2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b7fe8abe3386c0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b7fe8abe3386c0_NeikiAnalytics.exe
Size

7.7MB
MD5

251369428a0e2d87308e7a9faa387270
SHA1

89556991dbde37bd48ced113209bf451f7e4e74c
SHA256

2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b7fe8abe3386c0
SHA512

b720c02c0a359c10163ffbe8d00b456dbdbd26ae4c59098fb454cc3ab2ed4e9d710114eca3818cbbca201cf8366897d8bac213e9b0a5a677cd4453b7bf7efe5c
SSDEEP

98304:Q8/LrPXdY6YRv8coX6f6pnpnaoi+Lu7nxTIng3t1uw5:Q8/LrPtY6Yt8qypnaoi+Lu7nxTIg9n5

Score

1^/10

Malware Config

Signatures

Files

2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b7fe8abe3386c0_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

36d07adef72483f55e4e1b594a273b33

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:59:5c:5a:f1:2b:95:18:c5:de:73:a1:d8:20:81:d2:25:f1:59:19:ce:f5:e2:26:41:e8:44:2a:2b:fa:4e:12
Signer

Actual PE Digest

94:59:5c:5a:f1:2b:95:18:c5:de:73:a1:d8:20:81:d2:25:f1:59:19:ce:f5:e2:26:41:e8:44:2a:2b:fa:4e:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb

Imports

rpcrt4

RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidCreate
NdrClientCall3
RpcStringBindingParseW
UuidFromStringW
UuidToStringW
Ndr64AsyncServerCallAll
NdrAsyncServerCall
NdrServerCall2
NdrServerCallAll
Ndr64AsyncClientCall
RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerUseProtseqEpW
RpcObjectSetType
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
RpcIfInqId
RpcMgmtEpEltInqDone

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSetCredentials
WinHttpReadData
WinHttpWriteData
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders

shell32

ord165
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW
SHChangeNotify

ntdll

RtlNtStatusToDosError
NtSetInformationThread
NtClose
RtlDllShutdownInProgress
RtlVirtualUnwind
RtlLookupFunctionEntry
NtSystemDebugControl
VerSetConditionMask
NtOpenKey
NtQueryKey
NtDeleteKey
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
RtlUnwind

kernel32

OutputDebugStringW
DeleteFileW
FindFirstFileW
ReadProcessMemory
CheckRemoteDebuggerPresent
VirtualProtect
FlushInstructionCache
RaiseException
FindClose
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateThread
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetTickCount
SetErrorMode
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery
GetNativeSystemInfo
GetSystemTimes
GetProcessTimes
SetLastError
QueryFullProcessImageNameW
GetPriorityClass
OpenThread
GetThreadPriority
K32EnumProcesses
GetThreadTimes
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessHandleCount
GetFileTime
CompareFileTime
ProcessIdToSessionId
UnregisterWaitEx
GetComputerNameW
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateIoCompletionPort
ResumeThread
TerminateThread
LoadLibraryA
CancelIoEx
GetOverlappedResult
ReadDirectoryChangesW
InitializeCriticalSectionAndSpinCount
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
DeleteProcThreadAttributeList
K32GetProcessImageFileNameW
GetThreadId
CreatePipe
SetHandleInformation
GetProcessShutdownParameters
SetProcessShutdownParameters
WTSGetActiveConsoleSessionId
LocalAlloc
FileTimeToSystemTime
FlushFileBuffers
GetFullPathNameW
OutputDebugStringA
CompareStringW
OpenEventW
GetVersionExW
ExpandEnvironmentStringsW
VirtualAlloc
VirtualFree
GetFileInformationByHandleEx
GetExitCodeThread
SetFileAttributesW
GetFileSize
MoveFileExW
GetVolumeInformationW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileAttributesExW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
CreateHardLinkW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDateFormatW
GetTimeFormatW
GetVersion
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
HeapSetInformation
CopyFileW
K32GetMappedFileNameW
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
GetCurrentProcessId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
MoveFileExA
GetEnvironmentVariableA
SleepEx
CreateFileA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
ExpandEnvironmentStringsA
GetVersionExA
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
DeviceIoControl
SetFileTime
GetFinalPathNameByHandleW
SetFileInformationByHandle
RegisterWaitForSingleObject
GlobalFree
LocalFileTimeToFileTime
SystemTimeToFileTime
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetLocaleInfoEx
AcquireSRWLockShared
ReleaseSRWLockShared
InitOnceComplete
InitOnceBeginInitialize
WaitForSingleObjectEx
IsProcessorFeaturePresent
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
DuplicateHandle
SetEndOfFile
SetFilePointer
HeapDestroy
GetSystemTimeAsFileTime
DecodePointer
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
RemoveDirectoryW
GetDriveTypeW
ReadFile
GetFileSizeEx
GetTimeZoneInformation
DebugBreak
FormatMessageW
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameA
GetUserDefaultUILanguage
ResetEvent
LockFileEx
UnlockFileEx
CreateFileW
MoveFileW
GetModuleFileNameW
OpenProcess
Sleep
GetCurrentThread
GetCommandLineW
FreeLibrary
LoadLibraryExW
CreateProcessW
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryW
LocalFree
GetSystemDirectoryW
WaitForMultipleObjects
TerminateProcess
WaitForSingleObject
SetEvent
CreateEventW
GetLastError
GetExitCodeProcess
GetProcessId
CloseHandle
GetCurrentProcess
GetSystemInfo
GetActiveProcessorCount
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetTickCount64
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VerifyVersionInfoW
GetFileAttributesW
LoadLibraryW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
FormatMessageA
GetModuleHandleA
InterlockedPushEntrySList
ExitThread
FreeLibraryAndExitThread
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCommandLineA
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetStdHandle
FlsAlloc
FlsGetValue
FlsSetValue
FreeLibraryWhenCallbackReturns
GetStringTypeW
AreFileApisANSI
WriteFile
SetFilePointerEx
WaitForThreadpoolWaitCallbacks
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
IsValidCodePage
GetACP
GetLogicalDriveStringsW
CreateSymbolicLinkW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFileInformationByHandle
IsDebuggerPresent
SetDllDirectoryW
lstrcpyW
ExitProcess
LoadLibraryExA

user32

PeekMessageW
IsHungAppWindow
UnregisterClassW
GetGUIThreadInfo
LoadStringW
RegisterWindowMessageW
PostMessageW
SendMessageW
SetWindowLongPtrW
FindWindowExW
EnumWindows
GetWindowLongPtrW
DefWindowProcW
SetWindowTextW
ShutdownBlockReasonCreate
SetTimer
KillTimer
DestroyWindow
SetForegroundWindow
GetClassNameW
wsprintfW
AllowSetForegroundWindow
MessageBoxW
GetSystemMetrics
CharLowerW
GetWindowThreadProcessId
SendMessageCallbackW
ShutdownBlockReasonDestroy
PostQuitMessage
RegisterClassExW
CreateWindowExW
IsWindow
TranslateMessage
GetMessageW
DispatchMessageW
GetClassInfoExW

advapi32

RevertToSelf
ChangeServiceConfig2W
QueryServiceConfig2W
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitiateSystemShutdownExW
RegOpenKeyExW
RegCloseKey
OpenThreadToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
EqualSid
DuplicateToken
CheckTokenMembership
DuplicateTokenEx
CreateProcessAsUserW
ConvertSidToStringSidW
LookupAccountSidW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
SystemFunction036
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyExW
RegEnumKeyW
RegQueryMultipleValuesW
RegFlushKey
RegDeleteTreeW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
GetEffectiveRightsFromAclW
GetSecurityInfo
RegLoadKeyW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
ConvertStringSidToSidW
FreeSid
CloseServiceHandle
CreateServiceW
ChangeServiceConfigW
QueryServiceStatusEx
StartServiceW
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
TreeResetNamedSecurityInfoW
AddAce
InitializeAcl
CopySid
GetLengthSid
AllocateAndInitializeSid
TreeSetNamedSecurityInfoW
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
GetFileSecurityW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateGuid
CLSIDFromString

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

powrprof

CallNtPowerInformation

netapi32

NetUserGetLocalGroups
NetApiBufferFree

bcrypt

BCryptGenRandom

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CryptUnprotectData
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptProtectData
CryptDecodeObjectEx

iphlpapi

GetBestRoute2
GetAdaptersAddresses
FreeMibTable
GetUnicastIpAddressTable
if_indextoname
if_nametoindex

ws2_32

WSAGetLastError
WSAStringToAddressA
select
GetAddrInfoW
FreeAddrInfoW
WSACleanup
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
ntohl
ntohs
WSASetLastError
closesocket
htons
socket
setsockopt
WSAIoctl
__WSAFDIsSet
htonl
bind
connect
WSASocketW
getsockname
WSAAddressToStringA
getsockopt
WSADuplicateSocketW
recvfrom
getservbyname
gethostname
ioctlsocket
recv
WSAStartup
InetNtopW
WSAAddressToStringW

shlwapi

PathIsDirectoryEmptyW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathMatchSpecW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW

secur32

QueryContextAttributesW

dnsapi

DnsQuery_W
DnsFree

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 569KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d07adef72483f55e4e1b594a273b33

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fcCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

94:59:5c:5a:f1:2b:95:18:c5:de:73:a1:d8:20:81:d2:25:f1:59:19:ce:f5:e2:26:41:e8:44:2a:2b:fa:4e:12Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

winhttp

shell32

ntdll

kernel32

user32

advapi32

ole32

oleaut32

powrprof

netapi32

bcrypt

crypt32

iphlpapi

ws2_32

shlwapi

setupapi

secur32

dnsapi

Exports

Exports

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 569KB - Virtual size: 617KB

.pdata Size: 213KB - Virtual size: 213KB

.didat Size: 512B - Virtual size: 112B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 34KB - Virtual size: 34KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:35:60:3f:7a:88:8a:e1:6c:05:b0:0f:15:3c:c6:fc
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

94:59:5c:5a:f1:2b:95:18:c5:de:73:a1:d8:20:81:d2:25:f1:59:19:ce:f5:e2:26:41:e8:44:2a:2b:fa:4e:12
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 569KB - Virtual size: 617KB

.pdata
Size: 213KB - Virtual size: 213KB

.didat
Size: 512B - Virtual size: 112B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 34KB - Virtual size: 34KB