78c33e8dc71aaaa0ae6e885c58e70ada3ea8f077ecd48576d20618c561986c19_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

78c33e8dc71aaaa0ae6e885c58e70ada3ea8f077ecd48576d20618c561986c19_NeikiAnalytics.exe
Size

160KB
MD5

eb6015bb3bec55e3838d0bd4b9be3460
SHA1

4a154818d67793a9add6f83f6f22a9cb99eaf14f
SHA256

78c33e8dc71aaaa0ae6e885c58e70ada3ea8f077ecd48576d20618c561986c19
SHA512

6f71f0778d44ddab9101845909c78b0cefc18f7b8461e70bcaca0224d75875c5772f0060d6cb63ca1b8722db423c88889a36548457d5516d4df2fe791928d71f
SSDEEP

3072:VYdW00Gm5lG3pDZL3dS03ocFDqXUocLdO9caMFHt1BWg9RkkBzg1:kxpDxoXUxhRZUmR/g1

Score

1^/10

Malware Config

Signatures

Files

78c33e8dc71aaaa0ae6e885c58e70ada3ea8f077ecd48576d20618c561986c19_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

dc34b321b87883bfbd53fda88f53178c

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/05/2024, 13:07

Not After

17/05/2025, 13:07

Subject

SERIALNUMBER=556821-8225,CN=Coffee Stain Studios AB,O=Coffee Stain Studios AB,STREET=Hertig Johans Gata 6,L=Skövde,ST=Västra Götaland,C=SE,1.2.840.113549.1.9.1=#0c14637373697440636f66666565737461696e2e7365,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:c2:1a:23:a2:ef:78:92:16:f9:e5:5c:af:ff:08:06:1c:84:16:40:6e:af:90:ca:f0:1b:ee:6b:8a:26:63:0a
Signer

Actual PE Digest

a5:c2:1a:23:a2:ef:78:92:16:f9:e5:5c:af:ff:08:06:1c:84:16:40:6e:af:90:ca:f0:1b:ee:6b:8a:26:63:0a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryGameEGS-SkeletalMeshDescription-Win64-Shipping.pdb

Imports

factorygameegs-core-win64-shipping

?Free@FMemory@@SAXPEAX@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FName@@QEAA@PEBDW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?OnInvalidSetNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
?SetError@FArchiveState@@QEAAXXZ
?CustomVer@FArchiveState@@QEBAHAEBUFGuid@@@Z
?SerializeByteOrderSwapped@FArchive@@AEAAAEAV1@AEAI@Z
?SerializeByteOrderSwapped@FArchive@@AEAAAEAV1@AEA_K@Z
?Serialize@FBinaryArchiveFormatter@@UEAAXAEAM@Z
?Serialize@FBinaryArchiveFormatter@@UEAAXAEAN@Z
?GetUnderlyingArchive@FSlotBase@Private@StructuredArchive@UE@@QEBAAEAVFArchive@@XZ
??0FStructuredArchiveFromArchive@@QEAA@AEAVFArchive@@@Z
??1FStructuredArchiveFromArchive@@QEAA@XZ
?GetSlot@FStructuredArchiveFromArchive@@QEAA?AVFStructuredArchiveSlot@@XZ
?RemoveAt@FString@@QEAAXHH_N@Z
?ConcatFF@FString@@CA?AV1@$$QEAV1@0@Z
?ConcatFC@FString@@CA?AV1@$$QEAV1@PEB_W@Z
?StartsWith@FString@@QEBA_NPEB_WHW4Type@ESearchCase@@@Z
?GetTypeHash@@YAIUFNameEntryId@@@Z
?ToString@FName@@QEBA?AVFString@@XZ
??0FName@@QEAA@HPEB_WW4EFindName@@@Z
?IsWithinBounds@FName@@CA_NUFNameEntryId@@@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?MemCrc32Func@FCrc@@2P6AIPEBXHI@ZEA
?Identity@?$TTransform@N@Math@UE@@2U123@B
?GUID@FReleaseObjectVersion@@2UFGuid@@B
?GUID@FUE5MainStreamObjectVersion@@2UFGuid@@B

factorygameegs-staticmeshdescription-win64-shipping

?Register@FStaticMeshAttributes@@UEAAX_N@Z

vcruntime140

__C_specific_handler
memset
_purecall
memmove
memcpy
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

logf

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_cexit
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_register_onexit_function
_initialize_onexit_table

kernel32

QueryPerformanceCounter
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
InitializeSListHead
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
TerminateProcess
GetCurrentProcess

