b24dad960daabf0954cc9a06107f8f736df5cc75888eb3f63163cbe32bf7692a_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b24dad960daabf0954cc9a06107f8f736df5cc75888eb3f63163cbe32bf7692a_NeikiAnalytics.exe
Size

47KB
MD5

f65d25c1b7dc2ea3e24be34731914320
SHA1

e16cbc2c1239e4b83f06fb19ed2aceefe49b72f2
SHA256

b24dad960daabf0954cc9a06107f8f736df5cc75888eb3f63163cbe32bf7692a
SHA512

f01fd1f4b238b1cb82682cf5ee18f0cf784b848d017b11da5984bb8d8b40ecb4bae8bc6db82c4ade004262ea357674c1615f399e451067c7ffbfde2fc0f0d688
SSDEEP

768:5+JIgtjHUB7G6baphm9OdYie76AMxkEn54E7DuO9zJb:5+zHA7G6T9k77x94E/zJb

Score

1^/10

Malware Config

Signatures

Files

b24dad960daabf0954cc9a06107f8f736df5cc75888eb3f63163cbe32bf7692a_NeikiAnalytics.exe
.sys windows:10 windows x86 arch:x86

61b00b24d855d9f3b37ca735bfcafe08

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:58:38:92:db:04:1a:71:4d:cf:e7:ef:19:69:e3:aa
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-11-2022 00:00

Not After

07-11-2025 23:59

Subject

SERIALNUMBER=91510100MA6A4X3AX6,CN=成都鲁易科技有限公司,O=成都鲁易科技有限公司,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c12e59b9be5b79de5a4a9e5ba9ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14-09-2023 19:14

Not After

04-09-2024 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07
Signer

Actual PE Digest

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07

Digest Algorithm

sha256

PE Digest Matches

true

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07
Signer

Actual PE Digest

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\sys\MoniterFilter\sys_monitor\Release\ProtectFilter.pdb

Imports

fltmgr.sys

FltSendMessage
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor

ntoskrnl.exe

RtlCreateRegistryKey
ProbeForRead
ZwClose
ZwOpenKey
ZwDeleteKey
MmIsAddressValid
_vsnwprintf
memset
DbgPrint
KeWaitForSingleObject
KeInitializeSpinLock
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
ObfDereferenceObject
PsThreadType
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutineEx
SeTokenIsAdmin
PsReferencePrimaryToken
PsDereferencePrimaryToken
PsGetProcessInheritedFromUniqueProcessId
RtlEqualUnicodeString
RtlDeleteRegistryValue
ExFreePoolWithTag
CmRegisterCallback
CmUnRegisterCallback
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
IoGetCurrentProcess
PsGetCurrentProcessId
MmGetSystemRoutineAddress
ZwTerminateProcess
PsLookupProcessByProcessId
ObOpenObjectByPointer
_wsplitpath_s
ZwQueryInformationProcess
PsProcessType
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
KeDelayExecutionThread
_allmul
KeInitializeEvent
RtlUnwind
RtlInitUnicodeString
RtlWriteRegistryValue
wcsrchr
RtlGetVersion
memcpy
IoDeleteSymbolicLink
RtlCopyUnicodeString
IoCreateSymbolicLink
ExAllocatePoolWithTag

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex

wdfldr.sys

WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 213B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61b00b24d855d9f3b37ca735bfcafe08

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:58:38:92:db:04:1a:71:4d:cf:e7:ef:19:69:e3:aaCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07Signer

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

fltmgr.sys

ntoskrnl.exe

hal

wdfldr.sys

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 19KB

PAGE Size: 512B - Virtual size: 213B

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 1KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:58:38:92:db:04:1a:71:4d:cf:e7:ef:19:69:e3:aa
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:01:08:e2:33:7a:56:70:40:c0:d5:00:00:00:00:01:08
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07
Signer

4a:2a:62:88:e6:62:15:b4:62:a7:74:83:94:fb:11:d7:33:e8:e7:43:54:4b:ab:0d:fc:98:68:a9:1d:fc:cd:07
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 19KB

PAGE
Size: 512B - Virtual size: 213B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 1KB - Virtual size: 1KB