1d3c230b3176eb546486069c454e53b93783d53fa32bb5b25c9ff0f91994ffa9_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1d3c230b3176eb546486069c454e53b93783d53fa32bb5b25c9ff0f91994ffa9_NeikiAnalytics.exe
Size

406KB
MD5

ce4ee8683901c516af90b57c9de67f00
SHA1

597a16ba281711f4208a1140436ff434c2d7df3f
SHA256

1d3c230b3176eb546486069c454e53b93783d53fa32bb5b25c9ff0f91994ffa9
SHA512

3d1aadc9f95da41ea214578653fdace5ff3a5666616c81a4110357aee13b9b9f560165ff325fbf710a711937498c46b9ba35bbc909f1bb8181112f8eab7e333f
SSDEEP

6144:JfJjCifMpjT7A9ZxfqPXEQuc6vCb2rKfsrIH5WBQzWbUQmtFYozVhX8o2t5wVe+R:RMzJgJhBQzWbGYozX8LHwlTL

Score

1^/10

Malware Config

Signatures

Files

1d3c230b3176eb546486069c454e53b93783d53fa32bb5b25c9ff0f91994ffa9_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

83a1d040980db10d44444d762215d747

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:5f:41:39:7c:b7:d5:11:2c:09:e5:75:dc:02:63:84
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15-11-2022 00:00

Not After

13-11-2025 23:59

Subject

CN=Henry Schein Practice Solutions\, Inc.,O=Henry Schein Practice Solutions\, Inc.,L=American Fork,ST=Utah,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:97:6c:73:9e:53:84:67:7b:94:f2:3b:dc:df:08:55:e1:6f:2a:41
Signer

Actual PE Digest

bf:97:6c:73:9e:53:84:67:7b:94:f2:3b:dc:df:08:55:e1:6f:2a:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

B:\GB\Source\Release\_Plclean.pdb

Imports

user32

SetCursor
SetRect
InvertRect
FillRect
GetSysColorBrush
GetClientRect
ValidateRect
ReleaseDC
GetDC
DrawTextA
DestroyMenu
GetMenu
GetWindow
GetFocus
SetWindowPos
ModifyMenuA
EnableMenuItem
CheckMenuItem
AppendMenuA
DrawMenuBar
GetDialogBaseUnits
GetSubMenu
CreatePopupMenu
DeleteMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
SubtractRect
IsWindowEnabled
LoadImageA
SetForegroundWindow
EnumThreadWindows
GetForegroundWindow
GetCursor
MapVirtualKeyA
keybd_event
CallWindowProcA
SetWindowLongA
PtInRect
InvalidateRect
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
FindWindowA
GetParent
GetSysColor
GetWindowTextLengthA
GetWindowTextA
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemInt
SetDlgItemInt
GetDesktopWindow
GetWindowLongA
EndDialog
DialogBoxParamA
SetFocus
GetDlgItemTextA
SendMessageA
IsDialogMessageA
GetPropA
GetDlgCtrlID
SetPropA
RemovePropA
GetClassInfoA
LoadAcceleratorsA
TranslateAcceleratorA
IsWindow
SetActiveWindow
IsWindowVisible
LoadMenuA
FrameRect
DrawIcon
OffsetRect
LoadStringA
IntersectRect
IsRectEmpty
SetScrollPos
SetScrollRange
GetLastActivePopup
EnableWindow
GetActiveWindow
LoadIconA
LoadCursorA
MessageBoxA
EndPaint
BeginPaint
UpdateWindow
GetSystemMetrics
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
wsprintfA
PeekMessageA
MoveWindow
CreateDialogParamA
GetDlgItem
SetDlgItemTextA
SetTimer
KillTimer
RedrawWindow
SetWindowTextA
GetWindowRect
ScreenToClient

gdi32

StretchBlt
PatBlt
CreateCompatibleDC
BitBlt
DeleteDC
CreateDCA
RoundRect
Rectangle
GetTextColor
DeleteObject
SetROP2
GetObjectA
GetDeviceCaps
GetTextExtentPoint32A
LineTo
SelectObject
SetBkMode
MoveToEx
DPtoLP
GetStockObject
GetTextExtentPointA
CreatePen
SetBkColor
SetTextColor
CreateSolidBrush
GetTextMetricsA
CreateFontIndirectA

ole32

CoUninitialize
CoInitialize

dtxsdir

DTXSQL_GetWorkstationOptionString
ord101
ord104
ord102
ord5
ord4
ord3
ord100
ord2
ord1

dtxdb32

_DDB_GetRecSizeFromIFILDefinition@4
_DDB_ReReadRecord@12
_DDB_SetFilePos@12
_DDB_GetOpenFile@8
_DDB_GetDataMode@0
_DDB_ResumeLocking@4
_DDB_PauseLocking@4
_DDB_GetAccessMode@4
_DDB_StartLocking@4
_DDB_StopLocking@4
_DDB_RestoreToSavePoint@4
_DDB_GetLastActiveSession@0
_DDB_WriteVRec@12
_DDB_UnlockRecordInFile@8
_DDB_EnsureLockingNotOn@4
_DDB_LessThanOrEqualRec@16
_DDB_CreateSavePoint@4
_DDB_StartSession@4
_DDB_GetLockMode@4
_DDB_GetLastResultNum@4
_DDB_UPDCURI@12
_DDB_NextRec@12
_DDB_PrevRec@12
_DDB_SetAccessMode@8
_DDB_EnsureLockingOn@4
_DDB_RestoreLockingState@8
_DDB_SETCURI@20
_DDB_LKISAM@8
_DDB_DeleteCurRec@4
_DDB_StartSet@24
_DDB_FindRec@16
_DDB_LastRec@12
_DDB_CREIFIL@8
_DDB_AddRec@8
_DDB_GetVarRecLength@4
_DDB_ReadEntireVarRec@8
_DDB_OpenFileExclusive@8
_DDB_EndSet@4
_DDB_OpenFile@8
_DDB_MIDSET@16
_DDB_EndSession@4
_DDB_WriteRec@8
_DDB_GreaterThanOrEqualRec@16
_DDB_PrevRecInSet@8
_DDB_GetLastFileNum@4
_DDB_UnlockCurRecord@4
_DDB_ReadRec@12
_DDB_NextRecInSet@8
_DDB_CloseFile@4
_DDB_GetFilePos@4
_DDB_FirstRec@12
_DDB_GetLastErrorNum@4
_DDB_ClearSavePoint@4

dtx32

GetLoggedUserInfo
ord20
ord23
ord49
_DTX_FormatPercent@8
_DTX_verf_Money@16
_DTX_FormatMoney@8
FixCrLfForTextbox
_DTX_SpellChecker_SetBtnToolTipCustom@12
_DTX_SysTime@8
_DTX_SpellChecker_SetBtnToolTip@8
_DTX_SpellChecker_CheckControlText@8
_DTX_SpellChecker_AddBMPToBtn@8
_DTX_GetStationID@4
ord66
_DTX_CheckForPrivatePhone@8
_DTX_BuildPatAgingAudit@24
ord74
ord100
_DTX_Set_Phone@12
_DTX_StripPhone@8
_DTX_verf_Phone@16
ord60
_DTX_GetPatientPicturePath@8
_DTX_GetString@4
ord43
ord44
ord46
_DTX_GetCountry@0
ord101
_DTX_FormatSS_CheckHideMask@12
_DTX_StripSS@8
ord63
ord55
_DTX_GetSerialNumber@8
_GetWinVersion@8
_DTX_BuildProcAudit@16
_DTX_BuildInitialProcAudit@16
ord61
ord64
ord48
_DTX_DBFindErr@4
_DTX_UnpackName@16
_DTX_PackPrefName@24
_DTX_PackName@20
_DTX_stripDateString2000@20
_DTX_stripDateString1900@20
_DTX_getmonth_name@8
_DTX_week_day@12
_DTX_month_day@16
_DTX_getday_name@8
_DTX_fmtDateString2000@24
_DTX_fmtDateString1900@24
_DTX_DateStr@20
_DTX_FormatNDate2000@8
_DTX_FormatNDate1900@8
_DTX_DateOut@16
_DTX_DateIn@12
_DTX_InitializeDBEx@4
_DTX_InitializeDB@0
ord4
ord3
ord466
ord53
_DTX_GetCurrentDbCommonPath@8
ord11
ord65
_DTX_GoIntoSingleUserMode@8
_DTX_SysDate@8
_DTX_SetOverrideToLoggedIn@0

