3a85db52ebb4684305bce93217b8e80862c8348493848b53754a078bfbbbf9ce_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3a85db52ebb4684305bce93217b8e80862c8348493848b53754a078bfbbbf9ce_NeikiAnalytics.exe
Size

318KB
MD5

4c719918a3901743ad31744055cb8a30
SHA1

89c50f9c7e0d1fe3ca6b32c3c27a1c77eab8cebc
SHA256

3a85db52ebb4684305bce93217b8e80862c8348493848b53754a078bfbbbf9ce
SHA512

ac1e4504668285c9ed4a59266efb9276c03c7d8aae93773ba9b679470177a7469ae7b263b0aa93ba9f5db54019f66b6c37b8184b04e1583992e31e322a2208e3
SSDEEP

6144:swYN2MfzXyfIeHvCYTndcvozC5Ka1PhZURiFnP6mi+auye6+Se6WS2KkEonSapel:Rn9C5Ka1s4FnP6mi+auye6+Se6WS2KkU

Score

1^/10

Malware Config

Signatures

Files

3a85db52ebb4684305bce93217b8e80862c8348493848b53754a078bfbbbf9ce_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

0c84cb573e3b8c1891f131ef5e340536

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:80:11:6f:08:be:fd:d7:0f:af:46:90
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

23-09-2021 09:22

Not After

29-11-2024 15:30

Subject

SERIALNUMBER=0408.425.626,CN=ZETES SA,O=ZETES SA,STREET=Rue de Strasbourg 3,L=Bruxelles,ST=Région de Bruxelles-Capitale,C=BE,1.2.840.113549.1.9.1=#0c0f69744062652e7a657465732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024245,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02-11-2023 10:30

Not After

04-12-2034 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:43:55:9c:a7:a2:ad:e0:21:e7:a3:ea:04:5e:d9:5f:73:9b:84:91:23:b1:34:26:f2:68:7d:e0:69:cf:30:d3
Signer

Actual PE Digest

8c:43:55:9c:a7:a2:ad:e0:21:e7:a3:ea:04:5e:d9:5f:73:9b:84:91:23:b1:34:26:f2:68:7d:e0:69:cf:30:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Thomas.Charlier\source\repos\eid-mw\cardcomm\pkcs11\VS_2019\Binaries\x64_PKCS11_FF_Release\beid_ff_pkcs11.pdb

Imports

winscard

SCardConnectA
SCardReconnect
SCardCancel
SCardGetAttrib
SCardEndTransaction
SCardDisconnect
SCardGetStatusChangeA
SCardEstablishContext
SCardReleaseContext
SCardControl
SCardListReadersA
SCardStatusA
SCardTransmit
SCardBeginTransaction

user32

GetSysColor
FillRect
InvalidateRect
UpdateWindow
GetSysColorBrush
GetDesktopWindow
RemoveMenu
LoadCursorW
LoadIconW
TranslateMessage
RegisterClassW
IsDialogMessageW
DispatchMessageW
UnregisterClassW
MessageBoxW
DestroyWindow
AdjustWindowRectEx
CloseWindow
GetMessageW
DrawFocusRect
GetDlgItem
DrawTextW
DrawEdge
EnableWindow
DefWindowProcW
GetSystemMenu
EndPaint
MonitorFromWindow
CreateWindowExW
SendMessageW
ShowWindow
GetMonitorInfoW
LoadBitmapW
SetFocus
GetClientRect
EnableMenuItem
GetParent
SetForegroundWindow
IsIconic
BeginPaint

gdi32

BitBlt
CreateBitmap
SetBkColor
CreateSolidBrush
SelectObject
CreateCompatibleDC
CreateDCW
CreateFontW
DeleteDC
GetDeviceCaps
SetTextColor
GetObjectW
MaskBlt

advapi32

RegGetValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW

msvcp140

??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?narrow@?$ctype@_W@std@@QEBAD_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
ReleaseMutex
GetCurrentThreadId
CreateMutexW
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
Sleep
GetCurrentProcessId
lstrcmpA
lstrcatA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
DeleteCriticalSection
GetFileAttributesW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
WaitForSingleObject

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strstr
wcsstr
__current_exception
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
__std_type_info_destroy_list
memchr
memcmp
memcpy
memmove
__std_terminate
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fopen_s
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
fclose
__stdio_common_vfwprintf_s
__stdio_common_vsnprintf_s
_wfopen_s

api-ms-win-crt-string-l1-1-0

wcscpy_s
strncmp
tolower
strcpy_s
wcscoll
_wcsdup

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_seh_filter_dll
_getpid
_crt_atexit
_errno
_initterm_e
_initterm
_configure_narrow_argv
_cexit
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_findnext64i32
_findclose
_findfirst64i32
_wrename
_wstat64i32
_wremove

api-ms-win-crt-convert-l1-1-0

_itow_s
_itoa_s

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
wcsftime

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c84cb573e3b8c1891f131ef5e340536

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

3f:80:11:6f:08:be:fd:d7:0f:af:46:90Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

8c:43:55:9c:a7:a2:ad:e0:21:e7:a3:ea:04:5e:d9:5f:73:9b:84:91:23:b1:34:26:f2:68:7d:e0:69:cf:30:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winscard

user32

gdi32

advapi32

shell32

msvcp140

kernel32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 222KB - Virtual size: 221KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 3KB - Virtual size: 22KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1004B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

3f:80:11:6f:08:be:fd:d7:0f:af:46:90
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

8c:43:55:9c:a7:a2:ad:e0:21:e7:a3:ea:04:5e:d9:5f:73:9b:84:91:23:b1:34:26:f2:68:7d:e0:69:cf:30:d3
Signer

.text
Size: 222KB - Virtual size: 221KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 3KB - Virtual size: 22KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1004B