54c62330224c929a5f57747e3a0051be0b2eac701eae3ad36aae5b6c85852e41_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

54c62330224c929a5f57747e3a0051be0b2eac701eae3ad36aae5b6c85852e41_NeikiAnalytics.exe
Size

952KB
MD5

1bb7c8ab0d45991d1e25b15bcc6279f0
SHA1

f7600f7deaee6fe7896252bf36f4fc4c4a663361
SHA256

54c62330224c929a5f57747e3a0051be0b2eac701eae3ad36aae5b6c85852e41
SHA512

bffff167da9294f0aca58854c290a4792e61416c4e05ae31d2cdf590369e0561a7bbe69d476e1b20e0c2886c5fba512396e07a6c101f7a5301fb2d5b4b67e1fe
SSDEEP

24576:M0VMp9NUYZQ6qPt7OGoJ5iilKSjQguyaBMf+3Mu:C9WYi6y7AJ5itSjQfWmj

Score

1^/10

Malware Config

Signatures

Files

54c62330224c929a5f57747e3a0051be0b2eac701eae3ad36aae5b6c85852e41_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

38bbf95d42c1535647bbf5af90c75206

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:b2:09:3f:1c:34:89:36:43:da:a1:ad:1c:c9:78:68
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07/11/2023, 00:00

Not After

06/11/2026, 23:59

Subject

SERIALNUMBER=24 010 794 359,CN=GP Software (Redbrook Pty Ltd),O=GP Software (Redbrook Pty Ltd),ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:dd:ca:a5:50:46:13:65:bb:a1:41:6d:44:57:2c:8e:16:f0:21:a4:5b:e7:c4:bb:f6:fe:bb:f6:c0:fb:3f:8f
Signer

Actual PE Digest

5f:dd:ca:a5:50:46:13:65:bb:a1:41:6d:44:57:2c:8e:16:f0:21:a4:5b:e7:c4:bb:f6:fe:bb:f6:c0:fb:3f:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

opus7zip.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

uxtheme

GetWindowTheme
DrawThemeParentBackground
IsThemeActive
IsAppThemed
OpenThemeData
DrawThemeBackground
CloseThemeData
EnableThemeDialogTexture

comctl32

ord413
ord412
ord410

kernel32

CreateDirectoryW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
GetCurrentThreadId
ReplaceFileW
SetFileTime
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
FlushFileBuffers
FileTimeToSystemTime
GetCurrentProcessId
ReadFile
Sleep
FindFirstFileExW
FindClose
FindFirstFileW
GetShortPathNameW
GetFileAttributesExW
GetModuleFileNameW
GetTempPathW
GetSystemTime
FindNextFileW
FreeLibrary
GetProcAddress
GetCurrentProcess
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetModuleHandleW
LoadLibraryExW
ExpandEnvironmentStringsW
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
WaitForMultipleObjects
ReleaseMutex
GetTickCount
CreateProcessW
GetLocaleInfoW
LCMapStringW
OpenProcess
lstrlenW
HeapSize
HeapReAlloc
HeapAlloc
SystemTimeToFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
ResumeThread
SetDllDirectoryW
SetThreadExecutionState
GetSystemPowerStatus
SetFilePointer
LocalAlloc
GetFileSize
FileTimeToLocalFileTime
GetDateFormatW
GetSystemTimeAsFileTime
TryEnterCriticalSection
CompareFileTime
GetProcessId
GetExitCodeProcess
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
FlsFree
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
ResetEvent
CreateEventW
DeleteFileW
WriteFile
CreateFileW
SetLastError
SetEvent
WaitForSingleObject
CloseHandle
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
HeapFree
GetOEMCP

user32

PostQuitMessage
RegisterWindowMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DefWindowProcW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterClassW
RegisterClassW
LoadCursorW
DestroyWindow
GetSystemMenu
PostMessageW
GetClassNameW
IsWindowVisible
GetDlgCtrlID
GetWindowTextW
GetWindowTextLengthW
SendMessageTimeoutW
GetWindowThreadProcessId
EnumChildWindows
CreateWindowExW
SetFocus
SetForegroundWindow
FindWindowExW
IsWindowEnabled
IsIconic
EnumWindows
GetComboBoxInfo
DrawTextW
SetRectEmpty
MapDialogRect
SystemParametersInfoW
GetDesktopWindow
CopyRect
GetMonitorInfoW
MonitorFromPoint
AllowSetForegroundWindow
GetNextDlgTabItem
AdjustWindowRectEx
ShowWindow
IsWindow
GetCursorPos
MonitorFromWindow
ReleaseDC
GetDC
EndPaint
GetWindow
GetUpdateRect
DrawFrameControl
GetSysColorBrush
FillRect
GetClientRect
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
SetDlgItemTextW
SetWindowTextW
CheckDlgButton
SetWindowPos
EnableWindow
IsChild
GetFocus
GetWindowRect
GetDlgItem
GetSystemMetrics
ClientToScreen
ScreenToClient
MoveWindow
InvalidateRect
SendMessageW
GetParent
EnableMenuItem
BeginPaint

gdi32

GdiFlush
BitBlt
CreateCompatibleBitmap
ExcludeClipRect
DeleteObject
SelectObject
CreateCompatibleDC
DeleteDC

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetKnownFolderPath
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
PropVariantClear
CoTaskMemFree
CoCreateInstance
PropVariantCopy

oleaut32

SystemTimeToVariantTime
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

RDLL_UnRarServerW
RDLL_WinRarProgressW
VFS_BatchOperationW
VFS_CanChangeWriteProtected
VFS_CheckWriteProtected
VFS_Clone
VFS_CloseFileEx
VFS_CloseUnreferencedFileHandles
VFS_ConfigureTypeConfig
VFS_ContextVerbW
VFS_Create
VFS_CreateArchive
VFS_CreateArchiveDialog
VFS_CreateDirectoryW
VFS_CreateFileW
VFS_DeleteFileW
VFS_Destroy
VFS_FindClose
VFS_FindFileExtension
VFS_FindFirstFileW
VFS_FindNextFileW
VFS_FreeArchiveCreationData
VFS_GetAllCustomColumnsW
VFS_GetArchiveCreationInfo
VFS_GetCapabilitiesEx2W
VFS_GetCustomColumnsW
VFS_GetErrorMsgW
VFS_GetFileAttrW
VFS_GetFileInformationW
VFS_GetFileSizeW
VFS_GetFileType
VFS_GetLastError
VFS_HasExtensionAlias
VFS_HideFromTree
VFS_IdentifyW
VFS_Init
VFS_MoveFileW
VFS_NotifyConfigChanges
VFS_ParseArchiveCreationArgs
VFS_PropGetW
VFS_PropertiesW
VFS_QueryArchiveThumbnails
VFS_QueryExtractionExtensions
VFS_QueryExtractionMappings
VFS_QueryPathW
VFS_QueryTypeConfigIDs
VFS_QueryTypeConfigInfo
VFS_ReadDirectoryW
VFS_ReadFile
VFS_RemoveDirectoryW
VFS_SeekFile
VFS_SetFileAttrW
VFS_SetFileTimeW
VFS_SetTypeConfigFlags
VFS_ShuttingDown
VFS_Uninit
VFS_WriteFile
VFS_WriteProtect

Sections

.text
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38bbf95d42c1535647bbf5af90c75206

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

c9:b2:09:3f:1c:34:89:36:43:da:a1:ad:1c:c9:78:68Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5f:dd:ca:a5:50:46:13:65:bb:a1:41:6d:44:57:2c:8e:16:f0:21:a4:5b:e7:c4:bb:f6:fe:bb:f6:c0:fb:3f:8fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

uxtheme

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 696KB - Virtual size: 696KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 12KB - Virtual size: 16KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 4KB - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

c9:b2:09:3f:1c:34:89:36:43:da:a1:ad:1c:c9:78:68
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5f:dd:ca:a5:50:46:13:65:bb:a1:41:6d:44:57:2c:8e:16:f0:21:a4:5b:e7:c4:bb:f6:fe:bb:f6:c0:fb:3f:8f
Signer

.text
Size: 696KB - Virtual size: 696KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 12KB - Virtual size: 16KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 4KB - Virtual size: 4KB