3e63349cc9ca771db6f8f767e5f65ad470b9f6a4d908ef992774a7ce95d48117_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3e63349cc9ca771db6f8f767e5f65ad470b9f6a4d908ef992774a7ce95d48117_NeikiAnalytics.exe
Size

141KB
MD5

96a32e5f001ea8480a2279a5663ec170
SHA1

c5f650aefa58921882b4f2de194596e7b5a04b8d
SHA256

3e63349cc9ca771db6f8f767e5f65ad470b9f6a4d908ef992774a7ce95d48117
SHA512

44694f35d7d1a7ea274df32916a3eba92f70a54e6fd0e964a5232eebe895ea4cb047c2b63104d46f40691905115d2683591cd2f992fa8b61047d4dfd6c2d3ad1
SSDEEP

3072:eIWsqvfdrmuHjZm+FQsmL2vnsAzHDMHX/Xw/n:eI0fdrmUZJQ2vjrwHvXyn

Score

1^/10

Malware Config

Signatures

Files

3e63349cc9ca771db6f8f767e5f65ad470b9f6a4d908ef992774a7ce95d48117_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

04ea2da306f7a36b3d064ee3533594c3

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f5:e9:62:a7:37:ce:0e:b3:bb:fd:85:c6:59:0d:cb:4e:4a:de:34:52
Signer

Actual PE Digest

f5:e9:62:a7:37:ce:0e:b3:bb:fd:85:c6:59:0d:cb:4e:4a:de:34:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildslave\l4d2_rel_win32\build\src\utils\addoninstaller\Release\addoninstaller.pdb

Imports

user32

MessageBoxA
FindWindowA
SendMessageA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA

vstdlib

KeyValuesSystem

kernel32

CreateFileW
FlushFileBuffers
InterlockedDecrement
WriteConsoleW
CreateFileMappingA
LoadLibraryExA
GetModuleFileNameA
CopyFileA
CreateDirectoryA
Sleep
DeleteFileA
ExpandEnvironmentStringsA
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
CreateFileA
ReadFile
SetFilePointer
CloseHandle
GetLastError
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetDriveTypeW
GetFullPathNameA
EncodePointer
DecodePointer
GetModuleHandleW
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
SetStdHandle
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
LCMapStringW
GetStringTypeW
RaiseException
GetCurrentDirectoryW
LeaveCriticalSection
EnterCriticalSection
HeapSize
FreeLibrary
LoadLibraryW
HeapReAlloc
RtlUnwind
GetConsoleCP
GetConsoleMode

tier0

g_pMemAlloc
Error
?Lock@CThreadFastMutex@@ACEXII@Z
Warning
CommandLine_Tier0
?DevMsg@@YAXPBDZZ
GetThreadedLoadLibraryFunc
StackToolsNotify_LoadedLibrary
CreateSimpleThread
ThreadWaitForObjects
Plat_IsInDebugSession
ReleaseThreadHandle
?DevWarning@@YAXPBDZZ

Exports

Exports

CreateInterface
cvar
g_pCVar

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04ea2da306f7a36b3d064ee3533594c3

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

f5:e9:62:a7:37:ce:0e:b3:bb:fd:85:c6:59:0d:cb:4e:4a:de:34:52Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

vstdlib

kernel32

tier0

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 10KB - Virtual size: 9KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

f5:e9:62:a7:37:ce:0e:b3:bb:fd:85:c6:59:0d:cb:4e:4a:de:34:52
Signer

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 10KB - Virtual size: 9KB