83ce39a67febff3586f294d599948f799d83388c5fe71771182dddc80a3b8bbc_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

83ce39a67febff3586f294d599948f799d83388c5fe71771182dddc80a3b8bbc_NeikiAnalytics.exe
Size

63KB
MD5

596148af5992970086416f09e8aaf600
SHA1

9bf2c300dd740e30508a0042655d336d4fd12da6
SHA256

83ce39a67febff3586f294d599948f799d83388c5fe71771182dddc80a3b8bbc
SHA512

23badf308edfd02c415d6dea54341dd566a64dc2a19558e6f813c86e58b5d90bc29183297d04983b40adf1799a57479b6021997476cc6e73e267dbfb874f1572
SSDEEP

768:knNqY07AU4444444Ld6lfJ44444444BOlwlq2blwlvdSHyGp2jq0JlVCVuS3dxsx:kP07APzlwljlwlZqz0Ha13dQbxx

Score

1^/10

Malware Config

Signatures

Files

83ce39a67febff3586f294d599948f799d83388c5fe71771182dddc80a3b8bbc_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

908db110238ad41ee0dad58e7b271385

Code Sign

0f:b5:f5:e0:22:b8:59:12:7a:2f:aa:4f:5d:a6:2e:9f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/08/2023, 00:00

Not After

02/07/2025, 23:59

Subject

SERIALNUMBER=HE 340361,CN=Movavi Software Limited,O=Movavi Software Limited,L=Agios Athanasios,C=CY,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024359

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:81:18:38:98:a7:59:e4:48:e6:85:07:69:d6:68:cc:04:16:67:c8:89:c9:12:0d:52:5d:ab:59:c9:c6:53:c4
Signer

Actual PE Digest

a7:81:18:38:98:a7:59:e4:48:e6:85:07:69:d6:68:cc:04:16:67:c8:89:c9:12:0d:52:5d:ab:59:c9:c6:53:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\J\WS\workspace\VE@2\build-x86_64\bin\FndTime.pdb

Imports

msvcp140

?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
_Query_perf_counter
?_Xbad_function_call@std@@YAXXZ
_Xtime_get_ticks

vcruntime140

_CxxThrowException
_purecall
__std_type_info_destroy_list
__C_specific_handler
memcpy
__std_exception_copy
__std_exception_destroy
__current_exception_context
__current_exception
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
calloc

api-ms-win-crt-runtime-l1-1-0

_initterm
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_invalid_parameter_noinfo_noreturn

