0411cc7280a5a7bdefd52fa7bee81eb3111a8d0fd559074e08d70d3c6c2f5266_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0411cc7280a5a7bdefd52fa7bee81eb3111a8d0fd559074e08d70d3c6c2f5266_NeikiAnalytics.exe
Size

160KB
MD5

e8a8457985e06b5803c15bc00af37690
SHA1

5a495c146db2b23ad9cec7158edfda7e81c5afe2
SHA256

0411cc7280a5a7bdefd52fa7bee81eb3111a8d0fd559074e08d70d3c6c2f5266
SHA512

e13fb4e4b45058faa002fc7a0f46618a85d6d64dfecebe07c3432ae6a7625f828532569f352bcb30c70d11d4de58c44ca525855799336fec543d69481cf80d31
SSDEEP

1536:4iUxeuFlyEW4o1PPiyubxWzttmtE86XYFK4R+DULy9QWJYc1ud5LsXTox85vvtbq:qe4odZzttmtEDOX1odudBsmMvvtbqZx

Score

1^/10

Malware Config

Signatures

Files

0411cc7280a5a7bdefd52fa7bee81eb3111a8d0fd559074e08d70d3c6c2f5266_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

217e98a99283266d40266058af777955

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:05:a0:5f:1b:ac:d1:8d:54:51:dd:cd:06:9a:75:0e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Alibaba Cloud Computing Co.\, Ltd.,O=Alibaba Cloud Computing Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:05:a0:5f:1b:ac:d1:8d:54:51:dd:cd:06:9a:75:0e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Alibaba Cloud Computing Co.\, Ltd.,O=Alibaba Cloud Computing Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:0f:2e:70:0b:53:f7:9b:a4:b3:77:28:1e:c6:7e:f9:f3:48:0a:b7:af:7a:cf:9b:4e:d0:ee:ef:8e:5d:2f:e7
Signer

Actual PE Digest

57:0f:2e:70:0b:53:f7:9b:a4:b3:77:28:1e:c6:7e:f9:f3:48:0a:b7:af:7a:cf:9b:4e:d0:ee:ef:8e:5d:2f:e7

Digest Algorithm

sha256

PE Digest Matches

true

71:10:c7:7a:2e:02:d2:e4:10:79:17:76:cf:df:66:76:0f:8b:7a:fc
Signer

Actual PE Digest

71:10:c7:7a:2e:02:d2:e4:10:79:17:76:cf:df:66:76:0f:8b:7a:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\codes\AliPythonLoader\2024_02_23_00_6x\aegisPythonLoader\Release\aegisPythonReport.pdb

Imports

aqsutil

?GetInstance@CLogMessage@aqs@@SAPAV12@XZ
?stringStartWith@CStringUtil@aqs@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N@Z
?strprintf@CStringUtil@aqs@@SA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ
??0CMutexLockUtil@aqs@@QAE@PAVCMutexUtil@1@@Z
??1CMutexLockUtil@aqs@@QAE@XZ
??1CMutexUtil@aqs@@QAE@XZ
??0CMutexUtil@aqs@@QAE@XZ
?msleep@CToolUtil@aqs@@SAX_K@Z
?waitForThreadFinish@CThreadUtil@aqs@@IAE_NXZ
?WriteLogMessage@CLogMessage@aqs@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4AqsLogLevel@2@@Z
??0CThreadUtil@aqs@@QAE@XZ
??1CThreadUtil@aqs@@QAE@XZ
?IsThreadRunning@CThreadUtil@aqs@@QAE_NXZ
?startThread@CThreadUtil@aqs@@IAE_NXZ

aegispythonnetwork

?GetInstance@?$CSingleton@VCPythonNetWork@@@@SAPAVCPythonNetWork@@XZ
?SendPacket@CPythonNetWork@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00_N@Z

msvcr120

__clean_type_info_names_internal
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except1
?terminate@@YAXXZ
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
strpbrk
sprintf_s
memset
sprintf
sscanf
fprintf
__iob_func
__CxxFrameHandler3
_CxxThrowException
?what@exception@std@@UBEPBDXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
strchr
strlen
strcmp
memcpy
memcmp
modf
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove

msvcp120

?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??0id@locale@std@@QAE@I@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ

python27

PyArg_ParseTuple
_Py_NoneStruct
Py_InitModule4

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer

Exports

Exports

GetReportInterface
RemoveReportInterface
SendMsg
initaegisPythonReport

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

217e98a99283266d40266058af777955

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:05:a0:5f:1b:ac:d1:8d:54:51:dd:cd:06:9a:75:0eCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:05:a0:5f:1b:ac:d1:8d:54:51:dd:cd:06:9a:75:0eCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

57:0f:2e:70:0b:53:f7:9b:a4:b3:77:28:1e:c6:7e:f9:f3:48:0a:b7:af:7a:cf:9b:4e:d0:ee:ef:8e:5d:2f:e7Signer

71:10:c7:7a:2e:02:d2:e4:10:79:17:76:cf:df:66:76:0f:8b:7a:fcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

aqsutil

aegispythonnetwork

msvcr120

msvcp120

python27

kernel32

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:05:a0:5f:1b:ac:d1:8d:54:51:dd:cd:06:9a:75:0e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:05:a0:5f:1b:ac:d1:8d:54:51:dd:cd:06:9a:75:0e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

57:0f:2e:70:0b:53:f7:9b:a4:b3:77:28:1e:c6:7e:f9:f3:48:0a:b7:af:7a:cf:9b:4e:d0:ee:ef:8e:5d:2f:e7
Signer

71:10:c7:7a:2e:02:d2:e4:10:79:17:76:cf:df:66:76:0f:8b:7a:fc
Signer

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB