2f9c9f81b4773c54c1933d73963a490fb47f5ce8d11b0647b988cdd14c46582e_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2f9c9f81b4773c54c1933d73963a490fb47f5ce8d11b0647b988cdd14c46582e_NeikiAnalytics.exe
Size

411KB
MD5

0142cb9d64d3cc62aab517418b407dd0
SHA1

1a40842e53762814077cca4ba0c72a25da929e2e
SHA256

2f9c9f81b4773c54c1933d73963a490fb47f5ce8d11b0647b988cdd14c46582e
SHA512

662b209077f4744711183cb330badee7382ffe46e978f238b825e56b3efe12ecc98282dc008dd28348d7bdc0c28ab757e5b88d02c317dcd5621db193b1506c08
SSDEEP

6144:MmIA4k1HoEM30/9xdP5fKpYEVWRdHpBEx4yKNRAZrH46aH4so7X:MmIidoEq0/d5qYEVyJBEx4VDBob

Score

1^/10

Malware Config

Signatures

Files

2f9c9f81b4773c54c1933d73963a490fb47f5ce8d11b0647b988cdd14c46582e_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

7dad938cf2db74d9eae06d72d09e4117

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:e8:06:75:b7:45:87:6b:e6:9e:15:73
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/09/2023, 06:47

Not After

06/09/2026, 06:47

Subject

SERIALNUMBER=91110108766259016Q,CN=DVDFab Software Inc.,O=DVDFab Software Inc.,STREET=海淀区北四环西路9号2108,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:68:a3:30:d7:58:8c:13:36:4c:19:61:c2:f5:7e:76:aa:30:ea:71
Signer

Actual PE Digest

89:68:a3:30:d7:58:8c:13:36:4c:19:61:c2:f5:7e:76:aa:30:ea:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\opensource\curl-7.65.0\build\Win64\VC14\DLL Release - DLL OpenSSL\libcurl.pdb

Imports

ws2_32

gethostname
freeaddrinfo
accept
listen
ioctlsocket
__WSAFDIsSet
select
send
WSAStartup
recvfrom
sendto
WSACleanup
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
recv
setsockopt
socket
WSASetLastError
WSAIoctl
getaddrinfo
WSAGetLastError

wldap32

ord41
ord208
ord216
ord118
ord46
ord219
ord145
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord14

libeay32

ord2490
ord784
ord809
ord808
ord2437
ord2436
ord2435
ord341
ord342
ord340
ord3479
ord3765
ord3712
ord1654
ord1653
ord909
ord908
ord1
ord188
ord181
ord93
ord78
ord66
ord88
ord52
ord95
ord86
ord151
ord154
ord2023
ord1951
ord2075
ord816
ord979
ord7
ord2442
ord1161
ord18
ord2712
ord2925
ord3109
ord269
ord2936
ord323
ord3315
ord3212
ord298
ord2034
ord281
ord280
ord484
ord956
ord2596
ord625
ord556
ord958
ord680
ord869
ord641
ord656
ord653
ord657
ord654
ord2431
ord579
ord578
ord566
ord1958
ord544
ord543
ord401
ord421
ord464
ord2201
ord467
ord466
ord2254
ord3182
ord3226
ord3214
ord1216
ord1180
ord2454
ord227
ord248
ord222
ord2291
ord224
ord4445
ord1291
ord1301
ord1304
ord1308
ord2561
ord3164
ord3025
ord2593
ord2989
ord2971
ord2838
ord3173
ord3020
ord2598
ord2647
ord2844
ord3048
ord2783
ord2947
ord3144
ord2857
ord3140
ord3102
ord3174
ord2558
ord2979
ord2946
ord3013
ord3045
ord2916
ord2723
ord3016
ord2492
ord2504
ord2493
ord2708
ord2481
ord2900
ord2502
ord2949
ord2516
ord2475
ord2478
ord2498

ssleay32

ord266
ord278
ord361
ord387
ord385
ord121
ord15
ord12
ord8
ord180
ord127
ord130
ord77
ord87
ord83
ord24
ord30
ord222
ord74
ord31
ord90
ord61
ord60
ord21
ord22
ord28
ord17
ord235
ord5
ord75
ord48
ord43
ord78
ord108
ord45
ord6
ord58
ord116
ord110
ord96
ord38
ord3
ord86
ord183
ord49
ord126
ord164
ord141
ord154
ord157
ord158
ord151
ord169
ord407

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
FreeLibrary
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
QueryPerformanceFrequency
VerSetConditionMask
FormatMessageA
SetLastError
GetLastError
Sleep
ExpandEnvironmentStringsA
WaitForSingleObjectEx
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection

vcruntime140

strchr
memcpy
memmove
strrchr
memcmp
strstr
memchr
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_getpid
strerror
__sys_nerr
_errno
_beginthreadex
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_register_onexit_function
_execute_onexit_table
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strspn
strncpy
_strdup
strpbrk
strncmp
tolower
strcmp
_wcsdup
strcspn
wcspbrk

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtoll
strtol

api-ms-win-crt-stdio-l1-1-0

setvbuf
fseek
fgets
__stdio_common_vsscanf
fputs
fopen
fclose
_close
_open
fwrite
_read
_write
fflush
__acrt_iob_func
__stdio_common_vsprintf
fputc
fread
_lseeki64
ftell

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
calloc

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access
_fstat64

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dad938cf2db74d9eae06d72d09e4117

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

2a:e8:06:75:b7:45:87:6b:e6:9e:15:73Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

89:68:a3:30:d7:58:8c:13:36:4c:19:61:c2:f5:7e:76:aa:30:ea:71Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

libeay32

ssleay32

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 295KB - Virtual size: 295KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 17KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 984B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

2a:e8:06:75:b7:45:87:6b:e6:9e:15:73
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

89:68:a3:30:d7:58:8c:13:36:4c:19:61:c2:f5:7e:76:aa:30:ea:71
Signer

.text
Size: 295KB - Virtual size: 295KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 17KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 984B