b36dc93a612a17daf92e6da50cda2375b6d055fd5a7dd82e0e453194cdce2c04_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b36dc93a612a17daf92e6da50cda2375b6d055fd5a7dd82e0e453194cdce2c04_NeikiAnalytics.exe
Size

593KB
MD5

3027d23784715b481a81b87c93d3ead0
SHA1

687c3fc4fa7292a04d3e1c32d12f541db5f33834
SHA256

b36dc93a612a17daf92e6da50cda2375b6d055fd5a7dd82e0e453194cdce2c04
SHA512

cc3e50e7d8223112f8e00c4cee1a76acea567a10df3afda6ec89db0e96ddf9f87d4cb97b9c4b949b3fa8f53862d20b820e20a85d91e115cbf193741e83df3fab
SSDEEP

12288:3Ae4aIosnhzptI/IrzGiW/39DJOZ2Bb9KPOcPBQm1+wouy:Qe4aIosnhzptIwrzGiW/3fOZ2Bb8Pex

Score

1^/10

Malware Config

Signatures

Files

b36dc93a612a17daf92e6da50cda2375b6d055fd5a7dd82e0e453194cdce2c04_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

773b47ff5f49d51e91e28b0b593787c3

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:cf:55:d2:75:14:4f:4b:91:0a:74:b0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2019, 05:57

Not After

17/01/2022, 05:57

Subject

CN=Viettel Group,O=Viettel Group,L=Hanoi,ST=Hanoi,C=VN,1.2.840.113549.1.9.1=#0c156861696e7332407669657474656c2e636f6d2e766e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:ec:25:8b:35:6b:dd:9d:8b:82:92:44:7e:de:42:38:32:8c:e0:3a:00:4e:2b:0c:82:0c:92:79:36:97:b8:34
Signer

Actual PE Digest

db:ec:25:8b:35:6b:dd:9d:8b:82:92:44:7e:de:42:38:32:8c:e0:3a:00:4e:2b:0c:82:0c:92:79:36:97:b8:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Users\GPND\Desktop\aJiantA\blsplugin\BlsPlugin\Release\BLS\x64\BlsWorkerPlugin.pdb

Imports

kernel32

LocalFree
CompareFileTime
GetCommandLineA
FlsSetValue
GetExitCodeProcess
MoveFileExW
GetCurrentProcessId
QueryDosDeviceW
LockResource
GetLocalTime
TerminateProcess
SizeofResource
WriteFile
OutputDebugStringW
GetCurrentProcess
SystemTimeToFileTime
LoadResource
FindResourceW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CreateFileA
CopyFileW
FreeLibrary
GetProcAddress
LoadLibraryW
WritePrivateProfileStringW
GetVersionExW
DeleteFileA
DeleteFileW
GetCurrentThreadId
SetEndOfFile
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateProcessA
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeA
GetModuleFileNameA
FlushFileBuffers
SetUnhandledExceptionFilter
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
HeapSetInformation
GetFileAttributesA
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetModuleHandleW
HeapSize
FlsAlloc
FlsFree
FlsGetValue
CreateFileW
ReadFile
GetFileSize
SetLastError
GetTempFileNameW
GetTempPathW
OutputDebugStringA
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetPrivateProfileStringW
CreateProcessW
GetTickCount
Process32NextW
Sleep
WaitForSingleObject
Process32FirstW
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
CloseHandle
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
GetModuleFileNameW
DecodePointer
EncodePointer
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSection
RaiseException

user32

wsprintfW

advapi32

LookupAccountSidA
OpenProcessToken
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
LookupAccountSidW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
LookupPrivilegeValueW
RegDeleteValueW
RegEnumValueW
AdjustTokenPrivileges
GetTokenInformation

shell32

SHGetSpecialFolderPathW
ord165
SHGetFolderPathW

ole32

CoUninitialize
StringFromGUID2
CoCreateGuid
CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

rpcrt4

UuidToStringW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

shlwapi

PathRemoveFileSpecW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdA

winhttp

WinHttpCrackUrl
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData

crypt32

CryptQueryObject
CertOpenStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptVerifyMessageSignatureWithKey
CryptDecodeObjectEx
CryptVerifyCertificateSignature
CryptStringToBinaryA

netapi32

NetUserSetInfo
NetUserGetInfo

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

wlanapi

WlanEnumInterfaces
WlanCloseHandle
WlanQueryInterface
WlanOpenHandle

Exports

Exports

GetPluginInfo
GetPluginObject

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

773b47ff5f49d51e91e28b0b593787c3

Code Sign

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

78:cf:55:d2:75:14:4f:4b:91:0a:74:b0Certificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

db:ec:25:8b:35:6b:dd:9d:8b:82:92:44:7e:de:42:38:32:8c:e0:3a:00:4e:2b:0c:82:0c:92:79:36:97:b8:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

psapi

shlwapi

userenv

setupapi

winhttp

crypt32

netapi32

iphlpapi

wlanapi

Exports

Exports

Sections

.text Size: 431KB - Virtual size: 430KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 10KB - Virtual size: 19KB

.pdata Size: 27KB - Virtual size: 27KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

78:cf:55:d2:75:14:4f:4b:91:0a:74:b0
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

db:ec:25:8b:35:6b:dd:9d:8b:82:92:44:7e:de:42:38:32:8c:e0:3a:00:4e:2b:0c:82:0c:92:79:36:97:b8:34
Signer

.text
Size: 431KB - Virtual size: 430KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 10KB - Virtual size: 19KB

.pdata
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB