5d3fa40df9a6d4a6158e20ad7c2dd51cc66bb2e86cc302a1c8923a461d101be4_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5d3fa40df9a6d4a6158e20ad7c2dd51cc66bb2e86cc302a1c8923a461d101be4_NeikiAnalytics.exe
Size

692KB
MD5

3dc2d699c9e3e51c07d0b13061c34b70
SHA1

cef64ba159ac6bf90e033359a3eebfa147f4fb55
SHA256

5d3fa40df9a6d4a6158e20ad7c2dd51cc66bb2e86cc302a1c8923a461d101be4
SHA512

1e9725d809c373592e954a573d6bef952b98006b9a4db3cee88172b762f9851852fd146b8158d84cfb7f6113b94542d13a32cbb1410df1a9941b438de26d988a
SSDEEP

12288:NK+lZYWTbAxdlbZ2+LXD+YZ1JGssVJp2b3AblKioPA6qkumlW73gvEakF6OQNgT7:1lKZ6HUeWS3qPs2Qrr5Nx

Score

1^/10

Malware Config

Signatures

Files

5d3fa40df9a6d4a6158e20ad7c2dd51cc66bb2e86cc302a1c8923a461d101be4_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

76fd6095c3a67161219e5f7387c04fb9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/02/2023, 00:00

Not After

08/03/2025, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:54:1e:b8:c6:1a:e2:9b:9d:3a:ae:e8:9b:5f:b8:c6:d5:b1:7b:82:18:f1:02:8c:21:e5:8e:dc:75:1b:10:f0
Signer

Actual PE Digest

9d:54:1e:b8:c6:1a:e2:9b:9d:3a:ae:e8:9b:5f:b8:c6:d5:b1:7b:82:18:f1:02:8c:21:e5:8e:dc:75:1b:10:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\pl\output\InstallHelper.pdb

Imports

comctl32

InitCommonControlsEx
ord17

kernel32

CreateEventW
MultiByteToWideChar
SetEvent
InitializeCriticalSection
Sleep
CreateDirectoryW
GetVersionExW
CopyFileW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetFileTime
GetSystemInfo
GetExitCodeProcess
GetModuleHandleW
ExitProcess
LoadLibraryW
TerminateThread
CreateThread
VerifyVersionInfoW
VerSetConditionMask
MoveFileW
DeleteFileW
GetFileAttributesW
WaitForSingleObject
ReleaseMutex
CloseHandle
SetEndOfFile
CreateFileW
WriteFile
ReadFile
GetFileSize
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
GetEnvironmentVariableW
HeapFree
SizeofResource
GetLogicalProcessorInformationEx
GetActiveProcessorCount
RemoveDirectoryW
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
FreeEnvironmentStringsW
LocalFree
WideCharToMultiByte
GetProcAddress
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
GetActiveProcessorGroupCount
TerminateProcess
Process32FirstW
Process32NextW
GetVolumeNameForVolumeMountPointW
SetLastError
CreateProcessW
GetStartupInfoW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
FormatMessageW
K32GetModuleBaseNameW
FreeLibrary
GetUserDefaultUILanguage
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
FlushFileBuffers
GetTickCount
MoveFileExW
LocalAlloc
LocalLock
LocalUnlock
MulDiv
InitializeCriticalSectionAndSpinCount
GetProcessTimes
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
GetStringTypeW
LoadLibraryExW
QueryPerformanceCounter
EncodePointer
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

user32

WaitMessage
PostQuitMessage
IsWindow
DestroyWindow
MoveWindow
SetWindowPos
CreateDialogIndirectParamW
GetDialogBaseUnits
SetFocus
GetActiveWindow
GetAsyncKeyState
SetTimer
KillTimer
GetSystemMenu
EnableMenuItem
DrawIcon
DrawTextW
SetForegroundWindow
PeekMessageW
EndPaint
RedrawWindow
MessageBeep
GetSysColor
FillRect
SetRect
GetParent
GetClassNameW
GetLastActivePopup
LoadIconW
IsDialogMessageW
WinHelpW
SystemParametersInfoW
DispatchMessageW
OpenClipboard
GetWindowThreadProcessId
EnumWindows
IsWindowVisible
TranslateMessage
BeginPaint
GetWindowLongW
EmptyClipboard
SetClipboardData
GetClientRect
CreateWindowExW
GetSystemMetrics
EndDialog
FindWindowW
DialogBoxParamW
GetDlgItem
SetDlgItemTextW
IsDlgButtonChecked
GetDlgItemTextW
CheckDlgButton
EnableWindow
ShowWindow
GetWindowRect
SendMessageW
SetWindowLongW
MessageBoxW
LoadStringW
SetWindowTextW
PostMessageW
GetWindow
DestroyIcon
CloseClipboard
GetWindowTextW

advapi32

RegCloseKey
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
RegQueryInfoKeyW
RegEnumKeyExW
DeleteService
CreateServiceW
OpenSCManagerW
NotifyBootConfigStatus
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
RegEnumKeyW
GetUserNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegSetValueExW
ChangeServiceConfig2W
RegDeleteValueW
RegCreateKeyExW
LookupAccountSidW
AdjustTokenPrivileges
GetSidSubAuthority
GetSidSubAuthorityCount
LookupPrivilegeValueW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW

ole32

IIDFromString
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize
StringFromGUID2

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

SHDeleteKeyW

rpcrt4

UuidFromStringW

gdi32

CreateFontIndirectW
SetBkColor
SelectObject
GetTextExtentPoint32W
DeleteObject
CreateSolidBrush
DeleteDC
SetTextColor
CreateDCW

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76fd6095c3a67161219e5f7387c04fb9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9d:54:1e:b8:c6:1a:e2:9b:9d:3a:ae:e8:9b:5f:b8:c6:d5:b1:7b:82:18:f1:02:8c:21:e5:8e:dc:75:1b:10:f0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

gdi32

Sections

.text Size: 361KB - Virtual size: 361KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 16KB - Virtual size: 42KB

.rsrc Size: 226KB - Virtual size: 226KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9d:54:1e:b8:c6:1a:e2:9b:9d:3a:ae:e8:9b:5f:b8:c6:d5:b1:7b:82:18:f1:02:8c:21:e5:8e:dc:75:1b:10:f0
Signer

.text
Size: 361KB - Virtual size: 361KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 16KB - Virtual size: 42KB

.rsrc
Size: 226KB - Virtual size: 226KB