07d705fb70a62591c36e1c665f5eb2ccc730ee398e0b7960a0211e04cd4433f9_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

07d705fb70a62591c36e1c665f5eb2ccc730ee398e0b7960a0211e04cd4433f9_NeikiAnalytics.exe
Size

50KB
MD5

9627b58257389342c0be3c3868f813a0
SHA1

b00fd9ead9436d702d61466d43e24db3529a6a5f
SHA256

07d705fb70a62591c36e1c665f5eb2ccc730ee398e0b7960a0211e04cd4433f9
SHA512

cfcf4b5e2d7b96a980fa2d315f3e3b03d3979684eeff325f6263a7302b24a78963d111463abe40b7d607b9774376bc2e9dd4aefaa2cdbad0452a70e163b626c8
SSDEEP

1536:Bg7LIM+B4zEePPPPPPPPPPPPPPKKv3uO77Hxe:Ob+BPePPPPPPPPPPPPPPKKv397E

Score

1^/10

Malware Config

Signatures

Files

07d705fb70a62591c36e1c665f5eb2ccc730ee398e0b7960a0211e04cd4433f9_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

2b8b1affeaa4fb5a4d1eee4444490102

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:1a:32:3d:2e:ad:c3:0e:21:68:5f:51:af:74:92:88
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/11/2023, 00:00

Not After

26/11/2024, 23:59

Subject

CN=Autodesk\, Inc.,O=Autodesk\, Inc.,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

69:4c:f4:d8:77:d7:19:8f:c0:76:d0:91:ed:c9:ba:ee:92:2b:01:ee:4d:c6:1c:fc:8a:07:02:9e:93:88:b0:20
Signer

Actual PE Digest

69:4c:f4:d8:77:d7:19:8f:c0:76:d0:91:ed:c9:ba:ee:92:2b:01:ee:4d:c6:1c:fc:8a:07:02:9e:93:88:b0:20

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\j\wr64i\restricted\lib\NT_DLL143-64\ASMPID230.pdb

Imports

asmkern230

?roll_notify@ENTITY@@MEAAXW4BULLETIN_TYPE@@PEAV1@@Z
?is_deepcopyable@ENTITY@@UEBA_NXZ
?is_unknown@ENTITY@@UEBA_NXZ
?set_box@ENTITY@@MEAAXPEAVbox@ASM@@@Z
?bulletin_no_change_vf@ENTITY@@MEBA_NPEBV1@_N@Z
?apply_transform@ENTITY@@UEAA_NV?$optional@AEBVtransf@ASM@@@ASM@@AEAVENTITY_LIST@@_N@Z
?roll_exchange_external_data@ENTITY@@UEAAXPEAV1@@Z
?is_use_counted@ENTITY@@UEBA_NXZ
?add@ENTITY@@UEAAXXZ
?remove@ENTITY@@UEAAX_N@Z
?use_count@ENTITY@@UEBAHXZ
?full_size@ENTITY@@UEBAXAEAVSizeAccumulator@@_N@Z
?ATTRIB_SG_subclasses@@3PEAVrestore_def@@EA
??3ASM_heap_init@ASM@@SAXPEAX@Z
?fixup_copy@ENTITY@@IEBAXPEAV1@@Z
?backup@ENTITY@@QEAAPEAV1@XZ
?save_begin@ENTITY@@IEBAX_N@Z
?save_end@ENTITY@@IEBAXAEAVENTITY_LIST@@@Z
?debug_ent@ATTRIB@@UEBAXPEAU_iobuf@@@Z
?restore_common@ATTRIB@@UEAAXXZ
?copy_common@ATTRIB@@IEAAXAEAVENTITY_LIST@@PEBV1@PEAVpointer_map@@IW4SCAN_TYPE@@@Z
??0ATTRIB_SG@@QEAA@PEAVENTITY@@@Z
?enlist@ATTRIB_SG@@UEBAXXZ
?lose@ATTRIB@@UEAAXXZ
?identity@ATTRIB_SG@@UEBAHH@Z
?save_common@ATTRIB_SG@@MEBAXAEAVENTITY_LIST@@@Z
?debug_title@@YAXPEBDPEAU_iobuf@@@Z
?debug_string@@YAXPEBD0PEAU_iobuf@@@Z
?debug_int@@YAXPEBDHPEAU_iobuf@@@Z
?write_id_level@@YAXPEBDH@Z
??0restore_def@@QEAA@HAEAPEAV0@PEBDAEAHP6APEAVENTITY@@XZPEBQEAV0@@Z
??1restore_def@@QEAA@XZ
?find_attrib@@YAPEAVATTRIB@@PEBVENTITY@@HHHH@Z
?ATTRIB_SG_TYPE@@3HA
?initialize_kernel@@YA_NXZ
?terminate_kernel@@YA_NXZ
?get_restore_version_number@@YAHXZ
?write_int@@YAXH@Z
?write_int64@@YAX_J@Z
?write_long@@YAXJ@Z
?write_string@@YAXPEBD@Z
?read_int@@YAHXZ
?read_int64@@YA_JXZ
?read_long@@YAJXZ
?read_string@@YAPEADAEAH@Z
?get_save_version_number@@YAHXZ
?do_restore_problem_found@@YA?AW4attempt_recovery@@W4recovery_available@@W4restore_issue@@HPEBDH@Z
?fix_common@ATTRIB@@MEAAXQEAPEAVENTITY@@W4SCAN_TYPE@@_NH@Z
?copy_scan@ATTRIB@@UEBAXAEAVENTITY_LIST@@W4SCAN_TYPE@@_N@Z
?lookup@ATTRIB@@UEBAH_N@Z
?copy_owner@ATTRIB@@UEAAXPEAVENTITY@@@Z
?replace_owner@ATTRIB@@UEAAXPEAVENTITY@@_N@Z
?replace_owner_geometry@ATTRIB@@UEAAXPEAVENTITY@@@Z
?lop_change_owner@ATTRIB@@UEAAXXZ
?warp_owner@ATTRIB@@UEAAXPEAVlaw@@@Z
?trans_owner_list@ATTRIB@@UEAAXV?$optional@AEBVtransf@ASM@@@ASM@@AEAVENTITY_LIST@@@Z
?trans_owner@ATTRIB@@UEAAXV?$optional@AEBVtransf@ASM@@@ASM@@@Z
?savable@ATTRIB@@UEBA_NXZ
?moveable@ATTRIB@@UEBA_NXZ
?copyable@ATTRIB@@UEBA_NXZ
?duplicatable@ATTRIB@@UEBA_NXZ
?deletable@ATTRIB@@UEBA_NXZ
?owner@ATTRIB@@UEBAPEAVENTITY@@XZ
?move@ATTRIB@@UEAAPEAV1@PEAVENTITY@@@Z
?unhook@ATTRIB@@UEAAPEAV1@XZ
?check_sum@ATTRIB@@UEBAKXZ
?bool_reverse_face_owner@ATTRIB@@UEAAXXZ
?is_face@ENTITY@@UEAA_NXZ
?box_ptr@ENTITY@@MEBAPEAVbox@ASM@@XZ
??0ATTRIB_SG@@QEAA@AEBV0@@Z
??1ATTRIB_SG@@MEAA@XZ
??4ENTITY@@QEAAAEAV0@AEBV0@@Z
?check_entity@@YAXPEAVENTITY@@@Z
??1api_bb_save@@QEAA@XZ
??0api_bb_save@@QEAA@AEAVoutcome@@W4e_bb_type@0@@Z
?api_check_on@@YA_NXZ
?delist@ATTRIB_SG@@UEBAXXZ
?update_from_bb@@YAXXZ

asmbase230

??0report_sdk_entry_and_exit@@QEAA@PEBD@Z
??0outcome@@QEAA@AEBV0@@Z
?asm_strlen@@YAHPEBD@Z
?mt_thread_not_permitted@ISDK@@YAXXZ
?remove_component@asm_component_info@ISDK@@SAXPEAX@Z
?add_component@asm_component_info@ISDK@@SAXPEAX@Z
?log_term@asm_component_registrar@ISDK@@SAXHPEBD@Z
?log_init@asm_component_registrar@ISDK@@SAXHPEBD@Z
??1asm_component_registrar@ISDK@@QEAA@XZ
??0asm_component_registrar@ISDK@@QEAA@P6A_NXZ0@Z
asm_fprintf
??2ASM_heap@ASM@@SAPEAX_K@Z
??_VASM_heap@ASM@@SAXPEAX@Z
??3ASM_heap@ASM@@SAXPEAX@Z
??4outcome@@QEAAAEAV0@AEBV0@@Z
??1outcome@@QEAA@XZ
??0outcome@@QEAA@HPEAVerror_info@@@Z
?set_info@acis_exception@@QEAAPEAVerror_info@@PEAV2@@Z
??1acis_exception@@UEAA@XZ
??0acis_exception@@QEAA@HPEAVerror_info@@@Z
?end@exception_save@@QEAAXXZ
?begin@exception_save@@QEAAXXZ
??1exception_save@@QEAA@XZ
set_pending_error
acis_interrupted
error_context
?fpe_report_error@@YAXXZ
?fpe_exception_block_start@@YAXPEAUerror_ctx@@@Z
?sys_error@@YAXHPEAVerror_info@@@Z
??1report_sdk_entry_and_exit@@QEAA@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__C_specific_handler
__current_exception_context
__current_exception
__std_type_info_destroy_list

