327707b882aeaf091504f8f666ea1fb0e88e3db4ce496243817707dea3a72cb7_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

327707b882aeaf091504f8f666ea1fb0e88e3db4ce496243817707dea3a72cb7_NeikiAnalytics.exe
Size

3.2MB
MD5

0afa6f49163bf7ec774bb42b2b9558e0
SHA1

ec396e902c8e97d1f30aff8561838e9962f24e48
SHA256

327707b882aeaf091504f8f666ea1fb0e88e3db4ce496243817707dea3a72cb7
SHA512

c293b0795bb331596b0bcc7ce2a190b01856156c017bb5cfa80143676bd6196a71fabea253313fff8153036696e9a2c0db10891f580537bf3a4424f68fd5aa61
SSDEEP

49152:9PbpbGjejL/ybBgooTwflPkVz36nEpWsEfFVP9RGasdQ+M40X2/dUHFHrPpD:9Pb1GflPkwEBAVlUHdjML2/deFHd

Score

1^/10

Malware Config

Signatures

Files

327707b882aeaf091504f8f666ea1fb0e88e3db4ce496243817707dea3a72cb7_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

fcbb5797e54e0fe3bc57420506f690d5

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:99:8e:5f:46:cc:0e:10:e6:1c:78:2b:97:e5:72:71
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/04/2023, 00:00

Not After

24/04/2026, 23:59

Subject

CN=FactSet Research Systems Inc.,O=FactSet Research Systems Inc.,L=Norwalk,ST=Connecticut,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:1d:b8:f0:85:99:b6:8e:96:e0:71:70:75:0f:65:68:7b:2d:48:03
Signer

Actual PE Digest

76:1d:b8:f0:85:99:b6:8e:96:e0:71:70:75:0f:65:68:7b:2d:48:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\source\prometheus\fdsxlc\Win32\Release\FDSXLC_shim.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
LocalAlloc
CreateFileA
DeleteFileA
DuplicateHandle
Sleep
SwitchToThread
MapViewOfFileEx
GetModuleHandleA
GetProcAddress
FormatMessageW
CreateFileMappingA
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
VerSetConditionMask
ExpandEnvironmentStringsW
SetErrorMode
OpenProcess
FindResourceExW
LoadLibraryW
VerifyVersionInfoW
GetLocaleInfoW
K32EnumProcesses
K32GetProcessImageFileNameW
ExpandEnvironmentStringsA
CreateFileW
DeleteFileW
WriteFile
LoadLibraryExW
QueryPerformanceFrequency
CopyFileW
MoveFileExW
LockFileEx
ReadFile
UnlockFileEx
CreateMutexExW
GetFileAttributesW
GetComputerNameA
SetLastError
SetDllDirectoryW
K32EnumProcessModulesEx
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
QueryFullProcessImageNameW
CreateEventW
CreateFileMappingW
MapViewOfFile
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetModuleHandleW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
UnmapViewOfFile
DeviceIoControl
GetFileInformationByHandleEx
QueryPerformanceCounter
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
FlushFileBuffers
CreateEventA
OpenEventA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
InterlockedFlushSList
ExitProcess
GetFileType
GetConsoleMode
ReadConsoleW
GetStdHandle
GetConsoleOutputCP
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetTimeZoneInformation
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetSystemTimeAsFileTime
GetTickCount
CloseHandle
MultiByteToWideChar
FormatMessageA
LocalFree
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
AreFileApisANSI
FlushInstructionCache
VirtualProtect
VirtualQuery
FreeLibrary
TerminateProcess
GetModuleFileNameW
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
GetModuleHandleExW
VirtualFreeEx
VirtualAllocEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
GetFileAttributesExW
GetSystemInfo

user32

wsprintfW

oleaut32

GetErrorInfo
VariantClear

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertCreateCertificateContext
CertCloseStore

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

advapi32

RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegDeleteValueW
RegDeleteTreeA
RegDeleteTreeW
SetEntriesInAclW
GetSecurityInfo
GetUserNameW

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
OleRun

Sections

.text
Size: 835KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shimfunc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcbb5797e54e0fe3bc57420506f690d5

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:99:8e:5f:46:cc:0e:10:e6:1c:78:2b:97:e5:72:71Certificate

Extended Key Usages

Key Usages

76:1d:b8:f0:85:99:b6:8e:96:e0:71:70:75:0f:65:68:7b:2d:48:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

wintrust

crypt32

version

advapi32

shell32

ole32

Sections

.text Size: 835KB - Virtual size: 834KB

.rdata Size: 249KB - Virtual size: 249KB

.data Size: 43KB - Virtual size: 81KB

shimfunc Size: 62KB - Virtual size: 62KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 47KB - Virtual size: 46KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:99:8e:5f:46:cc:0e:10:e6:1c:78:2b:97:e5:72:71
Certificate

76:1d:b8:f0:85:99:b6:8e:96:e0:71:70:75:0f:65:68:7b:2d:48:03
Signer

.text
Size: 835KB - Virtual size: 834KB

.rdata
Size: 249KB - Virtual size: 249KB

.data
Size: 43KB - Virtual size: 81KB

shimfunc
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 47KB - Virtual size: 46KB