477d5f335224a79a50a77d6523330cef3cd8046b1dcc99961c3ab115c6945f88_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

477d5f335224a79a50a77d6523330cef3cd8046b1dcc99961c3ab115c6945f88_NeikiAnalytics.exe
Size

221KB
MD5

f7d2af434af845ab8a354001c86cfb90
SHA1

310e9d0d75d1c78812425ea7579a03242a0b60c4
SHA256

477d5f335224a79a50a77d6523330cef3cd8046b1dcc99961c3ab115c6945f88
SHA512

4328c9960a22609314b04f2679e34fba62fb584ee7bd060ce8febf7413ae5bc8444570d36b520f3631851b7277c15321a336ccb36b56162414da7d5380bc9a30
SSDEEP

6144:bIgK3U0TtxhSNj1p0kyPc9OFOlvJqE7lGI5UOa:bIgThN53yk9vlAOGI5UN

Score

1^/10

Malware Config

Signatures

Files

477d5f335224a79a50a77d6523330cef3cd8046b1dcc99961c3ab115c6945f88_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

3086cb466a269b9a99056a3fcc6d4eda

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:45:09:4d:ca:b6:ff:95:95:3b:9b:04
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

24-11-2023 07:27

Not After

23-11-2026 07:44

Subject

CN=CYBERLINK CORP.,O=CYBERLINK CORP.,L=New Taipei,ST=New Taipei,C=TW,1.2.840.113549.1.9.1=#0c1a6a656666795f636875616e674063796265726c696e6b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:f9:44:90:e6:7e:e4:40:c1:78:f7:da:b8:27:4c:44:80:0b:93:cf:29:ef:ca:34:28:6f:dc:b5:9e:9d:9f:4e
Signer

Actual PE Digest

f2:f9:44:90:e6:7e:e4:40:c1:78:f7:da:b8:27:4c:44:80:0b:93:cf:29:ef:ca:34:28:6f:dc:b5:9e:9d:9f:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\BuildScript_rawdecoder\PhotoRawDecoder_Generic\Runtime\x64\Release\MSDKRaw.pdb

Imports

kernel32

DeleteCriticalSection
MultiByteToWideChar
SwitchToThread
FindNextFileW
FindFirstFileW
GetLastError
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
SetThreadErrorMode
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
CloseHandle
Sleep
FindClose
WaitForSingleObject
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
SetLastError
ExitProcess
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
LCMapStringW
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
SetFilePointerEx
ReadFile
ReadConsoleW
WriteConsoleW
SetEndOfFile

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW

Exports

Exports

CreateInstance
DeleteInstance
QueryInterface

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_o
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3086cb466a269b9a99056a3fcc6d4eda

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

54:45:09:4d:ca:b6:ff:95:95:3b:9b:04Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

f2:f9:44:90:e6:7e:e4:40:c1:78:f7:da:b8:27:4c:44:80:0b:93:cf:29:ef:ca:34:28:6f:dc:b5:9e:9d:9f:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 10KB - Virtual size: 19KB

.pdata Size: 8KB - Virtual size: 7KB

.data1 Size: 1024B - Virtual size: 1000B

.debug_o Size: 3KB - Virtual size: 2KB

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 5KB - Virtual size: 4KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

54:45:09:4d:ca:b6:ff:95:95:3b:9b:04
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

f2:f9:44:90:e6:7e:e4:40:c1:78:f7:da:b8:27:4c:44:80:0b:93:cf:29:ef:ca:34:28:6f:dc:b5:9e:9d:9f:4e
Signer

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 10KB - Virtual size: 19KB

.pdata
Size: 8KB - Virtual size: 7KB

.data1
Size: 1024B - Virtual size: 1000B

.debug_o
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 5KB - Virtual size: 4KB