87a31a7d08b335951b6e3ee4fba26e480c717309f8cd6d279b44d65f4e2ac17a_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

87a31a7d08b335951b6e3ee4fba26e480c717309f8cd6d279b44d65f4e2ac17a_NeikiAnalytics.exe
Size

351KB
MD5

6974b390b0a7f045c25c421314fce510
SHA1

0c1754f9a46a995a596257a414231777cfa4f87f
SHA256

87a31a7d08b335951b6e3ee4fba26e480c717309f8cd6d279b44d65f4e2ac17a
SHA512

c15ebb39b4e6a3437be3d67d35a23fc32a9c395d95024261e4517e2de929256b0a0917970ffa39c79589917a172fc184fb0f780341aa36d3965f84edef1a5e97
SSDEEP

6144:uye/nZOiL17pynX7jhuxkEVeYtsKCYBDb2O7fcCnDtin4wSgKwnf5Crcf7f/K:uv/ZOKh4/huT9tBpASgKwnf5Crcf7f/K

Score

1^/10

Malware Config

Signatures

Files

87a31a7d08b335951b6e3ee4fba26e480c717309f8cd6d279b44d65f4e2ac17a_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

84a6955f840f0b181814f2f0257e3f08

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5b
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

11/10/2022, 12:36

Not After

11/10/2025, 12:36

Subject

SERIALNUMBER=26502275,CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha,C=CZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302435a

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:22

Not After

29/12/2040, 23:59

Subject

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6e
Certificate

Issuer

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:47

Not After

18/04/2035, 00:00

Subject

CN=Entrust Timestamp Authority - TSA2,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:09:31:cb:65:df:20:83:ab:21:29:2c:b8:a4:26:77:39:e5:2b:17:de:d6:77:a2:3a:42:fe:d8:aa:17:48:60
Signer

Actual PE Digest

7a:09:31:cb:65:df:20:83:ab:21:29:2c:b8:a4:26:77:39:e5:2b:17:de:d6:77:a2:3a:42:fe:d8:aa:17:48:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

msys-crypto-1.1

BIO_ctrl
BIO_free
BIO_new
BIO_s_mem
BIO_write
BN_CTX_free
BN_CTX_new
BN_bin2bn
BN_bn2bin
BN_clear_free
BN_cmp
BN_div
BN_dup
BN_free
BN_new
BN_num_bits
BN_print_fp
BN_set_flags
BN_set_word
BN_sub
BN_value_one
DSA_SIG_free
DSA_SIG_get0
DSA_SIG_new
DSA_SIG_set0
DSA_do_sign
DSA_do_verify
DSA_free
DSA_generate_key
DSA_generate_parameters_ex
DSA_get0_key
DSA_get0_pqg
DSA_new
DSA_set0_key
DSA_set0_pqg
ECDSA_SIG_free
ECDSA_SIG_get0
ECDSA_SIG_new
ECDSA_SIG_set0
ECDSA_do_sign
ECDSA_do_verify
EC_GROUP_cmp
EC_GROUP_free
EC_GROUP_get_curve_name
EC_GROUP_get_order
EC_GROUP_method_of
EC_GROUP_new_by_curve_name
EC_GROUP_set_asn1_flag
EC_KEY_METHOD_get_sign
EC_KEY_METHOD_new
EC_KEY_METHOD_set_sign
EC_KEY_OpenSSL
EC_KEY_free
EC_KEY_generate_key
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_get0_public_key
EC_KEY_new_by_curve_name
EC_KEY_set_asn1_flag
EC_KEY_set_group
EC_KEY_set_method
EC_KEY_set_private_key
EC_KEY_set_public_key
EC_KEY_up_ref
EC_METHOD_get_field_type
EC_POINT_cmp
EC_POINT_free
EC_POINT_get_affine_coordinates_GFp
EC_POINT_is_at_infinity
EC_POINT_mul
EC_POINT_new
EC_POINT_oct2point
EC_POINT_point2oct
ERR_get_error
ERR_peek_error
ERR_peek_last_error
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_iv
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_iv_noconst
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_set_key_length
EVP_Cipher
EVP_CipherInit
EVP_Digest
EVP_DigestFinal_ex
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_MD_CTX_copy_ex
EVP_MD_CTX_free
EVP_MD_CTX_md
EVP_MD_CTX_new
EVP_MD_block_size
EVP_PKEY_base_id
EVP_PKEY_free
EVP_PKEY_get1_DSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_RSA
EVP_PKEY_new
EVP_PKEY_set1_DSA
EVP_PKEY_set1_EC_KEY
EVP_PKEY_set1_RSA
EVP_aes_128_cbc
EVP_aes_128_ctr
EVP_aes_128_gcm
EVP_aes_192_cbc
EVP_aes_192_ctr
EVP_aes_256_cbc
EVP_aes_256_ctr
EVP_aes_256_gcm
EVP_chacha20
EVP_des_ede3_cbc
EVP_md5
EVP_sha1
EVP_sha256
EVP_sha384
EVP_sha512
OPENSSL_init_crypto
OpenSSL_version_num
PEM_read_bio_PrivateKey
PEM_write_bio_DSAPrivateKey
PEM_write_bio_ECPrivateKey
PEM_write_bio_PrivateKey
PEM_write_bio_RSAPrivateKey
RAND_status
RSA_blinding_on
RSA_free
RSA_generate_key_ex
RSA_get0_crt_params
RSA_get0_factors
RSA_get0_key
RSA_get_default_method
RSA_meth_dup
RSA_meth_set1_name
RSA_meth_set_priv_enc
RSA_new
RSA_public_decrypt
RSA_set0_crt_params
RSA_set0_factors
RSA_set0_key
RSA_set_method
RSA_sign
RSA_size
RSA_up_ref
d2i_ECDSA_SIG