Exports

Exports

??0FSkeletalMeshAttributes@@QEAA@AEAUFMeshDescription@@@Z
??0FSkeletalMeshAttributesShared@@QEAA@AEBUFMeshDescription@@@Z
?AppendSkinWeight@FSkeletalMeshOperations@@SAXAEBUFMeshDescription@@AEAU2@AEAUFSkeletalMeshAppendSettings@1@@Z
?BoneAttributes@FSkeletalMeshAttributes@@QEAAAEAV?$TAttributesSet@UFBoneID@@@@XZ
?BoneAttributes@FSkeletalMeshAttributesShared@@QEBAAEBV?$TAttributesSet@UFBoneID@@@@XZ
?Bones@FSkeletalMeshAttributes@@QEAAAEAV?$TMeshElementContainer@UFBoneID@@@@XZ
?Bones@FSkeletalMeshAttributesShared@@QEBAAEBV?$TMeshElementContainer@UFBoneID@@@@XZ
?BonesElementName@FSkeletalMeshAttributesShared@@2VFName@@A
?Color@Bone@MeshAttribute@@3VFName@@B
?CreateBone@FSkeletalMeshAttributes@@QEAA?AUFBoneID@@XZ
?CreateBone@FSkeletalMeshAttributes@@QEAAXUFBoneID@@@Z
?CreateSkinWeightAttributeName@FSkeletalMeshAttributesShared@@KA?AVFName@@AEBV2@@Z
?DefaultSkinWeightProfileName@FSkeletalMeshAttributesShared@@2VFName@@A
?DeleteBone@FSkeletalMeshAttributes@@QEAAXUFBoneID@@@Z
?GetBoneColors@FSkeletalMeshAttributes@@QEAA?AV?$TMeshAttributesRef@UFBoneID@@U?$TVector4@M@Math@UE@@@@XZ
?GetBoneColors@FSkeletalMeshAttributesShared@@QEBA?AV?$TMeshAttributesRef@UFBoneID@@$$CBU?$TVector4@M@Math@UE@@@@XZ
?GetBoneNames@FSkeletalMeshAttributes@@QEAA?AV?$TMeshAttributesRef@UFBoneID@@VFName@@@@XZ
?GetBoneNames@FSkeletalMeshAttributesShared@@QEBA?AV?$TMeshAttributesRef@UFBoneID@@$$CBVFName@@@@XZ
?GetBoneParentIndices@FSkeletalMeshAttributes@@QEAA?AV?$TMeshAttributesRef@UFBoneID@@H@@XZ
?GetBoneParentIndices@FSkeletalMeshAttributesShared@@QEBA?AV?$TMeshAttributesRef@UFBoneID@@$$CBH@@XZ
?GetBonePoses@FSkeletalMeshAttributes@@QEAA?AV?$TMeshAttributesRef@UFBoneID@@U?$TTransform@N@Math@UE@@@@XZ
?GetBonePoses@FSkeletalMeshAttributesShared@@QEBA?AV?$TMeshAttributesRef@UFBoneID@@$$CBU?$TTransform@N@Math@UE@@@@XZ
?GetNumBones@FSkeletalMeshAttributesShared@@QEBAHXZ
?GetProfileNameFromAttribute@FSkeletalMeshAttributesShared@@SA?AVFName@@AEBV2@@Z
?GetSkinWeightProfileNames@FSkeletalMeshAttributesShared@@QEBA?AV?$TArray@VFName@@V?$TSizedDefaultAllocator@$0CA@@@@@XZ
?GetVertexSkinWeights@FSkeletalMeshAttributes@@QEAA?AVFSkinWeightsVertexAttributesRef@@AEBVFName@@@Z
?GetVertexSkinWeights@FSkeletalMeshAttributesShared@@QEBA?AVFSkinWeightsVertexAttributesConstRef@@AEBVFName@@@Z
?GetVertexSkinWeightsFromAttributeName@FSkeletalMeshAttributes@@QEAA?AVFSkinWeightsVertexAttributesRef@@AEBVFName@@@Z
?GetVertexSkinWeightsFromAttributeName@FSkeletalMeshAttributesShared@@QEBA?AVFSkinWeightsVertexAttributesConstRef@@AEBVFName@@@Z
?HasBoneColorAttribute@FSkeletalMeshAttributesShared@@QEBA_NXZ
?HasBoneNameAttribute@FSkeletalMeshAttributesShared@@QEBA_NXZ
?HasBoneParentIndexAttribute@FSkeletalMeshAttributesShared@@QEBA_NXZ
?HasBonePoseAttribute@FSkeletalMeshAttributesShared@@QEBA_NXZ
?IsSkinWeightAttribute@FSkeletalMeshAttributesShared@@SA_NAEBVFName@@@Z
?IsValidSkinWeightProfileName@FSkeletalMeshAttributesShared@@SA_NAEBVFName@@@Z
?Name@Bone@MeshAttribute@@3VFName@@B
?ParentIndex@Bone@MeshAttribute@@3VFName@@B
?Pose@Bone@MeshAttribute@@3VFName@@B
?Register@FSkeletalMeshAttributes@@UEAAX_N@Z
?RegisterColorAttribute@FSkeletalMeshAttributes@@QEAAXXZ
?RegisterSkinWeightAttribute@FSkeletalMeshAttributes@@QEAA_NAEBVFName@@@Z
?ReserveNewBones@FSkeletalMeshAttributes@@QEAAXH@Z
?SkinWeights@Vertex@MeshAttribute@@3VFName@@B
InitializeModule

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc34b321b87883bfbd53fda88f53178c

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a5:c2:1a:23:a2:ef:78:92:16:f9:e5:5c:af:ff:08:06:1c:84:16:40:6e:af:90:ca:f0:1b:ee:6b:8a:26:63:0aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factorygameegs-core-win64-shipping

factorygameegs-staticmeshdescription-win64-shipping

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 512B - Virtual size: 352B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a5:c2:1a:23:a2:ef:78:92:16:f9:e5:5c:af:ff:08:06:1c:84:16:40:6e:af:90:ca:f0:1b:ee:6b:8a:26:63:0a
Signer

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 512B - Virtual size: 352B