1a5cee7df03c3f07fa19dd6fdae79c33731b615cc4833f0aa2cbc3ef6b98995f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1a5cee7df03c3f07fa19dd6fdae79c33731b615cc4833f0aa2cbc3ef6b98995f_NeikiAnalytics.exe
Size

453KB
MD5

bb2d9e65b71ba98553ef12a7a7084dc0
SHA1

b5b8e77ec74e78bef4ffe43c113511ddfe4320ec
SHA256

1a5cee7df03c3f07fa19dd6fdae79c33731b615cc4833f0aa2cbc3ef6b98995f
SHA512

37d44b60d625fa9a364a570d6abdc0afa01769bfb459106979287c8dde5a6f4d8f4c7a4ceb8eeeacd1593f494c5062a6c4ab7108160b5861b532d04a09a56186
SSDEEP

6144:xbIlA9fOmcMo2gqxsl2snfFyAQcqph0lhSMXlBXBW/sXpgUijC7pSb:xUW9Wmhsl2Wmpph0lhSMXlesXsC7pSb

Score

1^/10

Malware Config

Signatures

Files

1a5cee7df03c3f07fa19dd6fdae79c33731b615cc4833f0aa2cbc3ef6b98995f_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

66312fd400d104db4da86c9f3ec33c7c

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:14:64:83:55:29:80:69:14:cd:12:00:00:00:01:14:64
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

12/06/2024, 13:33

Not After

15/06/2024, 13:33

Subject

CN=Caphyon SRL,O=Caphyon SRL,L=Craiova,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:14:64:83:55:29:80:69:14:cd:12:00:00:00:01:14:64
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

12/06/2024, 13:33

Not After

15/06/2024, 13:33

Subject

CN=Caphyon SRL,O=Caphyon SRL,L=Craiova,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:42:9a:c8:6f:a5:1b:a6:7d:06:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=nShield TSS ESN:451A-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9b:0e:07:d7:5a:27:5f:3a:8d:51:16:cb:32:e2:7b:1c:6c:b4:53:53:b2:5c:9a:8b:e1:f3:19:2d:2b:a5:76:42
Signer

Actual PE Digest

9b:0e:07:d7:5a:27:5f:3a:8d:51:16:cb:32:e2:7b:1c:6c:b4:53:53:b2:5c:9a:8b:e1:f3:19:2d:2b:a5:76:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\ReleaseAI\win\Release\custact\x86\NetFirewall.pdb

Imports

msi

ord52
ord74
ord64
ord103
ord158
ord125
ord8
ord17
ord49
ord34
ord145
ord121
ord116
ord118
ord115
ord166
ord159
ord32
ord120
ord160
ord171
ord47

kernel32

GetProcAddress
FreeLibrary
GetModuleHandleW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GetCurrentProcess
DeleteCriticalSection
CloseHandle
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
CreateFileW
WriteFile
FlushFileBuffers
GetModuleFileNameW
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
InitializeCriticalSectionEx
DecodePointer
GlobalFindAtomW
FormatMessageW
SleepConditionVariableSRW
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
LocalAlloc
GetLastError
LocalFree
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
GetCurrentProcessId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
EncodePointer
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter

user32

MessageBoxW
GetForegroundWindow
wsprintfW

advapi32

OpenServiceW
QueryServiceStatus
OpenSCManagerW
CloseServiceHandle
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitialize
StringFromGUID2
CoGetObject
CLSIDFromString
CoCreateGuid

oleaut32

VarBstrCmp
VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen

shlwapi

StrChrW

Exports

Exports

OnFwConfig
OnFwInstall
OnFwRemove
OnFwRollback
OnFwUninstall

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66312fd400d104db4da86c9f3ec33c7c

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:01:14:64:83:55:29:80:69:14:cd:12:00:00:00:01:14:64Certificate

Extended Key Usages

Key Usages

33:00:01:14:64:83:55:29:80:69:14:cd:12:00:00:00:01:14:64Certificate

Extended Key Usages

Key Usages

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:42:9a:c8:6f:a5:1b:a6:7d:06:00:00:00:00:00:42Certificate

Extended Key Usages

Key Usages

9b:0e:07:d7:5a:27:5f:3a:8d:51:16:cb:32:e2:7b:1c:6c:b4:53:53:b2:5c:9a:8b:e1:f3:19:2d:2b:a5:76:42Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 228KB

.rdata Size: 189KB - Virtual size: 188KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:01:14:64:83:55:29:80:69:14:cd:12:00:00:00:01:14:64
Certificate

33:00:01:14:64:83:55:29:80:69:14:cd:12:00:00:00:01:14:64
Certificate

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:42:9a:c8:6f:a5:1b:a6:7d:06:00:00:00:00:00:42
Certificate

9b:0e:07:d7:5a:27:5f:3a:8d:51:16:cb:32:e2:7b:1c:6c:b4:53:53:b2:5c:9a:8b:e1:f3:19:2d:2b:a5:76:42
Signer

.text
Size: 229KB - Virtual size: 228KB

.rdata
Size: 189KB - Virtual size: 188KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB