20bff64d9ada80c2889877533b9970f3d8e3e481d157169e857e9d7e1397af36_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

20bff64d9ada80c2889877533b9970f3d8e3e481d157169e857e9d7e1397af36_NeikiAnalytics.exe
Size

1.2MB
MD5

316102f53a61c29167ab413aea5961b0
SHA1

db03d5459362deca4c75c72c31433543583f4b38
SHA256

20bff64d9ada80c2889877533b9970f3d8e3e481d157169e857e9d7e1397af36
SHA512

f0223ca6c053d37bb68a8222a3fd8900e49711b95c9ee408b1154215fd7fa6df06324da230ea63a4e00d5cf893c8c40e0ba173380eb4b696eaadf5ac157d1168
SSDEEP

24576:uzlAgekk5hwQ+dPP+bh0lhSMXlhL056wSWixe:JZJhwQ+dlxL056wSWixe

Score

1^/10

Malware Config

Signatures

Files

20bff64d9ada80c2889877533b9970f3d8e3e481d157169e857e9d7e1397af36_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

c0ea8892e3b74b59f45b3a11bd01c2c5

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/11/2023, 08:40

Not After

27/11/2024, 08:40

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:92:f0:f6:63:60:e5:0d:28:b3:0d:cd:56:be:a7:0c:9b:5a:fb:81:8b:bb:30:4e:46:3f:11:b7:d3:bb:c1:66
Signer

Actual PE Digest

96:92:f0:f6:63:60:e5:0d:28:b3:0d:cd:56:be:a7:0c:9b:5a:fb:81:8b:bb:30:4e:46:3f:11:b7:d3:bb:c1:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\leon_tsai\Desktop\Promeo_trunk\promeo_trunk\build\windows\plugins\webview_windows\Release\webview_windows_plugin.pdb

Imports

webview2loader

CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

flutter_windows

FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopPluginRegistrarGetView
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopMessengerUnlock

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
DebugBreak
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FormatMessageW
GetModuleFileNameW
FreeLibrary
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
InitOnceComplete
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileInformationByHandle
SetFileAttributesW
GetFullPathNameW
GetCPInfoExW
LocalFree
FormatMessageA
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
InitOnceBeginInitialize
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW

user32

RegisterClassW
LoadCursorW
CreateWindowExW
DefWindowProcW
DestroyWindow
UnregisterClassW

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemAlloc

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xbad_function_call@std@@YAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?id@?$numpunct@D@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
_Query_perf_counter
_Query_perf_frequency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Mbrtowc
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Locinfo@std@@QEAA@XZ

d3d11

D3D11CreateDevice

vcruntime140

__current_exception
_purecall
__std_terminate
__std_type_info_compare
_CxxThrowException
__std_type_info_destroy_list
memcmp
memcpy
memmove
memset
__std_exception_destroy
__current_exception_context
__C_specific_handler
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_invoke_watson
_errno
_invalid_parameter_noinfo
_initterm
_crt_at_quick_exit
_execute_onexit_table
_crt_atexit
abort
_initterm_e

api-ms-win-crt-math-l1-1-0

_dsign
_fdsign
_dclass
_fdclass
_ldclass
ceilf
_ldsign

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsnprintf_s

api-ms-win-crt-string-l1-1-0

toupper

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

Exports

Exports

WebviewWindowsPluginRegisterWithRegistrar

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 821KB - Virtual size: 821KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0ea8892e3b74b59f45b3a11bd01c2c5

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:afCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

96:92:f0:f6:63:60:e5:0d:28:b3:0d:cd:56:be:a7:0c:9b:5a:fb:81:8b:bb:30:4e:46:3f:11:b7:d3:bb:c1:66Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

webview2loader

flutter_windows

kernel32

user32

shell32

ole32

msvcp140

d3d11

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 821KB - Virtual size: 821KB

.data Size: 70KB - Virtual size: 73KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

96:92:f0:f6:63:60:e5:0d:28:b3:0d:cd:56:be:a7:0c:9b:5a:fb:81:8b:bb:30:4e:46:3f:11:b7:d3:bb:c1:66
Signer

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 821KB - Virtual size: 821KB

.data
Size: 70KB - Virtual size: 73KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB