0d039e64555f9003ade9e6217671bb2ec1183ab2d2edbca06fc7ecbadd36b8c2_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0d039e64555f9003ade9e6217671bb2ec1183ab2d2edbca06fc7ecbadd36b8c2_NeikiAnalytics.exe
Size

403KB
MD5

2c5ea755e7d20dcb5845976a5fe69be0
SHA1

17f75ce403ac90fc0aff2fe5e03d0e418fb718dc
SHA256

0d039e64555f9003ade9e6217671bb2ec1183ab2d2edbca06fc7ecbadd36b8c2
SHA512

cd6d912d029207e47aab9b36bbf3de6d21901cedf722f04777bac743cc6a16b6392017369f12fe5e59b0295f12ea275295d265991d96d6057e27db4b997d6e41
SSDEEP

6144:woLRtjjCQC+FNMoKxOxfUGjhgonLW07uc4un5W0DzMi:RLDjXCWNMoK4fZjSonLWq5n5Pci

Score

1^/10

Malware Config

Signatures

Files

0d039e64555f9003ade9e6217671bb2ec1183ab2d2edbca06fc7ecbadd36b8c2_NeikiAnalytics.exe
.sys windows:10 windows x64 arch:x64

49fbd40fd15929e74dbe78768279c871

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:15:89:c1:ac:4e:3d:e2:c0:27:2e:00:00:00:01:15:89
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

13/06/2024, 20:19

Not After

16/06/2024, 20:19

Subject

CN=Avira Operations GmbH,O=Avira Operations GmbH,L=Tettnang,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:15:89:c1:ac:4e:3d:e2:c0:27:2e:00:00:00:01:15:89
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

13/06/2024, 20:19

Not After

16/06/2024, 20:19

Subject

CN=Avira Operations GmbH,O=Avira Operations GmbH,L=Tettnang,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6
Signer

Actual PE Digest

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6

Digest Algorithm

sha256

PE Digest Matches

true

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6
Signer

Actual PE Digest

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BUILD\work\6e893de7101ed7ec\BuildOutput\Drv\Release\x64\rtp1.pdb

Imports

ci

CiFindPageHashesInCatalog
CiFreePolicyInfo
CiCheckSignedFile

ntoskrnl.exe

RtlDowncaseUnicodeString
IoCreateFileEx
ObQueryNameString
IoFileObjectType
ZwDuplicateObject
ZwSetSecurityObject
ZwQuerySecurityObject
ZwLockFile
ZwUnlockFile
RtlGetVersion
ExInitializeRundownProtection
IoRegisterShutdownNotification
PoRegisterPowerSettingCallback
ExEnterCriticalRegionAndAcquireResourceExclusive
ExReleaseResourceAndLeaveCriticalRegion
ExEventObjectType
ZwQueryVolumeInformationFile
ZwFsControlFile
KeReadStateEvent
ExAcquireFastMutex
ExReleaseFastMutex
RtlValidRelativeSecurityDescriptor
MmMapLockedPagesSpecifyCache
PsGetCurrentThreadId
ZwSetValueKey
ObOpenObjectByPointer
RtlNtStatusToDosError
ZwOpenProcess
PsLookupProcessByProcessId
FsRtlGetFileSize
ZwQuerySystemInformation
ZwQueryInformationProcess
PsReferenceProcessFilePointer
ZwCreateFile
ZwDeleteValueKey
PsSetCreateProcessNotifyRoutineEx
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetProcessCreateTimeQuadPart
IoRegisterDriverReinitialization
IoGetTransactionParameterBlock
ExWaitForRundownProtectionRelease
RtlValidSid
RtlLengthSid
SeQueryInformationToken
SeLocateProcessImageName
PsReferencePrimaryToken
PsDereferencePrimaryToken
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlInitializeBitMap
RtlClearBit
IoCreateSymbolicLink
RtlCompareUnicodeString
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
IoFreeMdl
KeInitializeSpinLock
ExInterlockedInsertTailList
ExInterlockedRemoveHeadList
PoUnregisterPowerSettingCallback
ZwOpenFile
RtlEqualString
MmMapViewInSystemSpace
MmUnmapViewInSystemSpace
RtlImageDirectoryEntryToData
wcschr
wcsnlen
PsThreadType
wcscpy_s
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetDeviceObjectPointer
_wcsnicmp
RtlInitAnsiString
RtlFreeUnicodeString
RtlCompareString
RtlUpcaseUnicodeString
KeDelayExecutionThread
ObReferenceObjectByPointer
ObRegisterCallbacks
ObUnRegisterCallbacks
ZwQueryObject
PsProcessType
KeStackAttachProcess
KeUnstackDetachProcess
PsGetProcessPeb
CmSetCallbackObjectContext
CmUnRegisterCallback
CmRegisterCallbackEx
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
ObfReferenceObject
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
ExReleaseRundownProtection
ExAcquireRundownProtection
RtlUpcaseUnicodeChar
ZwCreateKey
IoUnregisterShutdownNotification
IoDeleteSymbolicLink
RtlFindClearBitsAndSet
IoDeleteDevice
RtlEqualUnicodeString
PsLookupThreadByThreadId
RtlWalkFrameChain
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
ExGetPreviousMode
IofCompleteRequest
PsGetCurrentProcessId
ZwWriteFile
ZwReadFile
ExDeleteResourceLite
ExInitializeResourceLite
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
KeSetEvent
KeInitializeEvent
RtlHashUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
ObReferenceObjectByHandle
PsTerminateSystemThread
PsCreateSystemThread
ExAcquireResourceExclusiveLite
KeWaitForSingleObject
KeWaitForMultipleObjects
KeClearEvent
__C_specific_handler
PsGetProcessImageFileName
_vsnwprintf
FsRtlInsertExtraCreateParameter
FsRtlFreeExtraCreateParameter
FsRtlAllocateExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlAllocateExtraCreateParameterList
FsRtlIsNameInExpression
IoThreadToProcess
PsIsSystemThread
PsGetProcessId
ZwQueryValueKey
ZwOpenKey
ZwClose
ObfDereferenceObject
IoGetTopLevelIrp
IoGetStackLimits
IoGetCurrentProcess
ExReleaseResourceLite
ExAcquireResourceSharedLite
ExDeletePagedLookasideList
ExInitializePagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeGetCurrentIrql
RtlCompareMemory
RtlGUIDFromString
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
ExFreePoolWithTag
RtlCopyUnicodeString
ZwSetInformationFile
ZwQueryInformationFile
KeAreAllApcsDisabled
IoWMIRegistrationControl
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlSetAllBits

fltmgr.sys

FltIsDirectory
FltSetInformationFile
FltInitializePushLock
FltDeletePushLock
FltAcquirePushLockExclusiveEx
FltGetDestinationFileNameInformation
FltDoCompletionProcessingWhenSafe
FltCloseSectionForDataScan
FltCreateSectionForDataScan
FltRegisterForDataScan
FltFreeSecurityDescriptor
FltBuildDefaultSecurityDescriptor
FltSendMessage
FltCloseClientPort
FltCloseCommunicationPort
FltCreateCommunicationPort
FltGetFileSystemType
FltGetStreamContext
FltSetStreamContext
FltGetVolumeProperties
FltSetInstanceContext
FltDeviceIoControlFile
FltQueryVolumeInformationFile
FltOpenVolume
FltFsControlFile
FltReferenceContext
FltStartFiltering
FltUnregisterFilter
FltRegisterFilter
FltSetSecurityObject
FltQuerySecurityObject
FltWriteFile
FltReadFile
FltAcknowledgeEcp
FltGetEcpListFromCallbackData
FltCancelFileOpen
FltQueryInformationFile
FltGetFileNameInformationUnsafe
FltSetCallbackDataDirty
FltEnlistInTransaction
FltGetTransactionContext
FltGetInstanceContext
FltDeleteContext
FltSetTransactionContext
FltApplyPriorityInfoThread
FltRetrieveIoPriorityInfo
FltIsEcpFromUserMode
FltFreeExtraCreateParameterList
FltFindExtraCreateParameter
FltInsertExtraCreateParameter
FltAllocateExtraCreateParameter
FltAllocateExtraCreateParameterList
FltGetRequestorProcessId
FltGetRequestorProcess
FltGetVolumeGuidName
FltClose
FltQueryEaFile
FltCreateFileEx2
FltParseFileNameInformation
FltGetFileNameInformation
FltFreeExtraCreateParameter
FltReleaseContext
FltGetStreamHandleContext
FltSetStreamHandleContext
FltAllocateContext
FltReleaseFileNameInformation
FltReleasePushLockEx
FltAcquirePushLockSharedEx

hal

KeQueryPerformanceCounter

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49fbd40fd15929e74dbe78768279c871

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:01:15:89:c1:ac:4e:3d:e2:c0:27:2e:00:00:00:01:15:89Certificate

Extended Key Usages

Key Usages

33:00:01:15:89:c1:ac:4e:3d:e2:c0:27:2e:00:00:00:01:15:89Certificate

Extended Key Usages

Key Usages

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6Signer

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ci

ntoskrnl.exe

fltmgr.sys

hal

Sections

.text Size: 297KB - Virtual size: 296KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 1KB - Virtual size: 140KB

.pdata Size: 10KB - Virtual size: 10KB

PAGE Size: 38KB - Virtual size: 38KB

INIT Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 188B

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:01:15:89:c1:ac:4e:3d:e2:c0:27:2e:00:00:00:01:15:89
Certificate

33:00:01:15:89:c1:ac:4e:3d:e2:c0:27:2e:00:00:00:01:15:89
Certificate

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6
Signer

6c:0a:de:0c:78:19:9b:56:6d:c8:b4:3b:d6:08:8d:0c:21:1a:91:57:fd:ec:3c:8a:eb:66:96:8c:09:77:c1:f6
Signer

.text
Size: 297KB - Virtual size: 296KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 1KB - Virtual size: 140KB

.pdata
Size: 10KB - Virtual size: 10KB

PAGE
Size: 38KB - Virtual size: 38KB

INIT
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 188B