3147ea30494e21da12df0c9b1a3cc9e3203fd95c54b0bcf72bfd15ee51f4a436_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3147ea30494e21da12df0c9b1a3cc9e3203fd95c54b0bcf72bfd15ee51f4a436_NeikiAnalytics.exe
Size

872KB
MD5

f08853bbd3d7eedee41d20696fba10d0
SHA1

01bba1e1fefc2b8bad3317976262ee74438b3ef7
SHA256

3147ea30494e21da12df0c9b1a3cc9e3203fd95c54b0bcf72bfd15ee51f4a436
SHA512

7e398181e3700d1d5c0cd77017ef5ea2392544e72ba82361b0bdc229609e530bbcfc3b824f7d515d11c26448f6ba2fbeadc9cece506f7b6410db218f0154135e
SSDEEP

12288:tNkNhF9OYoShAN8CNxubaUyZrPuU22zCJNV1M+/mn4qRAhIL3xXLEmWR4JpzkTsd:74oShnCbbHwdMK9qRAOLNKEp4sJZhUU

Score

1^/10

Malware Config

Signatures

Files

3147ea30494e21da12df0c9b1a3cc9e3203fd95c54b0bcf72bfd15ee51f4a436_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

8a890c26e14ffd1c02e0f3e2acbeef36

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-08-2022 00:00

Not After

14-08-2024 23:59

Subject

CN=MOBILE-ID TECHNOLOGIES AND SERVICES JOINT STOCK COMPANY,OU=IT Department,O=MOBILE-ID TECHNOLOGIES AND SERVICES JOINT STOCK COMPANY,L=Thủ Đức,ST=Ho Chi Minh City,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:cb:77:c4:53:28:24:7e:b1:d3:64:35:be:37:40:07:5b:37:5c:a6
Signer

Actual PE Digest

71:cb:77:c4:53:28:24:7e:b1:d3:64:35:be:37:40:07:5b:37:5c:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vnptca_p11_v8.pdb

Imports

kernel32

CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
HeapSize
GetModuleFileNameA
WriteFile
LCMapStringW
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetSystemTimeAsFileTime
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetConsoleCP
CreateThread
QueryPerformanceCounter
VirtualQuery
lstrcmpiW
GetUserDefaultLangID
CreateFileW
GetFileSize
ReadFile
ResetEvent
TerminateThread
MultiByteToWideChar
WideCharToMultiByte
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenMutexW
CreateMutexW
InterlockedDecrement
ReleaseMutex
OpenEventW
CreateEventW
WaitForMultipleObjects
SetEvent
GetVersionExW
GetSystemInfo
LocalFree
GetCurrentProcessId
OutputDebugStringW
GetStdHandle
GetCurrentThread
WaitForSingleObject
InterlockedIncrement
GetModuleFileNameW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
GetTickCount
Sleep
LocalAlloc
GetCurrentProcess
CloseHandle
GetLocalTime
SystemTimeToFileTime
CompareFileTime
HeapAlloc
HeapFree
IsBadReadPtr
TlsSetValue
TlsAlloc
lstrcpyW
lstrcatW
lstrlenW
GetComputerNameExW
GetLastError
TlsGetValue

user32

wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SendMessageW
SetWindowsHookExW
GetForegroundWindow
FindWindowW
RegisterWindowMessageW
InflateRect
SetWindowPos
MapWindowPoints
SetTimer
GetAsyncKeyState
GetKeyboardState
ToAscii
GetFocus
GetDlgCtrlID
GetClassNameW
PtInRect
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetDesktopWindow
GetWindowRect
GetWindow
GetParent
GetWindowLongW
EndDialog
CheckDlgButton
GetDlgItem
SetDlgItemTextW
IsDlgButtonChecked
ShowWindow
KillTimer
PostMessageW
GetDC
ReleaseDC
MessageBoxW
IsWindowEnabled
GetSystemMetrics
SetFocus
EnableWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
SetActiveWindow
DefWindowProcW
IsWindow
SetPropW
GetPropW
CallWindowProcW
DrawTextW
SetWindowRgn
SetRect
FillRect
GetSysColor
DialogBoxParamW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
UpdateWindow
SetWindowLongW
MoveWindow
IsWindowVisible

gdi32

MoveToEx
SetBkColor
ExtTextOutW
GetTextExtentPoint32W
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
BitBlt
CreateSolidBrush
CreateEllipticRgn
SetTextColor
SetBkMode
CreateFontW
SelectClipRgn
CreatePen
LineTo
TextOutW
Ellipse
GetStockObject
CreateRectRgnIndirect
Arc
DeleteObject

advapi32

OpenThreadToken
SetThreadToken
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
QueryServiceConfigW
ChangeServiceConfigW
StartServiceW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTokenInformation
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl

shell32

ShellExecuteExW

ole32

CoCreateGuid

wininet

InternetGetConnectedState
InternetReadFile
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetOpenW
InternetOpenUrlA
InternetOpenA

crypt32

CertCreateCertificateContext
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CryptDecodeObject
CertFindExtension
CertGetNameStringW
CertCloseStore
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertOpenStore
CryptVerifyCertificateSignature

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

winscard

SCardEndTransaction
g_rgSCardT0Pci
g_rgSCardT1Pci
SCardReconnect
SCardConnectW
SCardEstablishContext
SCardReleaseContext
SCardDisconnect
SCardBeginTransaction
SCardTransmit
SCardListReadersW
SCardGetStatusChangeW
SCardIsValidContext
SCardStatusW

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
CardAcquireContext
E_GetAuxFunctionList
GetKeyStorageInterface
eb_RegKspProvider
eb_RunNoElevated
eb_StartScardSvc
eb_UnRegKspProvider

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a890c26e14ffd1c02e0f3e2acbeef36

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04Certificate

Extended Key Usages

Key Usages

71:cb:77:c4:53:28:24:7e:b1:d3:64:35:be:37:40:07:5b:37:5c:a6Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

wininet

crypt32

wtsapi32

winscard

Exports

Exports

Sections

.text Size: 619KB - Virtual size: 619KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 28KB - Virtual size: 46KB

ve_share Size: 2KB - Virtual size: 1KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 39KB - Virtual size: 38KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04
Certificate

71:cb:77:c4:53:28:24:7e:b1:d3:64:35:be:37:40:07:5b:37:5c:a6
Signer

.text
Size: 619KB - Virtual size: 619KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 28KB - Virtual size: 46KB

ve_share
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 39KB - Virtual size: 38KB