dxprnt32

_CallDxPrint@4

msvcp140

_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_frequency

vcruntime140

_except_handler4_common
__RTDynamicCast
__std_exception_destroy
__current_exception_context
memcpy
memset
__CxxFrameHandler3
__current_exception
__std_terminate
memcmp
memmove
__std_exception_copy
__std_type_info_destroy_list
_CxxThrowException
strstr
strchr

api-ms-win-crt-string-l1-1-0

strncmp
strncat
strcpy_s
_strnicmp
strncpy_s
_stricmp
isalpha
isdigit
tolower
islower
strpbrk
strncpy
strlen
strcpy
strcat
strcat_s
strcmp
_strupr
isspace
toupper
strncat_s
_strdup
isupper
strtok
isalnum

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-utility-l1-1-0

labs

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
_getcwd

api-ms-win-crt-time-l1-1-0

clock
_strtime
_localtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_chdir

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_errno
_invalid_parameter_noinfo
terminate
_seh_filter_exe
_initialize_narrow_environment
_set_app_type
_controlfp_s
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
exit
_invalid_parameter_noinfo_noreturn
_initterm_e
_get_narrow_winmain_command_line
_initterm

api-ms-win-crt-convert-l1-1-0

_ltoa
atoi
_itoa
atol

api-ms-win-crt-math-l1-1-0

_except1
_libm_sse2_pow_precise
modf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

GetProcAddress
FreeLibrary
OutputDebugStringA
Process32Next
LoadLibraryA
CreateToolhelp32Snapshot
FindFirstFileA
FindClose
GetCurrentThread
Process32First
GetLastError
SetFileAttributesA
lstrcatA
OpenFile
_lwrite
_lclose
_llseek
CloseHandle
WaitForSingleObject
CreateProcessA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalFree
lstrcpyA
lstrlenA
GlobalReAlloc
GlobalSize
LocalAlloc
LocalLock
LocalUnlock
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GlobalUnlock
MulDiv
GetLocalTime
GetModuleHandleA
LoadLibraryExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

hs1.dentrix.customersupport.clrinterop

ShowHelpAboutForm

comdlg32

ChooseColorA

hs1.dentrix.patientexperience.familyfile.clrinterop

SelectPatient

Exports

Exports

?RECALL_DeleteContinuingCareViewWrapper@@YA_NPAXH@Z
?RECALL_EditContinuingCareViewWrapper@@YA_NPAXPAG@Z
DeleteListControlData
_DTX_RscFillListCtrl@8
_SortListCtrl@8

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83a1d040980db10d44444d762215d747

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:5f:41:39:7c:b7:d5:11:2c:09:e5:75:dc:02:63:84Certificate

Extended Key Usages

Key Usages

bf:97:6c:73:9e:53:84:67:7b:94:f2:3b:dc:df:08:55:e1:6f:2a:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

ole32

dtxsdir

dtxdb32

dtx32

dxprnt32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

advapi32

hs1.dentrix.customersupport.clrinterop

comdlg32

hs1.dentrix.patientexperience.familyfile.clrinterop

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 3KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:5f:41:39:7c:b7:d5:11:2c:09:e5:75:dc:02:63:84
Certificate

bf:97:6c:73:9e:53:84:67:7b:94:f2:3b:dc:df:08:55:e1:6f:2a:41
Signer

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 3KB