msys-2.0

__b64_ntop
__b64_pton
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
__memcpy_chk
__progname
__stack_chk_fail
__stack_chk_guard
_dll_crt0
_exit
_impure_ptr
accept
access
arc4random
arc4random_buf
asprintf
bind
calloc
chdir
clock_gettime
close
closedir
closelog
connect
cygwin_internal
dirfd
dirname
dll_dllcrt0
dup2
environ
execlp
execv
execve
execvp
exit
explicit_bzero
fcntl
fdopen
fflush
fork
fprintf
fputc
free
freeaddrinfo
fstat
fwrite
gai_strerror
getaddrinfo
getenv
geteuid
getgid
getnameinfo
getopt
getpagesize
getpeereid
getpid
getppid
getpwnam
getpwuid
getrlimit
getservbyname
getsid
getsockname
getsockopt
gettimeofday
getuid
initgroups
isatty
kill
listen
localtime_r
malloc
mbstowcs
memchr
memcmp
memcpy
memmem
memmove
memset
mkdtemp
mktime
msys_detach_dll
nanosleep
open
opendir
openlog
optarg
optind
pathconf
perror
pipe
poll
posix_memalign
printf
raise
read
readdir
readv
realloc
reallocarray
realpath
rmdir
setegid
setenv
setgid
setregid
setreuid
setrlimit
setsid
setsockopt
sigaction
sigemptyset
sigfillset
snprintf
socket
socketpair
stat
strcasecmp
strchr
strcmp
strcspn
strdup
strerror
strftime
strlcat
strlcpy
strlen
strncasecmp
strncmp
strndup
strpbrk
strptime
strrchr
strsep
strsignal
strspn
strtol
strtoll
strtoul
sysconf
syslog
tcgetattr
tcsetattr
time
timingsafe_bcmp
tolower
toupper
towlower
umask
unlink
usleep
vasprintf
vsnprintf
waitpid
write

msys-gcc_s-seh-1

__addvdi3
__addvsi3
__mulvdi3
__mulvsi3
__negvsi2
__subvdi3
__subvsi3

kernel32

GetModuleHandleA

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84a6955f840f0b181814f2f0257e3f08

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5bCertificate

Extended Key Usages

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3bCertificate

Extended Key Usages

Key Usages

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6eCertificate

Extended Key Usages

Key Usages

7a:09:31:cb:65:df:20:83:ab:21:29:2c:b8:a4:26:77:39:e5:2b:17:de:d6:77:a2:3a:42:fe:d8:aa:17:48:60Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msys-crypto-1.1

msys-2.0

msys-gcc_s-seh-1

kernel32

Sections

.text Size: 164KB - Virtual size: 164KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 134KB - Virtual size: 133KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 6KB - Virtual size: 5KB

.xdata Size: 8KB - Virtual size: 7KB

.bss Size: - Virtual size: 9KB

.idata Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 352B

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

31:9d:9d:48:1a:b6:f5:e0:92:bc:c5:e3:4f:f7:3c:5b
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

5b:70:26:cc:96:f6:78:1a:bb:85:f6:11:f5:6d:bb:6e
Certificate

7a:09:31:cb:65:df:20:83:ab:21:29:2c:b8:a4:26:77:39:e5:2b:17:de:d6:77:a2:3a:42:fe:d8:aa:17:48:60
Signer

.text
Size: 164KB - Virtual size: 164KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 134KB - Virtual size: 133KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 6KB - Virtual size: 5KB

.xdata
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 352B