3930cfd8561ee14f33084c5fc47602d1e083130fb241c97ad23ee60262ca47ec_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3930cfd8561ee14f33084c5fc47602d1e083130fb241c97ad23ee60262ca47ec_NeikiAnalytics.exe
Size

258KB
MD5

fafd041c793b05251280c988d544b1d0
SHA1

dc226abf977adb6ba69fbd59b7f99d5222e90131
SHA256

3930cfd8561ee14f33084c5fc47602d1e083130fb241c97ad23ee60262ca47ec
SHA512

41c4d526e035f086490dc00d9612c8ffa17f63f9f185952df3f0944877d4ac3d445df65c85c743f866fbc66548287c34bba2f707b7bdf83143da7b01acc6b247
SSDEEP

6144:RO+uZb5K8Dy+Zkt9dHlJ1ybBEleb906wslm/m+yygWNW:RO+MbMOEe3mj

Score

1^/10

Malware Config

Signatures

Files

3930cfd8561ee14f33084c5fc47602d1e083130fb241c97ad23ee60262ca47ec_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

23f94ad8889ad1c73cfb18c102e76088

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:91:91:61:ff:f2:c7:04:72:36:0a:4b:f8:6f:85:ba
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

24-11-2022 00:00

Not After

23-11-2025 23:59

Subject

CN=iterate GmbH,O=iterate GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19-01-2024 16:46

Not After

01-06-2029 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7b:8d:7f:fe:bf:5e:9a:28:47:ff:c6:14:e4:2c:79:90:77:3d:8f:0f:0b:ae:04:3d:77:84:b9:d5:b3:3f:e5:36
Signer

Actual PE Digest

7b:8d:7f:fe:bf:5e:9a:28:47:ff:c6:14:e4:2c:79:90:77:3d:8f:0f:0b:ae:04:3d:77:84:b9:d5:b3:3f:e5:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

EnumProcessModules

kernel32

ExitProcess
GetShortPathNameW
GetLastError
SetLastError
GetCurrentProcess
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalFree
FormatMessageW
WideCharToMultiByte
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
HeapSize
HeapReAlloc
CloseHandle
CreateFileW

Exports

Exports

JNI_OnLoad
JNI_OnUnload
Java_com_sun_jna_Native__1getDirectBufferPointer
Java_com_sun_jna_Native__1getPointer
Java_com_sun_jna_Native_close
Java_com_sun_jna_Native_createNativeCallback
Java_com_sun_jna_Native_ffi_1call
Java_com_sun_jna_Native_ffi_1free_1closure
Java_com_sun_jna_Native_ffi_1prep_1cif
Java_com_sun_jna_Native_ffi_1prep_1closure
Java_com_sun_jna_Native_findSymbol
Java_com_sun_jna_Native_free
Java_com_sun_jna_Native_freeNativeCallback
Java_com_sun_jna_Native_getAPIChecksum
Java_com_sun_jna_Native_getByte
Java_com_sun_jna_Native_getChar
Java_com_sun_jna_Native_getDirectByteBuffer__Lcom_sun_jna_Pointer_2JJJ
Java_com_sun_jna_Native_getDouble
Java_com_sun_jna_Native_getFloat
Java_com_sun_jna_Native_getInt
Java_com_sun_jna_Native_getLastError
Java_com_sun_jna_Native_getLong
Java_com_sun_jna_Native_getNativeVersion
Java_com_sun_jna_Native_getShort
Java_com_sun_jna_Native_getStringBytes
Java_com_sun_jna_Native_getWideString
Java_com_sun_jna_Native_getWindowHandle0
Java_com_sun_jna_Native_indexOf
Java_com_sun_jna_Native_initIDs
Java_com_sun_jna_Native_initialize_1ffi_1type
Java_com_sun_jna_Native_invokeDouble
Java_com_sun_jna_Native_invokeFloat
Java_com_sun_jna_Native_invokeInt
Java_com_sun_jna_Native_invokeLong
Java_com_sun_jna_Native_invokeObject
Java_com_sun_jna_Native_invokePointer
Java_com_sun_jna_Native_invokeStructure
Java_com_sun_jna_Native_invokeVoid
Java_com_sun_jna_Native_isProtected
Java_com_sun_jna_Native_malloc
Java_com_sun_jna_Native_open
Java_com_sun_jna_Native_read__Lcom_sun_jna_Pointer_2JJ_3BII
Java_com_sun_jna_Native_read__Lcom_sun_jna_Pointer_2JJ_3CII
Java_com_sun_jna_Native_read__Lcom_sun_jna_Pointer_2JJ_3DII
Java_com_sun_jna_Native_read__Lcom_sun_jna_Pointer_2JJ_3FII
Java_com_sun_jna_Native_read__Lcom_sun_jna_Pointer_2JJ_3III
Java_com_sun_jna_Native_read__Lcom_sun_jna_Pointer_2JJ_3JII
Java_com_sun_jna_Native_read__Lcom_sun_jna_Pointer_2JJ_3SII
Java_com_sun_jna_Native_registerMethod
Java_com_sun_jna_Native_setByte
Java_com_sun_jna_Native_setChar
Java_com_sun_jna_Native_setDetachState
Java_com_sun_jna_Native_setDouble
Java_com_sun_jna_Native_setFloat
Java_com_sun_jna_Native_setInt
Java_com_sun_jna_Native_setLastError
Java_com_sun_jna_Native_setLong
Java_com_sun_jna_Native_setMemory
Java_com_sun_jna_Native_setPointer
Java_com_sun_jna_Native_setProtected
Java_com_sun_jna_Native_setShort
Java_com_sun_jna_Native_setWideString
Java_com_sun_jna_Native_sizeof
Java_com_sun_jna_Native_unregister
Java_com_sun_jna_Native_write__Lcom_sun_jna_Pointer_2JJ_3BII
Java_com_sun_jna_Native_write__Lcom_sun_jna_Pointer_2JJ_3CII
Java_com_sun_jna_Native_write__Lcom_sun_jna_Pointer_2JJ_3DII
Java_com_sun_jna_Native_write__Lcom_sun_jna_Pointer_2JJ_3FII
Java_com_sun_jna_Native_write__Lcom_sun_jna_Pointer_2JJ_3III
Java_com_sun_jna_Native_write__Lcom_sun_jna_Pointer_2JJ_3JII
Java_com_sun_jna_Native_write__Lcom_sun_jna_Pointer_2JJ_3SII

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23f94ad8889ad1c73cfb18c102e76088

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

26:91:91:61:ff:f2:c7:04:72:36:0a:4b:f8:6f:85:baCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

7b:8d:7f:fe:bf:5e:9a:28:47:ff:c6:14:e4:2c:79:90:77:3d:8f:0f:0b:ae:04:3d:77:84:b9:d5:b3:3f:e5:36Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 18KB - Virtual size: 24KB

.pdata Size: 7KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 2KB - Virtual size: 1KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

26:91:91:61:ff:f2:c7:04:72:36:0a:4b:f8:6f:85:ba
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

7b:8d:7f:fe:bf:5e:9a:28:47:ff:c6:14:e4:2c:79:90:77:3d:8f:0f:0b:ae:04:3d:77:84:b9:d5:b3:3f:e5:36
Signer

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 18KB - Virtual size: 24KB

.pdata
Size: 7KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 2KB - Virtual size: 1KB