7cb192239d71edd6162f88b07e6b8f84ddcc93444f379b4076ea495ee648a088_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7cb192239d71edd6162f88b07e6b8f84ddcc93444f379b4076ea495ee648a088_NeikiAnalytics.exe
Size

219KB
MD5

2061e9280771230be3aa251684f41140
SHA1

192131ecf5b54b741cd66a3557428126e48a55eb
SHA256

7cb192239d71edd6162f88b07e6b8f84ddcc93444f379b4076ea495ee648a088
SHA512

97c948830c36d51e0e627660a059ded49633bc91567db4a4d83b48d955eb82af8d9fd9d6346602ed05f4bd2d38057293a53e9e875b43c747075d7d799b950f14
SSDEEP

3072:G+xXJ5hR9dNCfH1EOOjsprBUTrwai5vh830+EqyNIZdrnO9caMFHt1BWg9RkkBzP:9LR9KHM5nk+FyN2RZUmR/Pn

Score

1^/10

Malware Config

Signatures

Files

7cb192239d71edd6162f88b07e6b8f84ddcc93444f379b4076ea495ee648a088_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

3dc7ff94af47b59e75d32feceba14e7a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16-05-2024 13:07

Not After

17-05-2025 13:07

Subject

SERIALNUMBER=556821-8225,CN=Coffee Stain Studios AB,O=Coffee Stain Studios AB,STREET=Hertig Johans Gata 6,L=Skövde,ST=Västra Götaland,C=SE,1.2.840.113549.1.9.1=#0c14637373697440636f66666565737461696e2e7365,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:e6:3f:39:0e:3e:88:3b:bd:5a:14:2c:9e:91:b6:ae:b2:ef:07:1f:52:66:47:1e:27:72:f3:52:fb:ae:4d:39
Signer

Actual PE Digest

7c:e6:3f:39:0e:3e:88:3b:bd:5a:14:2c:9e:91:b6:ae:b2:ef:07:1f:52:66:47:1e:27:72:f3:52:fb:ae:4d:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryGameEGS-Messaging-Win64-Shipping.pdb

Imports

factorygameegs-core-win64-shipping

??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?Log@FOutputDevice@@QEAAXPEB_W@Z
?Malloc@FMemory@@SAPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
?MemCrc_DEPRECATED@FCrc@@SAIPEBXHI@Z
?AppendChars@FString@@QEAAXPEB_WH@Z
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?FromValidEName@FNameEntryId@@CA?AU1@W4EName@@@Z
?GetTypeHash@@YAIUFNameEntryId@@@Z
?ToString@FName@@QEBA?AVFString@@XZ
??0FName@@QEAA@PEBDW4EFindName@@@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?Command@FParse@@SA_NPEAPEB_WPEB_W_N@Z
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?GenerateNewID@FDelegateHandle@@CA_KXZ
?GetDestructionSentinelStackTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@PEAUFDestructionSentinel@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
?GetReadersTls@FMRSWRecursiveAccessDetector@@CAAEAV?$TArray@UFReaderNum@FMRSWRecursiveAccessDetector@@V?$TSizedInlineAllocator@$03$0CA@V?$TSizedDefaultAllocator@$0CA@@@@@@@XZ
?GetSynchEventFromPool@FGenericPlatformProcess@@SAPEAVFEvent@@_N@Z
?ReturnSynchEventToPool@FGenericPlatformProcess@@SAXPEAVFEvent@@@Z
?SupportsMultithreading@FGenericPlatformProcess@@SA_NXZ
?Sleep@FWindowsPlatformProcess@@SAXM@Z
?LockFreeTagCounterHasOverflowed@@YAXXZ
?AllocLockFreeLink@FLockFreeLinkPolicy@@SAIXZ
?FreeLockFreeLink@FLockFreeLinkPolicy@@SAXI@Z
?AnsiMalloc@@YAPEAX_KI@Z
?AnsiFree@@YAXPEAX@Z
?CityHash64@@YA_KPEBDI@Z
?AppendString@FGuid@@QEBAXAEAVFString@@W4EGuidFormats@@@Z
?NewGuid@FGuid@@SA?AU1@XZ
?UtcNow@FDateTime@@SA?AU1@XZ
?Get@FTaskGraphInterface@@SAAEAV1@XZ
?CreateGraphEvent@FGraphEvent@@SA?AV?$TRefCountPtr@VFGraphEvent@@@@XZ
?DispatchSubsequents@FGraphEvent@@QEAAXAEAV?$TArray@PEAVFBaseGraphTask@@V?$TSizedDefaultAllocator@$0CA@@@@@W4Type@ENamedThreads@@_N@Z
?Recycle@FGraphEvent@@CAXPEAV1@@Z
??0FSelfRegisteringExec@@QEAA@XZ
??1FSelfRegisteringExec@@UEAA@XZ
?GetCoreTicker@FTSTicker@@SAAEAV1@XZ
?AddTicker@FTSTicker@@QEAA?AV?$TWeakPtr@UFElement@FTSTicker@@$00@@AEBV?$TDelegate@$$A6A_NM@ZUFDefaultDelegateUserPolicy@@@@M@Z
?RemoveTicker@FTSTicker@@SAXV?$TWeakPtr@UFElement@FTSTicker@@$00@@@Z
?Create@FRunnableThread@@SAPEAV1@PEAVFRunnable@@PEB_WIW4EThreadPriority@@_KW4EThreadCreateFlags@@@Z
?GetBool@FConfigCacheIni@@QEAA_NPEB_W0AEA_NAEBVFString@@@Z
?Exec@FExec@@UEAA_NPEAVUWorld@@PEB_WAEAVFOutputDevice@@@Z
?GConfig@@3PEAVFConfigCacheIni@@EA
?GEngineIni@@3VFString@@A
?SecondsPerCycle@FGenericPlatformTime@@1NA
?LinkAllocator@FLockFreeLinkPolicy@@2V?$TLockFreeAllocOnceIndexedAllocator@UFIndexedLockFreeLink@@$0EAAAAAA@$0EAAA@@@A

