674126c661588c2f10d10b2e0cdd39df673b4b9ff4c7acabd82e64e42132b066_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

674126c661588c2f10d10b2e0cdd39df673b4b9ff4c7acabd82e64e42132b066_NeikiAnalytics.exe
Size

291KB
MD5

a5e6e905de14995c7c537aebe7032170
SHA1

4ceee599c7e2f9357a80afa89b986b76c7a4d7d6
SHA256

674126c661588c2f10d10b2e0cdd39df673b4b9ff4c7acabd82e64e42132b066
SHA512

a0cfc134f1fda7c1eb984b6de55f3e1d87c7a01da86f46c5e78f04f110f5cbba20a5ffcbb36f8c23d1a196621ed16eba1f4c00bb21c4129af027fb2d7d420818
SSDEEP

6144:BgELQrHRwrt7atzLNDunhSMXlBXBWRphszw21vTyRQ:BgELQrHRwrt7athunhSMXlMphsE2NmO

Score

1^/10

Malware Config

Signatures

Files

674126c661588c2f10d10b2e0cdd39df673b4b9ff4c7acabd82e64e42132b066_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

6ebf86293b4c3993262f3691f18e4e02

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:c0:e1:fa:55:48:df:f8:26:63:da:be:8b:7b:98:ce
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/01/2023, 00:00

Not After

09/01/2026, 23:59

Subject

CN=General Motors LLC,O=General Motors LLC,L=Detroit,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:10:dc:e8:ed:91:20:53:1b:57:2d:59:d3:be:f5:66:3b:83:da:ac
Signer

Actual PE Digest

b8:10:dc:e8:ed:91:20:53:1b:57:2d:59:d3:be:f5:66:3b:83:da:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAGetLastError
bind
WSAIoctl
closesocket
WSASend
shutdown
WSACloseEvent
WSACreateEvent
WSASetEvent
WSASendTo
WSASocketW
WSAStartup
WSAConnect
WSAResetEvent
WSAWaitForMultipleEvents
WSARecv
WSARecvFrom
WSAGetOverlappedResult
sendto
setsockopt
WSACleanup

kernel32

CreateDirectoryW
FormatMessageA
LocalFree
AreFileApisANSI
SetWaitableTimer
CreateWaitableTimerW
WriteFile
OutputDebugStringA
CreateFileW
GetCurrentThreadId
GetTempPathA
ReleaseSRWLockExclusive
DisableThreadLibraryCalls
AcquireSRWLockExclusive
CloseHandle
GetSystemTimePreciseAsFileTime
GetCurrentProcess
GetFileAttributesExW
GetFileInformationByHandleEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetLastError
WideCharToMultiByte
MultiByteToWideChar

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Thrd_join
_Mtx_unlock
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Mtx_destroy_in_situ
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Query_perf_frequency
_Mtx_lock
?_Throw_Cpp_error@std@@YAXH@Z

msvcp140_atomic_wait

__std_atomic_wait_direct
__std_atomic_notify_all_direct

iphlpapi

SendARP

vcruntime140

_CxxThrowException
__std_terminate
__std_type_info_destroy_list
memmove
__CxxFrameHandler3
memset
_except_handler4_common
memchr
memcpy
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initterm
_initterm_e
terminate
_beginthreadex
_seh_filter_dll
_execute_onexit_table
_initialize_onexit_table
abort
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

toupper

api-ms-win-crt-math-l1-1-0

_fdsign
ceil
_ldclass
_fdclass
_dclass
_dsign
_ldsign

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

PassThruClose
PassThruConnect
PassThruDisconnect
PassThruGetLastError
PassThruIoctl
PassThruOpen
PassThruReadMsgs
PassThruReadVersion
PassThruSetProgrammingVoltage
PassThruStartMsgFilter
PassThruStartPeriodicMsg
PassThruStopMsgFilter
PassThruStopPeriodicMsg
PassThruWriteMsgs

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ebf86293b4c3993262f3691f18e4e02

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:c0:e1:fa:55:48:df:f8:26:63:da:be:8b:7b:98:ceCertificate

Extended Key Usages

Key Usages

b8:10:dc:e8:ed:91:20:53:1b:57:2d:59:d3:be:f5:66:3b:83:da:acSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

shell32

ole32

msvcp140

msvcp140_atomic_wait

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:c0:e1:fa:55:48:df:f8:26:63:da:be:8b:7b:98:ce
Certificate

b8:10:dc:e8:ed:91:20:53:1b:57:2d:59:d3:be:f5:66:3b:83:da:ac
Signer

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB