29231e916f2285d3f6c90c30baf56389a3d53523bdc9a7c01f527a715d43c8a1_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

29231e916f2285d3f6c90c30baf56389a3d53523bdc9a7c01f527a715d43c8a1_NeikiAnalytics.exe
Size

209KB
MD5

478b55da83d51b0e564e20a42f28c9b0
SHA1

e277130200578de153e8670347629d50eb553873
SHA256

29231e916f2285d3f6c90c30baf56389a3d53523bdc9a7c01f527a715d43c8a1
SHA512

f09a18249050f469762af9639f794347bf3a188e0da6478188e82bb519561e94955cdb1645878beb61c86085bbe19b5137b16cf25c3071ffb975981c87c0997e
SSDEEP

3072:ZR711Qfgxcm6y42PrVWCITBUwpihNzXjyxI51GOfZ3PV7hGhJ:Zd11gW4bmhaI51GOfZ/3G/

Score

1^/10

Malware Config

Signatures

Files

29231e916f2285d3f6c90c30baf56389a3d53523bdc9a7c01f527a715d43c8a1_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

3e85cd0a6dea582dfe2fdcf36258ae57

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:24:f7:05:7e:bd:89:37:53:8f:74:55:92:b8:ec:d4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/06/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=北京网御星云信息技术有限公司,O=北京网御星云信息技术有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:48:4e:91:12:c9:29:d6:7b:01:ac:b8:fe:ae:3e:63:ec:78:ba:68
Signer

Actual PE Digest

a5:48:4e:91:12:c9:29:d6:7b:01:ac:b8:fe:ae:3e:63:ec:78:ba:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Branch_3.0.3.1_stable_20220608_22618\app\Release\NetworkControl.pdb

Imports

kernel32

ReadFile
WaitNamedPipeW
LocalFree
GetModuleHandleW
TerminateProcess
GetLongPathNameW
GetTempPathW
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
Sleep
GetProcessHeap
HeapFree
HeapAlloc
GetProcAddress
WriteFile
OutputDebugStringA
OutputDebugStringW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetFileSize
GetModuleFileNameW
DeleteFileW
CreateFileW
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetVersionExW
GetCurrentProcessId
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetLocalTime
WTSGetActiveConsoleSessionId
GetLastError

advapi32

GetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey
ConvertSidToStringSidW
LookupAccountSidW
GetTokenInformation
SetSecurityDescriptorSacl
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenCurrentUser
RegQueryValueExW

shell32

SHCreateDirectoryExW

oleaut32

SysFreeString
SysAllocString

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z

shlwapi

PathRemoveFileSpecW

msvcr100

_CxxThrowException
_close
memcpy
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcsncpy_s
_scwprintf
swprintf_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
memcpy_s
wmemcpy_s
memmove_s
wcsnlen
_wcsicmp
wcsrchr
_vscwprintf
vswprintf_s
_fstat64i32
_wtoi
wcsncat_s
?_wopen@@YAHPB_WHH@Z
sprintf
free
malloc
strstr
_itow_s
_purecall
memset
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
__CxxFrameHandler3

ws2_32

inet_addr
inet_pton
ntohl

wtsapi32

WTSQueryUserToken

fwpuclnt

FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmCalloutAdd0
FwpmFilterDeleteById0
FwpmFilterAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerGetByKey0
FwpmEngineClose0
FwpmEngineOpen0
FwpmSubLayerAdd0

rpcrt4

UuidCreate

Exports

Exports

FreeNetworkControlInstance
FreeSSLDriverConfigInstance
GetNetworkControlInstance
NewSSLDriverConfigInstance

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e85cd0a6dea582dfe2fdcf36258ae57

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

07:24:f7:05:7e:bd:89:37:53:8f:74:55:92:b8:ec:d4Certificate

Extended Key Usages

Key Usages

a5:48:4e:91:12:c9:29:d6:7b:01:ac:b8:fe:ae:3e:63:ec:78:ba:68Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

oleaut32

msvcp100

shlwapi

msvcr100

ws2_32

wtsapi32

fwpuclnt

rpcrt4

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

07:24:f7:05:7e:bd:89:37:53:8f:74:55:92:b8:ec:d4
Certificate

a5:48:4e:91:12:c9:29:d6:7b:01:ac:b8:fe:ae:3e:63:ec:78:ba:68
Signer

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 5KB