kernel32

DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId

Exports

Exports

??0Chronometer@Time@Movavi@@QEAA@$$QEAV012@@Z
??0Chronometer@Time@Movavi@@QEAA@AEBV012@@Z
??0Chronometer@Time@Movavi@@QEAA@XZ
??0ClockFactory@Time@Movavi@@QEAA@AEBV012@@Z
??0ClockFactory@Time@Movavi@@QEAA@XZ
??0Factory@Time@Movavi@@QEAA@$$QEAV012@@Z
??0Factory@Time@Movavi@@QEAA@AEBV012@@Z
??0Factory@Time@Movavi@@QEAA@XZ
??0IChronometer@Time@Movavi@@QEAA@$$QEAV012@@Z
??0IChronometer@Time@Movavi@@QEAA@AEBV012@@Z
??0IChronometer@Time@Movavi@@QEAA@XZ
??0IClock@Time@Movavi@@QEAA@AEBV012@@Z
??0IClock@Time@Movavi@@QEAA@XZ
??0IDeadlineTimer@Time@Movavi@@QEAA@$$QEAV012@@Z
??0IDeadlineTimer@Time@Movavi@@QEAA@AEBV012@@Z
??0IDeadlineTimer@Time@Movavi@@QEAA@XZ
??0IDurationTimer@Time@Movavi@@QEAA@$$QEAV012@@Z
??0IDurationTimer@Time@Movavi@@QEAA@AEBV012@@Z
??0IDurationTimer@Time@Movavi@@QEAA@XZ
??0ISystemClock@Time@Movavi@@QEAA@$$QEAV012@@Z
??0ISystemClock@Time@Movavi@@QEAA@AEBV012@@Z
??0ISystemClock@Time@Movavi@@QEAA@XZ
??0ITimer@Time@Movavi@@QEAA@AEBV012@@Z
??0ITimer@Time@Movavi@@QEAA@XZ
??0SteadyClock@Time@Movavi@@QEAA@$$QEAV012@@Z
??0SteadyClock@Time@Movavi@@QEAA@AEBV012@@Z
??0SteadyClock@Time@Movavi@@QEAA@XZ
??0SystemClock@Time@Movavi@@QEAA@$$QEAV012@@Z
??0SystemClock@Time@Movavi@@QEAA@AEBV012@@Z
??0SystemClock@Time@Movavi@@QEAA@XZ
??0TimerFactory@Time@Movavi@@QEAA@AEBV012@@Z
??0TimerFactory@Time@Movavi@@QEAA@XZ
??0TimerSimple@Core@Movavi@@QEAA@AEA_J@Z
??1Chronometer@Time@Movavi@@UEAA@XZ
??1ClockFactory@Time@Movavi@@UEAA@XZ
??1Factory@Time@Movavi@@UEAA@XZ
??1IChronometer@Time@Movavi@@UEAA@XZ
??1IClock@Time@Movavi@@UEAA@XZ
??1IDeadlineTimer@Time@Movavi@@UEAA@XZ
??1IDurationTimer@Time@Movavi@@UEAA@XZ
??1ISystemClock@Time@Movavi@@UEAA@XZ
??1ITimer@Time@Movavi@@UEAA@XZ
??1SteadyClock@Time@Movavi@@UEAA@XZ
??1SystemClock@Time@Movavi@@UEAA@XZ
??1TimerFactory@Time@Movavi@@UEAA@XZ
??1TimerSimple@Core@Movavi@@QEAA@XZ
??4Chronometer@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4Chronometer@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4ClockFactory@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4Factory@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4Factory@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4IChronometer@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4IChronometer@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4IClock@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4IDeadlineTimer@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4IDeadlineTimer@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4IDurationTimer@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4IDurationTimer@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4ISystemClock@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4ISystemClock@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4ITimer@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4SteadyClock@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4SteadyClock@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4SystemClock@Time@Movavi@@QEAAAEAV012@$$QEAV012@@Z
??4SystemClock@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??4TimerFactory@Time@Movavi@@QEAAAEAV012@AEBV012@@Z
??_7Chronometer@Time@Movavi@@6BIChronometer@12@@
??_7Chronometer@Time@Movavi@@6BIClock@12@@
??_7ClockFactory@Time@Movavi@@6B@
??_7Factory@Time@Movavi@@6BClockFactory@12@@
??_7Factory@Time@Movavi@@6BTimerFactory@12@@
??_7IChronometer@Time@Movavi@@6B012@@
??_7IChronometer@Time@Movavi@@6BIClock@12@@
??_7IClock@Time@Movavi@@6B@
??_7IDeadlineTimer@Time@Movavi@@6B012@@
??_7IDeadlineTimer@Time@Movavi@@6BITimer@12@@
??_7IDurationTimer@Time@Movavi@@6B012@@
??_7IDurationTimer@Time@Movavi@@6BITimer@12@@
??_7ISystemClock@Time@Movavi@@6B012@@
??_7ISystemClock@Time@Movavi@@6BIClock@12@@
??_7ITimer@Time@Movavi@@6B@
??_7SteadyClock@Time@Movavi@@6B@
??_7SystemClock@Time@Movavi@@6BIClock@12@@
??_7SystemClock@Time@Movavi@@6BISystemClock@12@@
??_7TimerFactory@Time@Movavi@@6B@
??_8Chronometer@Time@Movavi@@7B@
??_8Chronometer@Time@Movavi@@7BISteadyClock@12@@
??_8Chronometer@Time@Movavi@@7BSteadyClock@12@@
??_8SteadyClock@Time@Movavi@@7B012@@
??_8SteadyClock@Time@Movavi@@7BISteadyClock@12@@
??_8SystemClock@Time@Movavi@@7B012@@
??_8SystemClock@Time@Movavi@@7BISystemClock@12@@
??_DChronometer@Time@Movavi@@QEAAXXZ
??_DSteadyClock@Time@Movavi@@QEAAXXZ
??_DSystemClock@Time@Movavi@@QEAAXXZ
?CreateChronometer@ClockFactory@Time@Movavi@@UEAA?AV?$shared_ptr@VIChronometer@Time@Movavi@@@std@@XZ
?CreateSteadyClock@ClockFactory@Time@Movavi@@UEAA?AV?$shared_ptr@VISteadyClock@Time@Movavi@@@std@@XZ
?CreateSteadyDeadlineTimer@Factory@Time@Movavi@@UEAA?AV?$shared_ptr@VIDeadlineTimer@Time@Movavi@@@std@@XZ
?CreateSystemClock@ClockFactory@Time@Movavi@@UEAA?AV?$shared_ptr@VISystemClock@Time@Movavi@@@std@@XZ
?CreateSystemDeadlineTimer@Factory@Time@Movavi@@UEAA?AV?$shared_ptr@VIDeadlineTimer@Time@Movavi@@@std@@XZ
?Elapsed@TimerSimple@Core@Movavi@@QEBA_JXZ
?FromTimeT@SystemClock@Time@Movavi@@UEBA?AV?$time_point@VIClock@Time@Movavi@@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@chrono@std@@_J@Z
?GetCurrentTimeStamp@Chronometer@Time@Movavi@@UEBA?AV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@XZ
?Now@SteadyClock@Time@Movavi@@UEBA?AV?$time_point@VIClock@Time@Movavi@@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@chrono@std@@XZ
?Now@SystemClock@Time@Movavi@@UEBA?AV?$time_point@VIClock@Time@Movavi@@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@chrono@std@@XZ
?Start@IDeadlineTimer@Time@Movavi@@QEAAPEAUTimerId@23@AEBV?$time_point@VIClock@Time@Movavi@@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@chrono@std@@V?$function@$$A6AXXZ@7@1@Z
?Start@IDurationTimer@Time@Movavi@@QEAAPEAUTimerId@23@AEBV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@V?$function@$$A6AXXZ@7@1@Z
?ToTimeT@SystemClock@Time@Movavi@@UEBA_JAEBV?$time_point@VIClock@Time@Movavi@@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@chrono@std@@@Z

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908db110238ad41ee0dad58e7b271385

Code Sign

0f:b5:f5:e0:22:b8:59:12:7a:2f:aa:4f:5d:a6:2e:9fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a7:81:18:38:98:a7:59:e4:48:e6:85:07:69:d6:68:cc:04:16:67:c8:89:c9:12:0d:52:5d:ab:59:c9:c6:53:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 316B

0f:b5:f5:e0:22:b8:59:12:7a:2f:aa:4f:5d:a6:2e:9f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a7:81:18:38:98:a7:59:e4:48:e6:85:07:69:d6:68:cc:04:16:67:c8:89:c9:12:0d:52:5d:ab:59:c9:c6:53:c4
Signer

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 316B