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy_s

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

free

kernel32

QueryPerformanceCounter
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent

Exports

Exports

??0ATTRIB_PID@@QEAA@AEBV0@@Z
??0ATTRIB_PID@@QEAA@PEAVENTITY@@@Z
??0ATTRIB_PID@@QEAA@PEAVENTITY@@AEBVpid_base@@@Z
??0pid_base@@QEAA@PEBD_JHH@Z
??0pid_base@@QEAA@PEBV0@@Z
??0pid_base@@QEAA@XZ
??1ATTRIB_PID@@MEAA@XZ
??4ATTRIB_PID@@QEAAAEAV0@AEBV0@@Z
??4pid_base@@QEAAAEAV0@$$QEAV0@@Z
??4pid_base@@QEAAAEAV0@AEBV0@@Z
??8pid_base@@QEAA_NV0@@Z
??_7ATTRIB_PID@@6B@
??_FATTRIB_PID@@QEAAXXZ
?ATTRIB_PID_TYPE@@3HA
?ATTRIB_PID_subclasses@@3PEAVrestore_def@@EA
?accept@ATTRIB_PID@@UEAA_NAEAVENTITY_Visitor@@@Z
?api_initialize_persistent_id@@YA?AVoutcome@@XZ
?api_pidget@@YA?AVoutcome@@PEAVENTITY@@AEAPEBVpid_base@@@Z
?api_pidrem@@YA?AVoutcome@@PEAVENTITY@@@Z
?api_pidset@@YA?AVoutcome@@PEAVENTITY@@@Z
?api_terminate_persistent_id@@YA?AVoutcome@@XZ
?copy_common@ATTRIB_PID@@IEAAXAEAVENTITY_LIST@@PEBV1@PEAVpointer_map@@IW4SCAN_TYPE@@@Z
?copy_data@ATTRIB_PID@@UEBAPEAVENTITY@@AEAVENTITY_LIST@@PEAVpointer_map@@IW4SCAN_TYPE@@@Z
?copy_pointers_under_this@ATTRIB_PID@@UEAAXAEAVENTITY_LIST@@PEAVpointer_map@@IW4SCAN_TYPE@@@Z
?create_pid_base_name@@YAXPEBDPEAD@Z
?debug_ent@ATTRIB_PID@@UEBAXPEAU_iobuf@@@Z
?delist@ATTRIB_PID@@UEBAXXZ
?enlist@ATTRIB_PID@@UEBAXXZ
?fix_pointers@ATTRIB_PID@@UEAAXQEAPEAVENTITY@@W4SCAN_TYPE@@_NH@Z
?get_base_name@@YAPEBDPEBVENTITY@@@Z
?get_base_name@ATTRIB_PID@@QEBAPEBDXZ
?get_base_name@pid_base@@QEBAPEBDXZ
?get_copy_num@@YAHPEBVENTITY@@@Z
?get_copy_num@ATTRIB_PID@@QEBAHXZ
?get_copy_num@pid_base@@QEBAHXZ
?get_index@@YAHPEBVENTITY@@@Z
?get_index@ATTRIB_PID@@QEBAHXZ
?get_index@pid_base@@QEBAHXZ
?get_next_current_pid@@YAPEBVpid_base@@XZ
?get_pid@@YAPEBVpid_base@@PEBVENTITY@@@Z
?get_pid@ATTRIB_PID@@QEBAPEBVpid_base@@XZ
?get_pid_attrib@@YAPEBVATTRIB_PID@@PEBVENTITY@@@Z
?get_pid_index@SMI_LEGACY@@YA?AVoutcome@@PEAVENTITY@@AEA_NAEAH@Z
?get_time_val@@YA_JPEBVENTITY@@@Z
?get_time_val@ATTRIB_PID@@QEBA_JXZ
?get_time_val@pid_base@@QEBA_JXZ
?got_pid_attrib@@YA_NPEBVENTITY@@@Z
?identity@ATTRIB_PID@@UEBAHH@Z
?initialize_persistent_id@@YA_NXZ
?is_ATTRIB_PID@@YA_NPEBVENTITY@@@Z
?is_this@ATTRIB_PID@@SA_NPEBVENTITY@@@Z
?make_copy@ATTRIB_PID@@EEBAPEAVENTITY@@XZ
?merge_owner@ATTRIB_PID@@UEAAXPEAVENTITY@@_N@Z
?pid_attrib_copy@@YA_NPEBVATTRIB_PID@@PEAV1@@Z
?pid_attrib_restore@@YA_NPEBVpid_base@@PEAVATTRIB_PID@@@Z
?pid_attrib_save@@YA_NPEBVATTRIB_PID@@AEAVpid_base@@@Z
?pid_base_init@@YAXPEAVpid_base@@@Z
?remove_pid@@YAXPEAVENTITY@@@Z
?remove_pid@SMI_LEGACY@@YA?AVoutcome@@PEAVENTITY@@@Z
?restore@pid_base@@QEAAXXZ
?restore_common@ATTRIB_PID@@UEAAXXZ
?save@ATTRIB_PID@@UEBAXAEAVENTITY_LIST@@@Z
?save@pid_base@@QEBAXXZ
?save_common@ATTRIB_PID@@MEBAXAEAVENTITY_LIST@@@Z
?set_next_current_pid@@YA_NPEAVENTITY@@@Z
?set_pid_base@pid_base@@QEAAXPEBD_JHH@Z
?set_pid_base@pid_base@@QEAAXPEBV1@@Z
?set_pid_index@SMI_LEGACY@@YA?AVoutcome@@PEAVENTITY@@@Z
?set_pid_index@SMI_LEGACY@@YA?AVoutcome@@PEAVENTITY@@H@Z
?set_pid_index@pid_base@@QEAAXH@Z
?size@ATTRIB_PID@@UEBAIXZ
?split_owner@ATTRIB_PID@@UEAAXPEAVENTITY@@@Z
?terminate_persistent_id@@YA_NXZ
?type_name@ATTRIB_PID@@UEBAPEBDXZ

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b8b1affeaa4fb5a4d1eee4444490102

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

01:1a:32:3d:2e:ad:c3:0e:21:68:5f:51:af:74:92:88Certificate

Extended Key Usages

Key Usages

69:4c:f4:d8:77:d7:19:8f:c0:76:d0:91:ed:c9:ba:ee:92:2b:01:ee:4d:c6:1c:fc:8a:07:02:9e:93:88:b0:20Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

asmkern230

asmbase230

vcruntime140_1

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 180B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:1a:32:3d:2e:ad:c3:0e:21:68:5f:51:af:74:92:88
Certificate

69:4c:f4:d8:77:d7:19:8f:c0:76:d0:91:ed:c9:ba:ee:92:2b:01:ee:4d:c6:1c:fc:8a:07:02:9e:93:88:b0:20
Signer

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 180B