449cb19e770cf25a0b0b98c835b28e43d4899ab988c0be49429ea7eb7b120dbe_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

449cb19e770cf25a0b0b98c835b28e43d4899ab988c0be49429ea7eb7b120dbe_NeikiAnalytics.exe
Size

2.5MB
MD5

d6df8e2e4392bc1668ef5b3f4676a390
SHA1

b93f4a00f5e204b8bda2bcba172d816dfa59e690
SHA256

449cb19e770cf25a0b0b98c835b28e43d4899ab988c0be49429ea7eb7b120dbe
SHA512

4554414a100ad2d99919ada1157edfb8dfca98023f80259dda9dde73d28c6861508570eb2f3bf3d17b80ebe947259f4cc3baa0316f0ecf154c8e17b61dd539c3
SSDEEP

49152:uiHmFHrvUwfsLRZVYK4fI+PppQWszlSuP4U58aNPs5R+k:uemF4rX6f/QWISzJ

Score

1^/10

Malware Config

Signatures

Files

449cb19e770cf25a0b0b98c835b28e43d4899ab988c0be49429ea7eb7b120dbe_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

47a5ba0149145f4f0d9a232ec3faca65

Code Sign

76:c5:61:db:d6:41:1c:75:82:d5:0d:0c
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/10/2023, 18:17

Not After

17/10/2026, 18:17

Subject

SERIALNUMBER=7603448,CN=CODESECURE\, INC.,O=CODESECURE\, INC.,STREET=6903 Rockledge\, Suite 1250,L=Bethesda,ST=Maryland,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:c5:84:46:f2:27:a9:b7:f3:1c:c1:20:34:49:66:ed:20:6f:a3:e0:aa:b7:52:01:d0:eb:9f:76:ad:3e:37:17
Signer

Actual PE Digest

83:c5:84:46:f2:27:a9:b7:f3:1c:c1:20:34:49:66:ed:20:6f:a3:e0:aa:b7:52:01:d0:eb:9f:76:ad:3e:37:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

third-party\postgresql-12\sslinfo.pdb

Imports

wsock32

socket
setsockopt
listen
connect
closesocket
bind
accept
shutdown
WSAStartup
select
getsockopt
getsockname
inet_ntoa
getservbyname
getservbyport
gethostbyname
gethostbyaddr
ntohs
inet_addr
recv
ioctlsocket
htons
htonl
WSAGetLastError
WSASetLastError
send
WSACleanup

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore

postgres.exe

text_to_cstring
CurrentMemoryContext
MyProcPort
cstring_to_text
numeric_in
pg_any_to_server
end_MultiFuncCall
per_MultiFuncCall
init_MultiFuncCall
HeapTupleHeaderGetDatum
BlessTupleDesc
get_call_result_type
DirectFunctionCall3Coll
pg_detoast_datum_packed
heap_form_tuple
pfree
palloc
elog_finish
elog_start
errmsg
errcode
errfinish
errstart
cstring_to_text_with_len

vcruntime140

__std_type_info_destroy_list
strrchr
memchr
_except_handler4_common
strchr
memmove
memset
memcpy
strstr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__acrt_iob_func
fwrite
_wfopen
fopen
__stdio_common_vsprintf_s
fputs
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsscanf
fclose
_setmode
setvbuf
ftell
fseek
fread
_fileno
fgets
fflush
ferror
feof
fputws

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s

api-ms-win-crt-string-l1-1-0

strcspn
isspace
strcat_s
strncpy_s
strspn
strncpy
_strdup
strcpy_s
tolower
strncmp
strcmp
isdigit

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
_cexit
terminate
_initterm_e
_execute_onexit_table
_register_onexit_function
_initterm
_initialize_onexit_table
_errno
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_atexit
signal
strerror_s
_exit
abort
raise

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtol

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_except1

kernel32

CreateFiberEx
FindClose
TlsSetValue
DeleteFiber
MultiByteToWideChar
TlsGetValue
SwitchToFiber
VirtualLock
VirtualFree
TlsFree
VirtualProtect
VirtualAlloc
GetSystemInfo
FindNextFileW
TlsAlloc
GetCurrentThreadId
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
Sleep
SystemTimeToFileTime
GetSystemTime
GetLastError
FindFirstFileW
WideCharToMultiByte
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadConsoleW
ReadConsoleA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
GetStdHandle
GetFileType
WriteFile
GetEnvironmentVariableW
GetACP
SetConsoleMode
GetConsoleMode
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ConvertThreadToFiberEx
ConvertFiberToThread
SetLastError

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

Exports

Exports

Pg_magic_func
pg_finfo_ssl_cipher
pg_finfo_ssl_client_cert_present
pg_finfo_ssl_client_dn
pg_finfo_ssl_client_dn_field
pg_finfo_ssl_client_serial
pg_finfo_ssl_extension_info
pg_finfo_ssl_is_used
pg_finfo_ssl_issuer_dn
pg_finfo_ssl_issuer_field
pg_finfo_ssl_version
ssl_cipher
ssl_client_cert_present
ssl_client_dn
ssl_client_dn_field
ssl_client_serial
ssl_extension_info
ssl_is_used
ssl_issuer_dn
ssl_issuer_field
ssl_version

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47a5ba0149145f4f0d9a232ec3faca65

Code Sign

76:c5:61:db:d6:41:1c:75:82:d5:0d:0cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

83:c5:84:46:f2:27:a9:b7:f3:1c:c1:20:34:49:66:ed:20:6f:a3:e0:aa:b7:52:01:d0:eb:9f:76:ad:3e:37:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

crypt32

postgres.exe

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 540KB - Virtual size: 540KB

.data Size: 18KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 99KB - Virtual size: 99KB

76:c5:61:db:d6:41:1c:75:82:d5:0d:0c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

83:c5:84:46:f2:27:a9:b7:f3:1c:c1:20:34:49:66:ed:20:6f:a3:e0:aa:b7:52:01:d0:eb:9f:76:ad:3e:37:17
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 540KB - Virtual size: 540KB

.data
Size: 18KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 99KB - Virtual size: 99KB