6c3ef0904ad7afffe3374608556f0b7723e3b4d484a2bedc44a54dcfa18c4046_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6c3ef0904ad7afffe3374608556f0b7723e3b4d484a2bedc44a54dcfa18c4046_NeikiAnalytics.exe
Size

459KB
MD5

9dd2d3a7582cd7116318291631e9aba0
SHA1

c5935be7fdbcd0afb1303db5a025dcde43c5cf0d
SHA256

6c3ef0904ad7afffe3374608556f0b7723e3b4d484a2bedc44a54dcfa18c4046
SHA512

7e8986e484067e9c3f804e12ad003c2db577dcf55df5060cf4ef37c8b454b966ca9e24aaaca5d4069fa24aef1008074ffa2998e1e81c53b10fc46f5bdf647e93
SSDEEP

12288:Y/XMv1zvMOxcqwg1JPWYgeWYg955/155/Ta0NwJ6ANjmC:Y0vaQwg1JQa4wJ6AF

Score

1^/10

Malware Config

Signatures

Files

6c3ef0904ad7afffe3374608556f0b7723e3b4d484a2bedc44a54dcfa18c4046_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

dfa864a8ac8675b04d250c13d0d40f8d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:11:ba:ba:3c:bb:3f:03:8a:b4:06:20:dc:60:16:54
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/12/2022, 00:00

Not After

20/01/2026, 23:59

Subject

CN=TPZ SOLUCOES DIGITAIS LTDA,OU=OFD,O=TPZ SOLUCOES DIGITAIS LTDA,L=Indaiatuba,ST=São Paulo,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:16:3d:f5:36:c3:02:1a:d9:20:0b:80:d9:27:8e:e9:fb:9b:7c:00:82:11:75:92:e6:60:4f:83:20:67:8a:4e
Signer

Actual PE Digest

16:16:3d:f5:36:c3:02:1a:d9:20:0b:80:d9:27:8e:e9:fb:9b:7c:00:82:11:75:92:e6:60:4f:83:20:67:8a:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\GitLab-Runner\builds\f3aVvZ6p\1\desktop\warsaw_feature_screening\_tmp\feature\msvc-14.2\prdct\adrs-mdl-64\archt-x86\dbg-symbl-on\thrdp-wn32\thrd-mlt\feature.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

kernel32

WideCharToMultiByte
LocalFree
CreateSemaphoreA
ReleaseSemaphore
Sleep
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CloseHandle
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
VerSetConditionMask
GetModuleHandleA
GetProcAddress
VerifyVersionInfoW
GetModuleFileNameA
CreateFileW
GetLastError
GetModuleHandleW
AreFileApisANSI
MultiByteToWideChar
FreeLibrary
LoadLibraryA
SetLastError
ReleaseMutex
DuplicateHandle
GetCurrentProcess
OpenProcess
GetCurrentProcessId
LocalAlloc
SetThreadPriority
CreateThread
CreateSemaphoreW
lstrcpyA
lstrlenA
EnterCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
TerminateThread
lstrcatA
CreateMutexW
CreatePipe
ReadFile
GetVersionExW
VirtualFree
VirtualAlloc
OpenEventW
GetModuleFileNameW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
ResetEvent
TerminateProcess
FormatMessageW
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
QueryPerformanceFrequency
GetComputerNameA
CreateEventA
OpenEventA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

msvcp140

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

vcruntime140

memset
memmove
__std_type_info_destroy_list
__current_exception_context
__current_exception
memcpy
memcmp
__std_terminate
__std_type_info_compare
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__C_specific_handler
strchr
strrchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_cexit
_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_crt_atexit
_errno
_invalid_parameter_noinfo
strerror
terminate
_initterm
_invalid_parameter_noinfo_noreturn
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_callnewh
_aligned_free
_aligned_malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strcpy
strlen
strcpy_s
tolower
_wcsicmp
_stricmp
wcscpy
strncpy
strcmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

floor
_dclass
modf

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

function1

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbld0
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfa864a8ac8675b04d250c13d0d40f8d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:11:ba:ba:3c:bb:3f:03:8a:b4:06:20:dc:60:16:54Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

16:16:3d:f5:36:c3:02:1a:d9:20:0b:80:d9:27:8e:e9:fb:9b:7c:00:82:11:75:92:e6:60:4f:83:20:67:8a:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 283KB - Virtual size: 283KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 36KB - Virtual size: 47KB

.pdata Size: 14KB - Virtual size: 14KB

.dbld0 Size: 17KB - Virtual size: 17KB

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:11:ba:ba:3c:bb:3f:03:8a:b4:06:20:dc:60:16:54
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

16:16:3d:f5:36:c3:02:1a:d9:20:0b:80:d9:27:8e:e9:fb:9b:7c:00:82:11:75:92:e6:60:4f:83:20:67:8a:4e
Signer

.text
Size: 283KB - Virtual size: 283KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 36KB - Virtual size: 47KB

.pdata
Size: 14KB - Virtual size: 14KB

.dbld0
Size: 17KB - Virtual size: 17KB

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB