8e843ed8a5437776d1503ffa07cedbf6cecd942a51beaf24866ad5f1d5a4896a_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8e843ed8a5437776d1503ffa07cedbf6cecd942a51beaf24866ad5f1d5a4896a_NeikiAnalytics.exe
Size

583KB
MD5

961c1b2aef396b6f3cc46e64390fdb00
SHA1

a9e0382293397ad94870be9afc66a1f3c1d28ee7
SHA256

8e843ed8a5437776d1503ffa07cedbf6cecd942a51beaf24866ad5f1d5a4896a
SHA512

6f1cb931452c52de2c61a1b73d6093e0f1d4b115c539a2873ded55501c90470670deb08ee684d377508b08208807e2c2905c0b7d019f47ea33cc513129cf408e
SSDEEP

12288:L49S7mz4gA8Ymq9X52xiif3S8o6JWhci7b:L49Sg5Ym6J2Qif3S8o6Qhci7b

Score

1^/10

Malware Config

Signatures

Files

8e843ed8a5437776d1503ffa07cedbf6cecd942a51beaf24866ad5f1d5a4896a_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

a8dd2eb93a65f3f12fdc46c0cc298b4e

Code Sign

5a:ae:a0:b4:bb:e4:9c:48:16:38:43:0d:2c:2f:7a:ab
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

17/12/2023, 07:15

Not After

14/12/2026, 18:45

Subject

SERIALNUMBER=2639014,CN=Cockos Incorporated,O=Cockos Incorporated,L=Brooklyn,ST=New York,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:57:61:7d:0b:0c:77:e7:c7:58:8b:71:2c:c0:d2:00:a3:24:c0:2e:61:e3:23:8a:d2:ff:af:ee:9d:6b:4c:94
Signer

Actual PE Digest

d5:57:61:7d:0b:0c:77:e7:c7:58:8b:71:2c:c0:d2:00:a3:24:c0:2e:61:e3:23:8a:d2:ff:af:ee:9d:6b:4c:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\mhc\jmde\Release64\Plugins\reaper_host64.pdb

Imports

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

WaitForMultipleObjects
ReleaseMutex
MapViewOfFile
CreateFileMappingA
WriteFile
GetFileSize
CreateFileA
DeleteFileA
CreateMutexA
GetTempPathA
FreeLibrary
GetProcAddress
GetVersionExA
GetLastError
LoadLibraryA
SetErrorMode
GetModuleFileNameA
UnmapViewOfFile
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileIntW
LoadLibraryW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetVersion
SetEvent
lstrcpynA
FlushFileBuffers
GetLocaleInfoA
WriteConsoleW
EnterCriticalSection
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapSize
HeapCreate
HeapSetInformation
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetStringTypeA
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetThreadLocale
FormatMessageA
GetStringTypeW
LeaveCriticalSection
CloseHandle
SetThreadPriority
CreateEventA
GetCurrentThreadId
InitializeCriticalSection
GetCurrentProcessId
GetTickCount
Sleep
WaitForSingleObject
ExitProcess
WriteConsoleA
LCMapStringW
GetConsoleOutputCP
SetStdHandle
RtlVirtualUnwind

user32

GetWindow
GetCapture
RedrawWindow
LoadIconA
LoadCursorA
GetDesktopWindow
GetSystemMetrics
GetWindowLongPtrA
GetDC
KillTimer
GetMessagePos
PtInRect
SetForegroundWindow
GetWindowDC
ReleaseDC
PostMessageA
IsWindowVisible
BeginPaint
GetClientRect
FillRect
EndPaint
RegisterClassA
DestroyWindow
SetWindowPos
GetWindowRect
ShowWindow
GetWindowTextW
DefWindowProcA
GetWindowThreadProcessId
SetWindowTextA
SendMessageA
GetClassWord
FindWindowExA
CallWindowProcA
RemovePropA
SetWindowLongPtrA
SetPropA
GetPropA
PeekMessageA
GetWindowLongA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetTimer
CreateWindowExA

gdi32

BitBlt
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
GetStockObject

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegEnumKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize

Sections

.text
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8dd2eb93a65f3f12fdc46c0cc298b4e

Code Sign

5a:ae:a0:b4:bb:e4:9c:48:16:38:43:0d:2c:2f:7a:abCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

d5:57:61:7d:0b:0c:77:e7:c7:58:8b:71:2c:c0:d2:00:a3:24:c0:2e:61:e3:23:8a:d2:ff:af:ee:9d:6b:4c:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 466KB - Virtual size: 466KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 14KB - Virtual size: 27KB

.pdata Size: 8KB - Virtual size: 8KB

.data1 Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.trace Size: 5KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 15KB

5a:ae:a0:b4:bb:e4:9c:48:16:38:43:0d:2c:2f:7a:ab
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

d5:57:61:7d:0b:0c:77:e7:c7:58:8b:71:2c:c0:d2:00:a3:24:c0:2e:61:e3:23:8a:d2:ff:af:ee:9d:6b:4c:94
Signer

.text
Size: 466KB - Virtual size: 466KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 14KB - Virtual size: 27KB

.pdata
Size: 8KB - Virtual size: 8KB

.data1
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.trace
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 15KB