b6e30bebe7eb7910f936e7fa5e524768a6ae42a02e28878af65043b522321e0b_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b6e30bebe7eb7910f936e7fa5e524768a6ae42a02e28878af65043b522321e0b_NeikiAnalytics.exe
Size

164KB
MD5

e8d1f619d6d7b463fb98e0138adafde0
SHA1

4ec588325f55dff1f80c6828f26d5ecd3cc34c0e
SHA256

b6e30bebe7eb7910f936e7fa5e524768a6ae42a02e28878af65043b522321e0b
SHA512

afdc0b88c39f63de7c1990a04148eb5937d450af9b003e5c90c73d7d3d4c9a9867e6e21ad3e055254f52c2da888229d0957674054798eb0a5514e9fd0c88bf74
SSDEEP

3072:VODYVNKn5VpB9IhSjwHDd/fKkUVUscM2cD5Xvuf:w7TpB9OHDdc9nD5/uf

Score

1^/10

Malware Config

Signatures

Files

b6e30bebe7eb7910f936e7fa5e524768a6ae42a02e28878af65043b522321e0b_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

53d6c1144469873e6427e0ab834c9aa8

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:b4:ff:2c:02:e3:4c:13:81:cb:61:f0:81:50:59:5c
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/05/2023, 00:00

Not After

02/05/2024, 23:59

Subject

CN=Thomson Reuters Corporation,O=Thomson Reuters Corporation,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Create
ImageList_Add
ImageList_Destroy
ImageList_Replace
ord17

kernel32

CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
WideCharToMultiByte
GetFileType
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
CreateFileW
GetModuleHandleW
MultiByteToWideChar
GetStdHandle
GetLastError
IsBadReadPtr
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

InvalidateRect
UnionRect
ReleaseCapture
PtInRect
GetClientRect
WaitMessage
PeekMessageW
SetCapture
UpdateWindow
ClientToScreen
OffsetRect
GetSystemMetrics
GetCursorPos
IsRectEmpty
AdjustWindowRectEx
SetRect
SendMessageW
MoveWindow
GetWindowRect
IsWindowVisible
IsWindow
SetWindowLongPtrW
GetWindowLongPtrW
ShowWindow
DefWindowProcW
CopyImage
RegisterClassW
UnregisterClassW
LoadCursorW
LoadStringW
ScreenToClient

gdi32

RealizePalette
GetStockObject
SelectPalette
GetObjectW
GetDIBits

ltkrnx

ord137
ord138
ord135
ord332
ord276
ord320
ord317
ord312
ord328
ord336
ord200
ord109
ord106
ord108
ord316
ord197
ord1402
ord335

Exports

Exports

LEAD_Load
L_TBAddButton
L_TBAddButtonA
L_TBCreate
L_TBCreateA
L_TBFree
L_TBFreeToolbarInfo
L_TBFreeToolbarInfoA
L_TBGetButtonChecked
L_TBGetButtonInfo
L_TBGetButtonInfoA
L_TBGetCallback
L_TBGetPosition
L_TBGetRows
L_TBGetToolbarInfo
L_TBGetToolbarInfoA
L_TBInit
L_TBIsButtonEnabled
L_TBIsButtonVisible
L_TBIsValid
L_TBIsVisible
L_TBRemoveButton
L_TBSetAutomationCallback
L_TBSetButtonChecked
L_TBSetButtonEnabled
L_TBSetButtonInfo
L_TBSetButtonInfoA
L_TBSetButtonVisible
L_TBSetCallback
L_TBSetPosition
L_TBSetRows
L_TBSetToolbarInfo
L_TBSetToolbarInfoA
L_TBSetVisible

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53d6c1144469873e6427e0ab834c9aa8

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

59:b4:ff:2c:02:e3:4c:13:81:cb:61:f0:81:50:59:5cCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

ltkrnx

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 2KB - Virtual size: 1KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

59:b4:ff:2c:02:e3:4c:13:81:cb:61:f0:81:50:59:5c
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 2KB - Virtual size: 1KB