b8f44eff3f1308c98ca2f96f8512a943b160a0fd90a64bf8d27342e7e8195481_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b8f44eff3f1308c98ca2f96f8512a943b160a0fd90a64bf8d27342e7e8195481_NeikiAnalytics.exe
Size

271KB
MD5

1f9bd214577d64be767e68a492cc67e0
SHA1

60a4c24eb8628e6f2c121749a8e6b8791cd8596a
SHA256

b8f44eff3f1308c98ca2f96f8512a943b160a0fd90a64bf8d27342e7e8195481
SHA512

817eca21432db8fac9e3a569f6e0742a8d1546a032d959664010833644265cfc8c434c2ecaa9d1e458322455c04637ddb0bab9b5b697d6a128963bb98c3c7746
SSDEEP

6144:FwjeN9Y1ajL7uZSV3EUZwHuhgb/V3LCFWTBgO6FQ309F:4ezYsjL7uI5EUZwHu6b/V3LCFWTCJFy2

Score

1^/10

Malware Config

Signatures

Files

b8f44eff3f1308c98ca2f96f8512a943b160a0fd90a64bf8d27342e7e8195481_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

000057991325a8c28cbbb1fd7813c95b

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:e8:06:75:b7:45:87:6b:e6:9e:15:73
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/09/2023, 06:47

Not After

06/09/2026, 06:47

Subject

SERIALNUMBER=91110108766259016Q,CN=DVDFab Software Inc.,O=DVDFab Software Inc.,STREET=海淀区北四环西路9号2108,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:db:00:4d:a4:53:90:16:77:11:f0:10:e9:0a:f3:a7:86:c0:9d:7e:6a:5a:6e:9e:ca:a6:0b:2a:e8:49:9c:88
Signer

Actual PE Digest

fd:db:00:4d:a4:53:90:16:77:11:f0:10:e9:0a:f3:a7:86:c0:9d:7e:6a:5a:6e:9e:ca:a6:0b:2a:e8:49:9c:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

X:\projects\dvdfab10_dev\tools\BugTrap\bin\CrashRpt.pdb

Imports

ws2_32

gethostbyname
inet_ntoa
WSASocketA
WSASend
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
shutdown
setsockopt
inet_addr
htons
connect
closesocket
WSACleanup
WSAStartup
gethostname

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_LoadImageA

shlwapi

PathRemoveExtensionA
PathSkipRootA
PathIsRelativeA
PathRemoveBackslashA
UrlIsA
PathCreateFromUrlA
PathFindNextComponentA
PathAddExtensionA
PathIsRootA
PathRemoveFileSpecA
PathAppendA
StrTrimA
PathIsURLA
PathCombineA
PathFindFileNameA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

HttpEndRequestA
HttpSendRequestExA
HttpOpenRequestA
InternetSetStatusCallback
InternetAttemptConnect
InternetWriteFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA
InternetGetLastResponseInfoA

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
DecodePointer
EncodePointer
GetWindowsDirectoryA
IsDBCSLeadByte
GetTickCount
RemoveDirectoryA
CreateDirectoryA
GetTempPathA
WaitForMultipleObjects
LocalReAlloc
GetExitCodeThread
GetModuleFileNameA
CreateFileA
WriteFile
CloseHandle
CopyFileA
GetCurrentProcess
WriteProcessMemory
GetProcAddress
LoadLibraryA
FindClose
FindFirstFileA
FindNextFileA
RaiseException
SetEvent
WaitForSingleObject
WideCharToMultiByte
GetFileSize
ReadFile
SetFilePointer
GetStringTypeA
MulDiv
FreeLibrary
GetProfileIntA
GetLastError
GetCurrentProcessId
OpenProcess
GetVersionExA
GetModuleHandleA
DeleteCriticalSection
GetStdHandle
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
GetLocalTime
VirtualProtect
VirtualQuery
RtlCaptureContext
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineA
GetCurrentDirectoryA
DeleteFileA
GetFileAttributesA
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
GlobalMemoryStatusEx
GetSystemInfo
ReadProcessMemory
LocalAlloc
LocalFree
FormatMessageA
GetComputerNameA
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
SetUnhandledExceptionFilter
CreateEventA
TerminateProcess
CreateProcessA
DisableThreadLibraryCalls
GetUserDefaultLangID
ResetEvent
GetSystemTimeAsFileTime

user32

MapWindowPoints
TabbedTextOutA
GetTabbedTextExtentA
EnumDisplayDevicesA
SendMessageTimeoutA
GetActiveWindow
GetSystemMenu
AppendMenuA
GetForegroundWindow
GetWindowThreadProcessId
DrawTextA
GetWindow
GetClassLongPtrA
LoadCursorA
DestroyIcon
DrawIconEx
CopyIcon
GetWindowLongPtrA
IsRectEmpty
FillRect
GetSysColorBrush
RedrawWindow
EndPaint
BeginPaint
KillTimer
SetTimer
DefWindowProcA
SetWindowLongPtrA
PostQuitMessage
PostMessageA
DispatchMessageA
EndDeferWindowPos
LoadIconA
ScreenToClient
GetWindowRect
CreateDialogParamA
SetWindowPos
MessageBoxA
SetForegroundWindow
LoadImageA
SetWindowLongA
GetWindowLongA
CheckRadioButton
ShowWindow
UpdateWindow
IsWindowEnabled
EnableWindow
DialogBoxParamA
DestroyWindow
CreateWindowExA
InvalidateRect
GetSystemMetrics
DeferWindowPos
BeginDeferWindowPos
DrawEdge
IsZoomed
IsWindowVisible
LoadStringA
GetSysColor
SetScrollPos
GetDialogBaseUnits
PtInRect
SetWindowTextA
GetDlgCtrlID
SetCursor
GetWindowTextLengthA
SendMessageA
GetParent
GetWindowTextA
SetFocus
SetDlgItemTextA
GetDlgItem
EndDialog
DrawFocusRect
ReleaseCapture
SetCapture
GetCapture
GetFocus
IsChild
GetMessagePos
SystemParametersInfoA
GetScrollInfo
SetScrollInfo
GetScrollPos
ScrollWindowEx
ReleaseDC
GetDC
GetMessageA
GetKeyState
GetClientRect

gdi32

GetTextMetricsA
MoveToEx
SetTextColor
CreateCompatibleDC
LineTo
SetViewportOrgEx
SelectObject
GetTextExtentPoint32A
StretchBlt
GetObjectA
CreateDCA
GetDeviceCaps
GetDIBits
CreateFontIndirectA
PatBlt
GetClipBox
TextOutA
CreateCompatibleBitmap
BitBlt
DeleteObject
DeleteDC
SetBkColor

comdlg32

GetSaveFileNameA

advapi32

RegEnumValueA
RegEnumKeyExA
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExA
RegCloseKey
GetUserNameA
RegQueryValueExA

shell32

ExtractIconExA
SHGetSpecialFolderPathA
SHGetFileInfoA
ShellExecuteA

ole32

StringFromGUID2

oleaut32

GetErrorInfo
SysFreeString

msvcr120

srand
_time64
fclose
ferror
fopen
fread
fseek
ftell
fwrite
strcpy_s
memcpy
_ultoa_s
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_purecall
memset
sprintf_s
free
_callnewh
malloc
strtoul
_memicmp
_lock
_unlock
atoi
_calloc_crt
__dllonexit
_onexit
_stricmp
strlen
_mbsicmp
_beginthreadex
memmove
abs
_mbschr
_vsnprintf_s
strcmp
_mbscmp
_mbsnbcpy_s
_ui64toa_s
__C_specific_handler
memcmp
_mbsnbicmp
_itoa_s
_mbsnbcat_s
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
__clean_type_info_names_internal
rand

Exports

Exports

BT_AddLogFile
BT_AddRegFile
BT_AppLogEntry
BT_AppLogEntryF
BT_AppLogEntryV
BT_CallCppFilter
BT_CallNetFilter
BT_CallSehFilter
BT_ClearLog
BT_ClearLogFiles
BT_CloseLogFile
BT_CppFilter
BT_DeleteLogFile
BT_ExportRegistryKey
BT_FlushLogFile
BT_GetActivityType
BT_GetAppName
BT_GetAppVersion
BT_GetCustomActivityHandler
BT_GetDialogMessage
BT_GetDumpType
BT_GetExitMode
BT_GetFlags
BT_GetLogEchoMode
BT_GetLogFileEntry
BT_GetLogFileName
BT_GetLogFilesCount
BT_GetLogFlags
BT_GetLogLevel
BT_GetLogSizeInBytes
BT_GetLogSizeInEntries
BT_GetMailProfile
BT_GetModule
BT_GetNotificationEMail
BT_GetPostErrHandler
BT_GetPreErrHandler
BT_GetReportFilePath
BT_GetReportFormat
BT_GetSupportEMail
BT_GetSupportHost
BT_GetSupportPort
BT_GetSupportURL
BT_GetUserMessage
BT_InsLogEntry
BT_InsLogEntryF
BT_InsLogEntryV
BT_InstallSehFilter
BT_InterceptSUEF
BT_MailSnapshot
BT_MailSnapshotEx
BT_NetFilter
BT_OpenLogFile
BT_ReadVersionInfo
BT_SaveSnapshot
BT_SaveSnapshotEx
BT_SehFilter
BT_SendSnapshot
BT_SendSnapshotEx
BT_SetActivityType
BT_SetAppName
BT_SetAppVersion
BT_SetCustomActivityHandler
BT_SetDialogMessage
BT_SetDumpType
BT_SetExitMode
BT_SetFlags
BT_SetLogEchoMode
BT_SetLogFlags
BT_SetLogLevel
BT_SetLogSizeInBytes
BT_SetLogSizeInEntries
BT_SetMailProfile
BT_SetModule
BT_SetNotificationEMail
BT_SetPostErrHandler
BT_SetPreErrHandler
BT_SetReportFilePath
BT_SetReportFormat
BT_SetSupportEMail
BT_SetSupportHost
BT_SetSupportPort
BT_SetSupportServer
BT_SetSupportURL
BT_SetUserMessage
BT_SetUserMessageFromCode
BT_UninstallSehFilter

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

000057991325a8c28cbbb1fd7813c95b

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

2a:e8:06:75:b7:45:87:6b:e6:9e:15:73Certificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

fd:db:00:4d:a4:53:90:16:77:11:f0:10:e9:0a:f3:a7:86:c0:9d:7e:6a:5a:6e:9e:ca:a6:0b:2a:e8:49:9c:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

comctl32

shlwapi

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcr120

Exports

Exports

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 8KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 1024B - Virtual size: 616B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

2a:e8:06:75:b7:45:87:6b:e6:9e:15:73
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

fd:db:00:4d:a4:53:90:16:77:11:f0:10:e9:0a:f3:a7:86:c0:9d:7e:6a:5a:6e:9e:ca:a6:0b:2a:e8:49:9c:88
Signer

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 8KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 1024B - Virtual size: 616B