438ba948a4af18926b73bd24c41a4a1829b08b56256fd92955f784ae8fef053f_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

438ba948a4af18926b73bd24c41a4a1829b08b56256fd92955f784ae8fef053f_NeikiAnalytics.exe
Size

133KB
MD5

08bde8a0717f58e3bf6e760a3f71d1e0
SHA1

3435c433ea9340284ab7ef2736c3d8107dfa98c5
SHA256

438ba948a4af18926b73bd24c41a4a1829b08b56256fd92955f784ae8fef053f
SHA512

7c82e9f9f68d6643fe3b043fe7e59a7b08618dd9672d153a48f47d7447bf06f5e219cc2ad8fe15046828c59eff01e10de2b387d1f4ca9ff17642f150e03f6fc4
SSDEEP

3072:5qfolyQWoRq97+4FTczkFnHYN3SNIuIQNCDqDETO9caMFHt1BWg9RkkBzMq:5qgchoazlnHYN3SNIuIQNCDqDIRZUmRv

Score

1^/10

Malware Config

Signatures

Files

438ba948a4af18926b73bd24c41a4a1829b08b56256fd92955f784ae8fef053f_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

5c25b34b2863c58cfd25a7b0af05c62a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/05/2024, 13:07

Not After

17/05/2025, 13:07

Subject

SERIALNUMBER=556821-8225,CN=Coffee Stain Studios AB,O=Coffee Stain Studios AB,STREET=Hertig Johans Gata 6,L=Skövde,ST=Västra Götaland,C=SE,1.2.840.113549.1.9.1=#0c14637373697440636f66666565737461696e2e7365,1.3.6.1.4.1.311.60.2.1.3=#13025345,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:87:7b:22:c0:39:ed:5b:3a:e7:b2:be:e2:ab:a5:da:6b:8d:98:ed:68:48:bb:6d:7c:4e:ae:b5:bd:27:27:16
Signer

Actual PE Digest

5e:87:7b:22:c0:39:ed:5b:3a:e7:b2:be:e2:ab:a5:da:6b:8d:98:ed:68:48:bb:6d:7c:4e:ae:b5:bd:27:27:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FactoryServer-ExrReaderGpu.pdb

Imports

factoryserver-core

?HandleAtomicsFailure@FWindowsPlatformAtomics@@KAXPEB_WZZ
?Free@FMemory@@SAXPEAX@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
??0FName@@QEAA@PEBDW4EFindName@@@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?DoSetup@FThreadSafeStaticStatBase@@IEBAPEBUTStatIdData@@PEBDPEB_W001_N2W4Type@EStatDataType@@22W4EMemoryCounterRegion@FWindowsPlatformMemory@@@Z
?Singleton@IConsoleManager@@0PEAU1@EA
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPathDebug@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?OutputBeginDynamicEvent@FCpuProfilerTrace@@SAXPEB_WPEBDI@Z
?OutputEndEvent@FCpuProfilerTrace@@SAXXZ
?CheckVerifyFailedImpl@FDebug@@SA_NPEBD0HPEAXPEB_WZZ
?CheckVerifyImpl@@YA_NAEA_N_NPEBDHPEAX2PEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
?OnInvalidArrayNum@Private@Core@UE@@YAX_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_K@Z
?ResizeAllocation@ForAnyElementType@?$TSizedHeapAllocator@$0CA@UFMemory@@@@QEAAXHH_KI@Z
?Initialize@FTypeLayoutDesc@@SAXAEAU1@@Z
?DefaultWriteMemoryImageField@Freeze@@YAXAEAVFMemoryImageWriter@@PEBX1AEBUFTypeLayoutDesc@@2@Z
?DefaultWriteMemoryImage@Freeze@@YAXAEAVFMemoryImageWriter@@PEBXAEBUFTypeLayoutDesc@@2@Z
?DefaultUnfrozenCopy@Freeze@@YAIAEBVFMemoryUnfreezeContent@@PEBXAEBUFTypeLayoutDesc@@PEAX@Z
?DefaultAppendHash@Freeze@@YAIAEBUFTypeLayoutDesc@@AEBUFPlatformTypeLayoutParameters@@AEAVFSHA1@@@Z
?DefaultGetTargetAlignment@Freeze@@YAIAEBUFTypeLayoutDesc@@AEBUFPlatformTypeLayoutParameters@@@Z
?DefaultToString@Freeze@@YAXPEBXAEBUFTypeLayoutDesc@@AEBUFPlatformTypeLayoutParameters@@AEAUFMemoryToStringContext@@@Z
??0FString@@QEAA@PEB_W@Z
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?IsInGameThread@@YA_NXZ
?IsInParallelGameThread@@YA_NXZ
?IsInActualRenderingThread@@YA_NXZ
?SetupSingleton@IConsoleManager@@CAXXZ
?AccessGeneralShaderChangeCvars@FAutoConsoleObject@@SAAEAV?$TArray@PEBVFAutoConsoleObject@@V?$TSizedDefaultAllocator@$0CA@@@@@XZ
?AccessMobileShaderChangeCvars@FAutoConsoleObject@@SAAEAV?$TArray@PEBVFAutoConsoleObject@@V?$TSizedDefaultAllocator@$0CA@@@@@XZ
?AccessDesktopShaderChangeCvars@FAutoConsoleObject@@SAAEAV?$TArray@PEBVFAutoConsoleObject@@V?$TSizedDefaultAllocator@$0CA@@@@@XZ
?GetExtension@FPaths@@SA?AVFString@@AEBV2@_N@Z
?CombineInternal@FPaths@@KA?AVFString@@PEBV?$TStringView@_W@@H@Z
??$LogBogusChars@D_W@FGenericPlatformString@@CAXPEB_WH@Z
?CpuChannel@@3AEAVFChannel@Trace@UE@@EA

