abb0927e662d4a8139b3a6577b6c3ad977a65d94d05e72537d150f21f9624f6f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

abb0927e662d4a8139b3a6577b6c3ad977a65d94d05e72537d150f21f9624f6f_NeikiAnalytics.exe
Size

83KB
MD5

045097e7cd9c5284346cbe6ef53dd9a0
SHA1

a2deaa7f020a571a19789823ed72591c1ae8f30b
SHA256

abb0927e662d4a8139b3a6577b6c3ad977a65d94d05e72537d150f21f9624f6f
SHA512

2ed70cbf6e1572356846561c427094d520bdd1a3db18eb6fba580eb73f5d9581d5ded708622629739ed302b031329154b0ffbd7bd0a319cbfd9d6f41e70f29f1
SSDEEP

1536:hqkSft2CDPt9MUlEiYp9QtZtHNUpBRWMzv/mr:hTSft2c9GXTQtnHNUp6Qv/Q

Score

1^/10

Malware Config

Signatures

Files

abb0927e662d4a8139b3a6577b6c3ad977a65d94d05e72537d150f21f9624f6f_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

0189f96bced7ff1163f3ebf206f6cfd1

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:3e:8a:7c:f6:44:cb:89:c0:19:6c:f6
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/11/2023, 03:04

Not After

13/11/2026, 03:04

Subject

SERIALNUMBER=16795856,CN=SYSJUST CO.\, LTD.,O=SYSJUST CO.\, LTD.,STREET=12 F.-2\, No. 95\, Minquan Rd.\, Xindian Dist.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:aa:b0:c5:0f:97:55:2e:be:e3:03:8b:8c:81:d4:eb:ce:c0:60:73:4a:6f:3f:39:86:6c:3d:78:07:95:5d:34
Signer

Actual PE Digest

55:aa:b0:c5:0f:97:55:2e:be:e3:03:8b:8c:81:d4:eb:ce:c0:60:73:4a:6f:3f:39:86:6c:3d:78:07:95:5d:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\j-vtfs2017\XQRelease\XQ_202403\SERVER\Release\PVHAdaptor.pdb

Imports

mfc140

ord1507
ord3841
ord1510
ord325
ord1051
ord2359
ord2241
ord324
ord1050
ord2406
ord2409
ord2372
ord2408
ord485
ord2263
ord2370
ord2178
ord2294
ord2397
ord976
ord2383
ord2387
ord6475
ord1449
ord14365
ord954
ord1509

kernel32

ReleaseSRWLockExclusive
OutputDebugStringW
AcquireSRWLockExclusive
PostQueuedCompletionStatus
CloseHandle
CreateIoCompletionPort
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
InitializeCriticalSectionEx
AcquireSRWLockShared
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockShared

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
_Thrd_id
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
?_Throw_C_error@std@@YAXH@Z
_Thrd_hardware_concurrency
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
_Cnd_do_broadcast_at_thread_exit
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ

dalog

?storage@CDALog@@QAEXPBD00_N1@Z
?Write2@CDALog@@QAAXW4Lvl@1@PBDZZ
?CheckLevel@CDALog@@QAE_NJ@Z
??0CDALog@@QAE@XZ
??1CDALog@@QAE@XZ

daqproxyclient

?GetDAQProxyClient@DAQProxyClient@@YA_NAAV?$shared_ptr@VIDAQProxyClient@@@std@@@Z

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memmove
_CxxThrowException
memcpy
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_purecall
memset

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-math-l1-1-0

ceil

Exports

Exports

?Fini@PVHAdaptor@@YAXXZ
?GetSataus@PVHAdaptor@@YA?AW4Status@DAQEngineMsg@@XZ
?Init@PVHAdaptor@@YA_NABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?Register@PVHAdaptor@@YAXABV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@II@Z@std@@@Z
?SetXQDataSvcHost@PVHAdaptor@@YA_NABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0_N@Z
?SubScribe@PVHAdaptor@@YA_NAAKABUDataInfo@DAQProxyClientParam@@ABV?$shared_ptr@VIPVHAdaptorNotify@@@std@@@Z
?UnSubScribe@PVHAdaptor@@YA_NK@Z
?UpdateReLoad@PVHAdaptor@@YAXPBDII@Z

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0189f96bced7ff1163f3ebf206f6cfd1

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

2d:3e:8a:7c:f6:44:cb:89:c0:19:6c:f6Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

55:aa:b0:c5:0f:97:55:2e:be:e3:03:8b:8c:81:d4:eb:ce:c0:60:73:4a:6f:3f:39:86:6c:3d:78:07:95:5d:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

msvcp140

dalog

daqproxyclient

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

2d:3e:8a:7c:f6:44:cb:89:c0:19:6c:f6
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

55:aa:b0:c5:0f:97:55:2e:be:e3:03:8b:8c:81:d4:eb:ce:c0:60:73:4a:6f:3f:39:86:6c:3d:78:07:95:5d:34
Signer

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB