422901aff1fbca92abbc88dd8d847126a341f3fcdff4e9cc6e456d96158b64eb_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

422901aff1fbca92abbc88dd8d847126a341f3fcdff4e9cc6e456d96158b64eb_NeikiAnalytics.exe
Size

306KB
MD5

43ae77074449a2bd66e4330eb7d8f410
SHA1

fc40a820f719c8f97b357e4e308cddcbc80a1b32
SHA256

422901aff1fbca92abbc88dd8d847126a341f3fcdff4e9cc6e456d96158b64eb
SHA512

353697f4049db33f628d7a37f68a6300a9a5f271901aaa870f0f99f28778da2390779bac9d6c10db2b1a6cce53eae7593cb718ee18125fb010f340746c601b9c
SSDEEP

6144:DZhnnIxw68iW+iPQLO83tspW+UVfIgZADr3r10KkOR9f6Z6U:DZhIxaQLOZWzpZ1QU

Score

1^/10

Malware Config

Signatures

Files

422901aff1fbca92abbc88dd8d847126a341f3fcdff4e9cc6e456d96158b64eb_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

3a41f24888a6dc52438e169e03cdfc3a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:f6:e6:42:af:44:ca:c6:ba:33:52:41:08:e2:f6:e3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

23/06/2022, 00:00

Not After

22/06/2025, 23:59

Subject

CN=CloudBacko Corporation,O=CloudBacko Corporation,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:f6:e6:42:af:44:ca:c6:ba:33:52:41:08:e2:f6:e3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

23/06/2022, 00:00

Not After

22/06/2025, 23:59

Subject

CN=CloudBacko Corporation,O=CloudBacko Corporation,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:38:15:67:ac:eb:51:79:61:78:7a:0f:b1:37:51:16:22:bc:91:43:7e:25:d8:af:b6:e7:30:3c:48:08:3f:f5
Signer

Actual PE Digest

7a:38:15:67:ac:eb:51:79:61:78:7a:0f:b1:37:51:16:22:bc:91:43:7e:25:d8:af:b6:e7:30:3c:48:08:3f:f5

Digest Algorithm

sha256

PE Digest Matches

true

af:1a:b0:33:dc:0f:63:ae:80:55:ec:39:1a:cb:91:20:10:4d:d7:d4
Signer

Actual PE Digest

af:1a:b0:33:dc:0f:63:ae:80:55:ec:39:1a:cb:91:20:10:4d:d7:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\Products\SHR\9.9.13.0\afc\msexchange\native\msexmail-mapi\Output\Release\MAPIWrapper.pdb

Imports

mapi32

ord17
ord23
ord21
ord170
ord171
ord59
ord198
ord11
ord13
ord15
ord138
ord19
ord75
ord140
ord135
ord129

msvcr80

??3@YAXPAX@Z
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_mbsnbcpy_s
malloc
free
memcpy_s
_CxxThrowException
strcpy_s
wcsncpy_s
strcat_s
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
_wcsicmp
strchr
strncpy
_strnset
_stricmp
strrchr
wcscpy_s
wprintf
wcstok
wcsncat_s
wcsncpy
printf
_vsnprintf_s
_vsnwprintf_s
_invalid_parameter_noinfo
_swprintf
_local_unwind4
memcpy
_vswprintf
wcsstr
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
memmove_s
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_snwprintf_s
sprintf_s
??2@YAPAXI@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
_resetstkoflw
memset
calloc
_recalloc
??_V@YAXPAX@Z

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA

rpcrt4

NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrCStdStubBuffer2_Release
NdrOleAllocate

kernel32

MultiByteToWideChar
lstrlenW
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
lstrcpyW
OpenProcess
TerminateProcess
GetExitCodeProcess
GetCurrentProcessId
GetProcAddress
GetCurrentProcess
FormatMessageW
LocalFree
GetCommandLineA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
SetEvent
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CreateEventA
CreateThread
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
Sleep
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte

user32

DispatchMessageA
UnregisterClassA
CharNextA
CharUpperA
TranslateMessage
GetMessageA
PostThreadMessageA

ole32

CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
StgOpenStorage
WriteClassStg
StgCreateStorageEx
CoTaskMemAlloc

oleaut32

VarUI4FromStr
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayCreate
SysStringByteLen
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
SafeArrayCopy
VariantInit
SysAllocStringLen
VarBstrCat
SafeArrayGetVartype
SysStringLen
BSTR_UserSize

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a41f24888a6dc52438e169e03cdfc3a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

b4:f6:e6:42:af:44:ca:c6:ba:33:52:41:08:e2:f6:e3Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

b4:f6:e6:42:af:44:ca:c6:ba:33:52:41:08:e2:f6:e3Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7a:38:15:67:ac:eb:51:79:61:78:7a:0f:b1:37:51:16:22:bc:91:43:7e:25:d8:af:b6:e7:30:3c:48:08:3f:f5Signer

af:1a:b0:33:dc:0f:63:ae:80:55:ec:39:1a:cb:91:20:10:4d:d7:d4Signer

Headers

File Characteristics

PDB Paths

Imports

mapi32

msvcr80

advapi32

rpcrt4

kernel32

user32

ole32

oleaut32

Sections

.text Size: 172KB - Virtual size: 170KB

.orpc Size: 4KB - Virtual size: 267B

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 24KB - Virtual size: 21KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

b4:f6:e6:42:af:44:ca:c6:ba:33:52:41:08:e2:f6:e3
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

b4:f6:e6:42:af:44:ca:c6:ba:33:52:41:08:e2:f6:e3
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7a:38:15:67:ac:eb:51:79:61:78:7a:0f:b1:37:51:16:22:bc:91:43:7e:25:d8:af:b6:e7:30:3c:48:08:3f:f5
Signer

af:1a:b0:33:dc:0f:63:ae:80:55:ec:39:1a:cb:91:20:10:4d:d7:d4
Signer

.text
Size: 172KB - Virtual size: 170KB

.orpc
Size: 4KB - Virtual size: 267B

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 24KB - Virtual size: 21KB