factorygameegs-coreuobject-win64-shipping

?TrySetPath@FTopLevelAssetPath@@QEAA_NVFName@@0@Z
?ToString@FTopLevelAssetPath@@QEBA?AVFString@@XZ
??4FWeakObjectPtr@@QEAAXPEBVUObject@@@Z
?Get@FWeakObjectPtr@@QEBAPEAVUObject@@XZ
?IsValid@FWeakObjectPtr@@QEBA_N_N0@Z
?GetPrivateStaticClass@UStruct@@CAPEAVUClass@@XZ
?GetStructPathName@UStruct@@QEBA?AUFTopLevelAssetPath@@XZ
?TryConvertShortTypeNameToPathName@UClass@@SA?AUFTopLevelAssetPath@@PEAV1@AEBVFString@@W4Type@ELogVerbosity@@PEB_W@Z

kernel32

InitializeCriticalSection
SetCriticalSectionSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

vcruntime140

memmove
__C_specific_handler
memset
__std_type_info_destroy_list
memcpy
_purecall

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initterm
_cexit
_crt_atexit
_initialize_narrow_environment
_register_onexit_function
_initterm_e
_initialize_onexit_table
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
free

Exports

Exports

?Intercept@IMessageBus@@UEAAXAEBV?$TSharedRef@VIMessageInterceptor@@$00@@AEBVFName@@@Z
?ModularFeatureName@INetworkMessagingExtension@@2VFName@@A
?PATHNAME_All@IMessageBus@@2UFTopLevelAssetPath@@B
?Subscribe@IMessageBus@@UEAA?AV?$TSharedPtr@VIMessageSubscription@@$00@@AEBV?$TSharedRef@VIMessageReceiver@@$00@@AEBVFName@@AEBV?$TRange@W4EMessageScope@@@@@Z
?Unintercept@IMessageBus@@UEAAXAEBV?$TSharedRef@VIMessageInterceptor@@$00@@AEBVFName@@@Z
?Unsubscribe@IMessageBus@@UEAAXAEBV?$TSharedRef@VIMessageReceiver@@$00@@AEBVFName@@@Z
InitializeModule

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dc7ff94af47b59e75d32feceba14e7a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7c:e6:3f:39:0e:3e:88:3b:bd:5a:14:2c:9e:91:b6:ae:b2:ef:07:1f:52:66:47:1e:27:72:f3:52:fb:ae:4d:39Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factorygameegs-core-win64-shipping

factorygameegs-coreuobject-win64-shipping

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 1KB - Virtual size: 1KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7c:e6:3f:39:0e:3e:88:3b:bd:5a:14:2c:9e:91:b6:ae:b2:ef:07:1f:52:66:47:1e:27:72:f3:52:fb:ae:4d:39
Signer

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 1KB - Virtual size: 1KB