0cf2c55b004da6ba7823484a56c2fd1fe9bfa3b98c45ba4c76133d092944b18e_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0cf2c55b004da6ba7823484a56c2fd1fe9bfa3b98c45ba4c76133d092944b18e_NeikiAnalytics.exe
Size

2.1MB
MD5

8d6f6f5a2a7d514ff1c8b19fea4c5bf0
SHA1

b75d0c027ffe4e0caa19d318ede0e42a859efdf1
SHA256

0cf2c55b004da6ba7823484a56c2fd1fe9bfa3b98c45ba4c76133d092944b18e
SHA512

825a637f8e3b5b01e3469f5c28ff4348e83eee64fccab9f2d1316a7077a364949db287489a64e50bee85cb26496acf9337b9bbda665deeb64b8ef439a5f25384
SSDEEP

24576:DtRNHOqd9JR1TAVZZ0HvTwjITC6dpDpeDJ9ihgeg1FOsPxPFyqSrV2CoC5hqYj4t:DtREGJRZVUsTe9LCrV2CoC5EPMPE

Score

1^/10

Malware Config

Signatures

Files

0cf2c55b004da6ba7823484a56c2fd1fe9bfa3b98c45ba4c76133d092944b18e_NeikiAnalytics.exe
.dll regsvr32 windows:6 windows x64 arch:x64

a4ec779b71fa84b72c85924bfc0fc1d5

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/11/2023, 08:40

Not After

27/11/2024, 08:40

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:41:0a:79:8c:f6:ba:95:f2:c9:0b:e4:fb:a5:b8:36:b5:de:ba:d2:55:c5:a8:7c:0a:af:89:c7:ff:2d:fb:cc
Signer

Actual PE Digest

2a:41:0a:79:8c:f6:ba:95:f2:c9:0b:e4:fb:a5:b8:36:b5:de:ba:d2:55:c5:a8:7c:0a:af:89:c7:ff:2d:fb:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\RDBuildPool\20240322-08501\MenuEditor2\x64\Unicode_Release\CLMenuEditor3U.pdb

Imports

winmm

timeSetEvent
timeGetTime

shlwapi

PathRemoveFileSpecW
PathIsDirectoryW
PathRenameExtensionW
PathAppendW
PathAddExtensionW
PathCombineW
PathRemoveExtensionW
PathFindNextComponentA
PathCanonicalizeW
PathFindExtensionW
PathGetCharTypeW
PathIsRelativeW
PathStripToRootW
PathRemoveBackslashW
PathFindFileNameW
PathAppendA
PathAddBackslashW
PathFileExistsW

gdiplus

GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateBitmapFromStream
GdipLoadImageFromFileICM
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdiplusStartup
GdipFree
GdipAlloc
GdipSaveImageToStream
GdipDisposeImage
GdipLoadImageFromFile
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipSaveImageToFile
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipCloneImage

advapi32

RegEnumKeyExW
RegSetValueW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW

mfc110u

ord11767
ord9969
ord12438
ord12376
ord4384
ord7868
ord5059
ord2385
ord12056
ord12055
ord14030
ord7498
ord14036
ord8939
ord3952
ord3890
ord12457
ord7516
ord1962
ord11503
ord11502
ord13909
ord12045
ord7566
ord14108
ord5991
ord14110
ord5993
ord14109
ord5992
ord977
ord6477
ord3673
ord5577
ord11759
ord7765
ord11771
ord11739
ord5430
ord9786
ord1032
ord322
ord2263
ord7246
ord5873
ord13222
ord3157
ord3154
ord9791
ord7758
ord2644
ord1445
ord9821
ord9823
ord9822
ord9820
ord9824
ord5327
ord11252
ord11253
ord8681
ord11609
ord3660
ord11463
ord14029
ord8507
ord11740
ord6591
ord10536
ord8797
ord3118
ord13334
ord11779
ord11777
ord1685
ord1694
ord1702
ord1698
ord1707
ord4698
ord4735
ord4706
ord4718
ord4714
ord4710
ord4741
ord4731
ord4702
ord4745
ord4723
ord4687
ord4693
ord4726
ord4299
ord5456
ord9232
ord4291
ord2912
ord14031
ord7499
ord14037
ord6493
ord7928
ord13175
ord5594
ord2575
ord11644
ord3753
ord3223
ord3224
ord3117
ord11688
ord984
ord6482
ord4959
ord5239
ord5427
ord8891
ord5215
ord4962
ord5105
ord4943
ord7310
ord7311
ord7301
ord5103
ord7767
ord8750
ord2160
ord12126
ord1939
ord280
ord4836
ord1112
ord479
ord1659
ord12073
ord4577
ord6568
ord4635
ord3088
ord1157
ord5832
ord12113
ord12208
ord1628
ord542
ord1420
ord1821
ord957
ord7617
ord12753
ord14098
ord11921
ord14045
ord11864
ord12275
ord1661
ord1494
ord6371
ord2296
ord2286
ord266
ord265
ord1382
ord4508
ord12156
ord12125
ord1936
ord12257
ord911
ord6425
ord4122
ord1480
ord2217
ord6183
ord3698
ord2421
ord6190
ord4595
ord8304
ord4450
ord1492
ord296
ord1419
ord12752
ord13418
ord956
ord1040
ord344
ord7902
ord12432
ord2854
ord2848
ord1658
ord1027
ord286
ord2290
ord2292
ord1482
ord1441
ord7245
ord8011
ord4614
ord910
ord13417
ord12751
ord7608
ord12155
ord1381
ord7610
ord12157
ord4795
ord3668
ord7591
ord7592
ord12098
ord8305
ord12192
ord4660
ord4437
ord4665
ord9009
ord3655
ord2866
ord285
ord5580
ord12100
ord6569
ord13431
ord490
ord1115
ord5261
ord7733
ord2748
ord473
ord2306
ord2214
ord2111
ord2282
ord2182
ord4500
ord4517
ord2360
ord12395
ord13853
ord1938
ord872
ord1360
ord360
ord1048
ord10919
ord5328
ord7714
ord7388
ord13685
ord7888
ord4274
ord1817
ord11244
ord12258
ord3670
ord1483
ord323
ord1033
ord2273
ord2315
ord2318
ord2284
ord2317
ord472

msvcr110

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
memmove_s
_vsnwprintf_s
wcspbrk
printf_s
_wremove
atan
wcstok_s
wcsncat
wcscspn
fprintf_s
__iob_func
sqrtf
atan2
floorf
_itow_s
strcpy_s
sprintf_s
_stricmp
ferror
strncmp
fwrite
fclose
_wfopen
ceil
sqrt
sin
cos
atan2f
_wrmdir
_wmkdir
_wsplitpath_s
vswprintf_s
wcscpy_s
_purecall
?terminate@@YAXXZ
_onexit
__C_specific_handler
strncpy_s
memcmp
malloc
wcstoul
__dllonexit
_calloc_crt
_unlock
_lock
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
fopen
__crtUnhandledException
memmove
memchr
isalnum
memcpy
_CxxThrowException
_recalloc
calloc
_wtof
swprintf_s
_wcslwr_s
_wcsnicmp
memcpy_s
_wtoi64
_wcsicmp
_wtol
_wtoi
memset
__CxxFrameHandler3
free
wcscat_s
wcsncmp
floor
wcsncpy_s

kernel32

DuplicateHandle
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentProcess
RemoveDirectoryW
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
FreeLibrary
GetModuleFileNameW
CreateProcessW
TerminateProcess
CreateEventW
GetModuleFileNameA
lstrlenW
lstrlenA
GetVersionExW
DisableThreadLibraryCalls
GetLocalTime
GetCurrentProcessId
FindResourceW
SizeofResource
WaitForSingleObject
OutputDebugStringW
MultiByteToWideChar
LockResource
LoadResource
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
GetDiskFreeSpaceW
GetCurrentDirectoryW
MulDiv
InitializeCriticalSectionEx
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
CopyFileW
SetFileAttributesW
CreateDirectoryA
GetFileAttributesExW
WideCharToMultiByte
LoadLibraryExW
GetTempFileNameW
FindNextFileW
FindFirstFileW
ReleaseSemaphore
GlobalFree
GetSystemInfo
lstrcmpW
CreateSemaphoreW
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetTickCount
FindClose
LocalAlloc
LocalFree
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetLastError
CreateDirectoryW
VirtualFree
VirtualAlloc
CloseHandle
WriteFile
ReadFile
GetFileSizeEx
DeleteFileW
CreateFileW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetTempPathW

user32

PtInRect
LoadCursorW
DestroyWindow
SetWindowPos
GetWindowPlacement
EnableWindow
IsWindowEnabled
GetDC
ReleaseDC
GetClientRect
SetWindowLongPtrW
SetClassLongPtrW
SetParent
FillRect
LoadImageW
GetMessageW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
SetFocus
SetCursor
GetParent
DrawTextW
InflateRect
GetFocus
SetCapture
ReleaseCapture
CreatePopupMenu
DestroyMenu
TrackPopupMenuEx
UpdateWindow
InvalidateRect
RedrawWindow
GetWindowRect
ClipCursor
ClientToScreen
ScreenToClient
SetRect
GetDesktopWindow
RegisterWindowMessageW
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
FindWindowW
SetWindowTextW
KillTimer
SetTimer
EndDialog
CreateDialogParamW
ShowWindow
DefWindowProcW
PostMessageW
SendMessageW
EqualRect
IsRectEmpty
OffsetRect
CopyRect
SetRectEmpty
IntersectRect
CharNextW
GetKeyState
UnregisterClassW
UnionRect

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
GetObjectType
StretchBlt
SetStretchBltMode
SetBrushOrgEx
InvertRgn
CreateBitmap
BitBlt
MoveToEx
SelectObject
LineTo
CreatePen
SetBkColor
CreateSolidBrush
CreateDIBSection
GetDIBits
DeleteObject
PolyPolygon
PtInRegion
CreatePolygonRgn
CreateBrushIndirect
GetBitmapBits
SetBkMode
SetROP2
SetTextColor
BeginPath
EndPath
PathToRegion
StrokePath
DeleteDC
CreateDCW
GetStockObject
CreateFontIndirectW
ExtCreatePen
Polyline
GetDeviceCaps
SetDIBits
GetObjectW

msimg32

AlphaBlend
TransparentBlt

shell32

ord165
DragQueryFileW
SHGetSpecialFolderPathW

comctl32

ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove

atl110

ord49
ord56
ord68

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

msvcp110

?_Syserror_map@std@@YAPEBDH@Z
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4ec779b71fa84b72c85924bfc0fc1d5

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:afCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

2a:41:0a:79:8c:f6:ba:95:f2:c9:0b:e4:fb:a5:b8:36:b5:de:ba:d2:55:c5:a8:7c:0a:af:89:c7:ff:2d:fb:ccSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

shlwapi

gdiplus

advapi32

mfc110u

msvcr110

kernel32

user32

gdi32

msimg32

shell32

comctl32

atl110

ole32

oleaut32

msvcp110

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 421KB - Virtual size: 420KB

.data Size: 17KB - Virtual size: 23KB

.pdata Size: 90KB - Virtual size: 89KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 10KB - Virtual size: 9KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

2a:41:0a:79:8c:f6:ba:95:f2:c9:0b:e4:fb:a5:b8:36:b5:de:ba:d2:55:c5:a8:7c:0a:af:89:c7:ff:2d:fb:cc
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 421KB - Virtual size: 420KB

.data
Size: 17KB - Virtual size: 23KB

.pdata
Size: 90KB - Virtual size: 89KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 10KB - Virtual size: 9KB