024278719c6a8ed270e5c2ee6813dcfbc9ae76fffc18a9a5ef17e9549fa5d402_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

024278719c6a8ed270e5c2ee6813dcfbc9ae76fffc18a9a5ef17e9549fa5d402_NeikiAnalytics.exe
Size

3.0MB
MD5

6756f218846f5c89a04906c06220d990
SHA1

e7d78f8eca9152b319bc58a3b030613046951792
SHA256

024278719c6a8ed270e5c2ee6813dcfbc9ae76fffc18a9a5ef17e9549fa5d402
SHA512

1d2cf61fde9fed4b73dac51bd08b3b612d66b0fc7504cb31cc3a8a163075d13744461260b11c3929527aa3844d8220278351bb6f220d376d0ab0d8c9e00d5750
SSDEEP

49152:f3akKCOUrqfyEAjNjyYh5DPwMVLP7WsfkoXdqBxp9p0p7Y:vnZGaEAxjvbNpP7WKK9p0ps

Score

1^/10

Malware Config

Signatures

Files

024278719c6a8ed270e5c2ee6813dcfbc9ae76fffc18a9a5ef17e9549fa5d402_NeikiAnalytics.exe
.exe windows:4 windows x64 arch:x64

Code Sign

6d:28:fb:67:9d:01:94:af:4a:d9:0e:54:72:e7:34:33
Certificate

Issuer

CN=Conti Ransomware Builder

Not Before

30/05/2024, 05:00

Not After

06/06/2034, 05:00

Subject

CN=Conti Ransomware Builder

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:3e:43:b8:d4:9d:db:d9:95:90:03:40:37:d3:e0:4d:82:f9:ce:eb:49:73:c8:d9:c5:9e:9b:99:9a:ad:f6:48:5d:fe:4b:e3:19:99:68:24:21:ad:4c:df:09:a6:6b:59:d1:8e:24:19:66:84:81:0e:fe:9d:86:fd:06:44:2f:6b
Signer

Actual PE Digest

80:3e:43:b8:d4:9d:db:d9:95:90:03:40:37:d3:e0:4d:82:f9:ce:eb:49:73:c8:d9:c5:9e:9b:99:9a:ad:f6:48:5d:fe:4b:e3:19:99:68:24:21:ad:4c:df:09:a6:6b:59:d1:8e:24:19:66:84:81:0e:fe:9d:86:fd:06:44:2f:6b

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 728B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 2.2MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

6d:28:fb:67:9d:01:94:af:4a:d9:0e:54:72:e7:34:33Certificate

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

80:3e:43:b8:d4:9d:db:d9:95:90:03:40:37:d3:e0:4d:82:f9:ce:eb:49:73:c8:d9:c5:9e:9b:99:9a:ad:f6:48:5d:fe:4b:e3:19:99:68:24:21:ad:4c:df:09:a6:6b:59:d1:8e:24:19:66:84:81:0e:fe:9d:86:fd:06:44:2f:6bSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 800B

.rdata Size: 5KB - Virtual size: 5KB

.eh_fram Size: 512B - Virtual size: 4B

.pdata Size: 4KB - Virtual size: 4KB

.xdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 728B

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 132B

.rsrc Size: 10KB - Virtual size: 10KB

.enigma1 Size: 2.2MB - Virtual size: 4KB

.enigma2 Size: 700KB - Virtual size: 700KB

6d:28:fb:67:9d:01:94:af:4a:d9:0e:54:72:e7:34:33
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

80:3e:43:b8:d4:9d:db:d9:95:90:03:40:37:d3:e0:4d:82:f9:ce:eb:49:73:c8:d9:c5:9e:9b:99:9a:ad:f6:48:5d:fe:4b:e3:19:99:68:24:21:ad:4c:df:09:a6:6b:59:d1:8e:24:19:66:84:81:0e:fe:9d:86:fd:06:44:2f:6b
Signer

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 800B

.rdata
Size: 5KB - Virtual size: 5KB

.eh_fram
Size: 512B - Virtual size: 4B

.pdata
Size: 4KB - Virtual size: 4KB

.xdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 728B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 132B

.rsrc
Size: 10KB - Virtual size: 10KB

.enigma1
Size: 2.2MB - Virtual size: 4KB

.enigma2
Size: 700KB - Virtual size: 700KB