_Uninit

Sections

.text
Size: 810KB - Virtual size: 810KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5a0c88b4b619c813dccf960e1670f73

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

62:a2:44:f0:0f:15:22:76:20:d6:b8:beCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

36:9f:d4:e7:20:6d:2e:44:a4:33:76:0f:f8:7a:8c:3d:c9:00:57:63:d8:cb:97:a7:2a:e9:1d:12:de:99:d2:40Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

advapi32

kernel32

user32

shell32

ole32

oleaut32

wininet

urlmon

rpcrt4

secur32

iphlpapi

version

Exports

Exports

Sections

.text Size: 810KB - Virtual size: 810KB

.rdata Size: 251KB - Virtual size: 250KB

.data Size: 18KB - Virtual size: 34KB

.pdata Size: 56KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

62:a2:44:f0:0f:15:22:76:20:d6:b8:be
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

36:9f:d4:e7:20:6d:2e:44:a4:33:76:0f:f8:7a:8c:3d:c9:00:57:63:d8:cb:97:a7:2a:e9:1d:12:de:99:d2:40
Signer

.text
Size: 810KB - Virtual size: 810KB

.rdata
Size: 251KB - Virtual size: 250KB

.data
Size: 18KB - Virtual size: 34KB

.pdata
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB