5d3c2d054454bb43a2848f77e1fc77a3d320e551febd905b8c2efea446ebcc22_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5d3c2d054454bb43a2848f77e1fc77a3d320e551febd905b8c2efea446ebcc22_NeikiAnalytics.exe
Size

113KB
MD5

0a4ec3cf7322b74f6a786d182e188b10
SHA1

d6f68048d6e6fe257559a55acd33e26d81007544
SHA256

5d3c2d054454bb43a2848f77e1fc77a3d320e551febd905b8c2efea446ebcc22
SHA512

1d5d0fda383d02b558f975d83a6b4d3b616ec4eff3131d57b8bb77ccb80cbc77ea32c8a6010e463f85af6de0e1020418333aec8b992e7a34601f64d36583847a
SSDEEP

1536:cjNC119L6bWorqh38JMo7KclQriBrhcPpOZazQvev7B8v3hE1:cjQh6b3Zmo08hchg5vevV8i1

Score

1^/10

Malware Config

Signatures

Files

5d3c2d054454bb43a2848f77e1fc77a3d320e551febd905b8c2efea446ebcc22_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

fb57bc63b0cac3e08ee694a6da854907

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:63:40:0f:01:f9:09:d9:2f:3c:ef:5c:6a:cb:0d:5f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/04/2023, 00:00

Not After

24/04/2026, 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP EPS,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

57:5e:56:8b:a1:39:58:8c:be:2c:59:84:d1:c3:15:64:96:55:1d:a0:99:9e:1a:63:59:2c:67:6d:83:18:6d:68
Signer

Actual PE Digest

57:5e:56:8b:a1:39:58:8c:be:2c:59:84:d1:c3:15:64:96:55:1d:a0:99:9e:1a:63:59:2c:67:6d:83:18:6d:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\build\endpoint\bin\x64\Release\Product.Support.ConsoleProvider.dll.pdb

Imports

epsjson

??0Value@Json@@QEAA@_N@Z
??1Value@Json@@QEAA@XZ
?isObject@Value@Json@@QEBA_NXZ
??4Value@Json@@QEAAAEAV01@V01@@Z
??0Value@Json@@QEAA@W4ValueType@1@@Z
?isMember@Value@Json@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QEAAAEAV01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isArray@Value@Json@@QEBA_NXZ
?isValidIndex@Value@Json@@QEBA_NI@Z
??AValue@Json@@QEAAAEAV01@H@Z
?isNull@Value@Json@@QEBA_NXZ
??0Value@Json@@QEAA@AEBV01@@Z
??AValue@Json@@QEAAAEAV01@PEBD@Z

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
Sleep
DeleteCriticalSection
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
LoadLibraryExW
GetModuleHandleW
WideCharToMultiByte
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
RtlCaptureContext
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

winmm

timeGetTime

shlwapi

PathIsRelativeW
PathRemoveFileSpecW
PathAddBackslashW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
_CxxThrowException
memcpy
memmove
__current_exception_context
__current_exception
__C_specific_handler
wcsrchr
__std_terminate
__std_exception_copy
__std_exception_destroy
memcmp
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_initterm
_register_onexit_function
terminate
_execute_onexit_table
_cexit
_crt_atexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vswscanf

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s
wcsncpy_s

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

BdCreateObject
BdDestroyObject

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb57bc63b0cac3e08ee694a6da854907

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:63:40:0f:01:f9:09:d9:2f:3c:ef:5c:6a:cb:0d:5fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

57:5e:56:8b:a1:39:58:8c:be:2c:59:84:d1:c3:15:64:96:55:1d:a0:99:9e:1a:63:59:2c:67:6d:83:18:6d:68Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

epsjson

kernel32

msvcp140

winmm

shlwapi

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 524B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:63:40:0f:01:f9:09:d9:2f:3c:ef:5c:6a:cb:0d:5f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

57:5e:56:8b:a1:39:58:8c:be:2c:59:84:d1:c3:15:64:96:55:1d:a0:99:9e:1a:63:59:2c:67:6d:83:18:6d:68
Signer

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 524B