038b9590f07cd9fe1064710179b260245668de098b769dccf5e69a4dfb801b70_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

038b9590f07cd9fe1064710179b260245668de098b769dccf5e69a4dfb801b70_NeikiAnalytics.exe
Size

118KB
MD5

f0ec93ab3e2930bf410abc471a3d63a0
SHA1

e9c7397e3a63f059e05ef07a287cc06508a632bd
SHA256

038b9590f07cd9fe1064710179b260245668de098b769dccf5e69a4dfb801b70
SHA512

0137deb382dc8a9e8e6fddb18bd3a46d1088a073576e46ab2a090d3a0860d8b308f1285cca677e961f32424d5becaafa1dbf349b91a65ceab0a4b5374d5a38d1
SSDEEP

1536:vlLfCHijRfLj6K6+lCSoS+mRipRU+yun1pNMfZDzsWDcdFd2/F8kQe7Lxa7Wxsq:1fCkT1flCi+mRiyun1pufdUFwFDEG

Score

1^/10

Malware Config

Signatures

Files

038b9590f07cd9fe1064710179b260245668de098b769dccf5e69a4dfb801b70_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

1ce77f7abbf37af349dbaacb27bdc599

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:5a:71:f3:ba:fa:c7:93:d9:89:88:48:20:0f:00:3c:cc:cc:4e:96:3d:18:3a:20:48:f9:64:f5:65:bf:9b:20
Signer

Actual PE Digest

b0:5a:71:f3:ba:fa:c7:93:d9:89:88:48:20:0f:00:3c:cc:cc:4e:96:3d:18:3a:20:48:f9:64:f5:65:bf:9b:20

Digest Algorithm

sha256

PE Digest Matches

true

6e:46:91:6d:b4:b4:21:a5:89:22:b0:81:66:83:9c:cd:d5:42:20:6f
Signer

Actual PE Digest

6e:46:91:6d:b4:b4:21:a5:89:22:b0:81:66:83:9c:cd:d5:42:20:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x86.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

lstrcmpiW
lstrcpynA
lstrcpynW
lstrlenW
GlobalAddAtomW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
VirtualProtect
GetSystemInfo
DecodePointer
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
LocalFree
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
LocalAlloc
DisableThreadLibraryCalls
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
InitializeCriticalSection
GlobalDeleteAtom
GetLastError
CloseHandle
OutputDebugStringW
OutputDebugStringA
VirtualQuery
GetProcessHeap
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount

user32

DrawIconEx
GetClassNameW
FindWindowExW
OffsetRect
GetCursorPos
GetWindowRgn
GetForegroundWindow
DrawFrameControl
LoadImageW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
EnumWindows
FindWindowW
GetParent
GetWindowLongW
PtInRect
GetWindowRect
MonitorFromWindow
GetPropW
SetPropW
InvalidateRect
EndPaint
BeginPaint
GetSystemMetrics
CharLowerBuffW
IsZoomed
IsIconic
IsWindowVisible
MoveWindow
SetLayeredWindowAttributes
ShowWindow
IsWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostThreadMessageW
PostMessageW
SendMessageTimeoutW
SendMessageW
wsprintfW
wvsprintfW
wvsprintfA
GetMonitorInfoW
RemovePropW

gdi32

GetObjectW
SelectObject
GetRgnBox
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
BitBlt
SetViewportOrgEx
SetBkMode
CreateSolidBrush
CreateDIBSection

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shlwapi

StrRChrW
StrNCatW
StrToIntW
StrCpyNW
StrStrW

Exports

Exports

InstallMessageHook
Kill
UnInstallMessageHook

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ce77f7abbf37af349dbaacb27bdc599

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b0:5a:71:f3:ba:fa:c7:93:d9:89:88:48:20:0f:00:3c:cc:cc:4e:96:3d:18:3a:20:48:f9:64:f5:65:bf:9b:20Signer

6e:46:91:6d:b4:b4:21:a5:89:22:b0:81:66:83:9c:cd:d5:42:20:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b0:5a:71:f3:ba:fa:c7:93:d9:89:88:48:20:0f:00:3c:cc:cc:4e:96:3d:18:3a:20:48:f9:64:f5:65:bf:9b:20
Signer

6e:46:91:6d:b4:b4:21:a5:89:22:b0:81:66:83:9c:cd:d5:42:20:6f
Signer

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB