9b3f70958b13ba27657c99de9b2600c5a0fb0f72e84e1a671a6890149afbf8c2_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9b3f70958b13ba27657c99de9b2600c5a0fb0f72e84e1a671a6890149afbf8c2_NeikiAnalytics.exe
Size

3.5MB
MD5

06e555baceeb3d2ee47b7257c927cc60
SHA1

9a4149416e4ed974aba014c30364ed0963bc8b27
SHA256

9b3f70958b13ba27657c99de9b2600c5a0fb0f72e84e1a671a6890149afbf8c2
SHA512

50b4974d42548d23057424aef3f51ba3a47d7d76ed878cdbd92ed8a50ae379b695d644b162221280e2f8f4124a5d7604466a32fecf3387d8cb06927924dd6881
SSDEEP

49152:YGtlqoJVwASOM5IU6ixuDB+RTD3JNjBlz690aMVSFSbxTm4ei1VOh5PkezLkEEtL:g++xm2DDbq3DivezLkECs/KV9

Score

1^/10

Malware Config

Signatures

Files

9b3f70958b13ba27657c99de9b2600c5a0fb0f72e84e1a671a6890149afbf8c2_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

b08c391f3b92b8d43ab167e16a9280ab

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:3c:ec:b6:e7:77:b8:ca:25:0c:77:67
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

15/02/2023, 03:11

Not After

15/02/2026, 03:11

Subject

SERIALNUMBER=9131011434217342X2,CN=Shanghai Lilith Network Technology Co.\, Ltd.,O=Shanghai Lilith Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:ad:bf:1b:6c:ed:20:e7:67:3f:15:fb:11:f9:e6:5a:2d:63:12:dd:c7:f2:9d:9d:c8:b7:3b:6e:8b:87:d4:e3
Signer

Actual PE Digest

3c:ad:bf:1b:6c:ed:20:e7:67:3f:15:fb:11:f9:e6:5a:2d:63:12:dd:c7:f2:9d:9d:c8:b7:3b:6e:8b:87:d4:e3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\WorkSpace\crashsight-tqm-client\clientX64\x64\TQM_Release\TQMCenter_64.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

WideCharToMultiByte
CreateDirectoryA
FormatMessageA
GetFileTime
CreateDirectoryW
GetModuleFileNameW
GetVersionExA
GetSystemInfo
WritePrivateProfileStringA
CreateThread
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcessTimes
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LoadLibraryW
RtlVirtualUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
FreeLibrary
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetCurrentDirectoryW
CreateFileMappingA
OpenFileMappingA
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetFileAttributesExW
HeapFree
HeapAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetEvent
GetDateFormatW
SetEnvironmentVariableA
GetFullPathNameW
GetModuleHandleA
CreateFileW
SetFileTime
MoveFileA
OpenEventA
GetExitCodeProcess
DebugBreak
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
LocalFree
GetProcAddress
DeleteFileA
LoadLibraryA
CopyFileA
GetTempPathA
MultiByteToWideChar
OpenProcess
FindClose
lstrlenA
K32GetProcessImageFileNameA
FindNextFileA
FindFirstFileA
ReadFile
CreateEventA
GetModuleFileNameA
GetTickCount
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
RaiseException
SetStdHandle
GetConsoleCP
GetACP
GetCommandLineW
GetCommandLineA
GetTempPathW
SetFilePointerEx
SetConsoleCtrlHandler
WriteConsoleW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
ExitProcess
CloseHandle
GetConsoleTitleA
GetLastError
Sleep
GetCurrentThreadId
InitializeCriticalSectionEx
OutputDebugStringA
GetCurrentProcess
SetConsoleTitleA
DeleteFileW
GetTimeFormatW
SetEndOfFile
FlushFileBuffers
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
CreateEventW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
IsDebuggerPresent
OutputDebugStringW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead

user32

DrawIcon
GetIconInfo
EnumDisplayMonitors
LoadStringA
GetCursorPos
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetWindowLongA
PtInRect
GetCursorInfo
CopyRect
wsprintfA
FindWindowA
GetWindowThreadProcessId
CharNextA
IsWindowVisible
GetSystemMetrics
IntersectRect
GetMonitorInfoA
GetWindowTextA
GetWindowRect
EnumWindows

gdi32

CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDCA
GetDIBits
DeleteDC
DeleteObject

advapi32

CryptReleaseContext
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
OpenProcessToken

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

PathFileExistsA

ws2_32

WSACleanup
WSAGetLastError
htons
socket
inet_addr
closesocket
setsockopt
getnameinfo
ioctlsocket
freeaddrinfo
htonl
getsockopt
WSAStartup
recv
getpeername
ntohs
send
connect
getaddrinfo
inet_pton
WSASocketW
shutdown
select
__WSAFDIsSet
WSASetLastError

crypt32

CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

urlmon

URLDownloadToCacheFileA

bcrypt

BCryptGenRandom

Exports

Exports

GbCollectorCheckFirstGameExist
GbCollectorCheckGameExist
GbCollectorCheckGameExistTime
GbCollectorGetListCount
GbCollectorGetListIndex
GbCollectorGetMSG
GbCollectorGetQQUid
GbCollectorInit
GbCollectorIsDeleteDump
GbCollectorListRemove
GbCollectorLog
GbCollectorSetDeleteDump
GbCollectorSetProcess
GbCollectorSetQQListIndex
GbCollectorTerm
GbCollectorTermSimple

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 14.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b08c391f3b92b8d43ab167e16a9280ab

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

17:3c:ec:b6:e7:77:b8:ca:25:0c:77:67Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

3c:ad:bf:1b:6c:ed:20:e7:67:3f:15:fb:11:f9:e6:5a:2d:63:12:dd:c7:f2:9d:9d:c8:b7:3b:6e:8b:87:d4:e3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

crypt32

urlmon

bcrypt

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 812KB - Virtual size: 811KB

.data Size: 112KB - Virtual size: 14.6MB

.pdata Size: 111KB - Virtual size: 111KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 31KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

17:3c:ec:b6:e7:77:b8:ca:25:0c:77:67
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

3c:ad:bf:1b:6c:ed:20:e7:67:3f:15:fb:11:f9:e6:5a:2d:63:12:dd:c7:f2:9d:9d:c8:b7:3b:6e:8b:87:d4:e3
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 812KB - Virtual size: 811KB

.data
Size: 112KB - Virtual size: 14.6MB

.pdata
Size: 111KB - Virtual size: 111KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 31KB