factoryserver-rendercore

?AddShaderSourceDirectoryMapping@@YAXAEBVFString@@0@Z
?BindForLegacyShaderParameters@FShaderParameterBindings@@QEAAXPEBVFShader@@HAEBVFShaderParameterMap@@AEBVFShaderParametersMetadata@@_N@Z
??0FShader@@QEAA@XZ
??1FShader@@QEAA@XZ
??1FShaderParametersMetadata@@UEAA@XZ
??1FShaderType@@UEAA@XZ
?GetInstances@FShaderTypeRegistration@@SAAEAV?$TArray@PEBVFShaderTypeRegistration@@V?$TSizedDefaultAllocator@$0CA@@@@@XZ
?StaticGetTypeLayout@FGlobalShader@@SAAEAUFTypeLayoutDesc@@XZ
??0FGlobalShader@@QEAA@AEBUFShaderCompiledShaderInitializerType@@@Z
??0FShaderParametersMetadata@@QEAA@W4EUseCase@0@W4EUniformBufferBindingFlags@@PEB_W222PEBDHIAEBV?$TArray@VFMember@FShaderParametersMetadata@@V?$TSizedDefaultAllocator@$0CA@@@@@_NPEAUFRHIUniformBufferLayoutInitializer@@I@Z
??0FShaderType@@QEAA@W4EShaderTypeForDynamicCast@0@AEAUFTypeLayoutDesc@@PEB_W22IHP6APEAVFShader@@XZP6APEAV3@AEBUFShaderCompiledShaderInitializerType@@@ZP6A_NAEBUFShaderPermutationParameters@@@ZP6A?AW4ERayTracingPayloadType@@H@ZIPEBVFShaderParametersMetadata@@@Z

factoryserver-projects

?Get@IPluginManager@@SAAEAV1@XZ

msvcp140

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memset
__current_exception
__current_exception_context
__C_specific_handler
__std_type_info_destroy_list
memcpy
_purecall
__std_terminate
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

rewind
fclose
feof
fopen_s
ftell
fseek
ferror
fread

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_cexit
terminate
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm

kernel32

InitializeSListHead
DisableThreadLibraryCalls
AcquireSRWLockExclusive
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
ReleaseSRWLockExclusive

Exports

Exports

??0FExrReader@@QEAA@$$QEAV0@@Z
??0FExrReader@@QEAA@AEBV0@@Z
??0FExrReader@@QEAA@XZ
??1FExrReader@@QEAA@XZ
??4FExrReader@@QEAAAEAV0@$$QEAV0@@Z
??4FExrReader@@QEAAAEAV0@AEBV0@@Z
?CalculateTileOffsets@FExrReader@@SAXAEAV?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@AEAV?$TArray@V?$TArray@_JV?$TSizedDefaultAllocator@$0CA@@@@@V?$TSizedDefaultAllocator@$0CA@@@@@AEAV?$TArray@V?$TArray@UFTileDesc@FExrReader@@V?$TSizedDefaultAllocator@$0CA@@@@@V?$TSizedDefaultAllocator@$0CA@@@@@AEBU?$TIntPoint@H@Math@UE@@3H_J_N@Z
?CloseExrFile@FExrReader@@QEAA_NXZ
?GenerateTextureData@FExrReader@@SA_NPEAGHVFString@@HH@Z
?GetByteOffsetForTile@FExrReader@@QEAA_NHHAEA_J@Z
?GetStaticType@FExrSwizzlePS@@SAAEAVFGlobalShaderType@@XZ
?GetStaticType@FExrSwizzleVS@@SAAEAVFGlobalShaderType@@XZ
?GetTypeLayout@FExrSwizzlePS@@QEBAAEBUFTypeLayoutDesc@@XZ
?GetTypeLayout@FExrSwizzleVS@@QEBAAEBUFTypeLayoutDesc@@XZ
?MAX_LENGTH@FExrReader@@0HB
?OpenExrAndPrepareForPixelReading@FExrReader@@QEAA_NVFString@@AEBV?$TArray@HV?$TSizedDefaultAllocator@$0CA@@@@@$$QEAV?$TArray@V?$TArray@_JV?$TSizedDefaultAllocator@$0CA@@@@@V?$TSizedDefaultAllocator@$0CA@@@@@_N@Z
?PLANAR_RGB_SCANLINE_PADDING@FExrReader@@2HB
?ReadExrImageChunk@FExrReader@@QEAA_NPEAX_J@Z
?ReadHeaderData@FExrReader@@CA_NPEAU_iobuf@@@Z
?ReadLineOrTileOffsets@FExrReader@@CA_NPEAU_iobuf@@W4ELineOrder@1@AEAV?$TArray@_JV?$TSizedDefaultAllocator@$0CA@@@@@@Z
?ReadMagicNumberAndVersionField@FExrReader@@CA_NPEAU_iobuf@@@Z
?STRING_SIZE@FExrReader@@0HB
?SeekTileWithinFile@FExrReader@@QEAA_NHHAEA_J@Z
?StaticGetTypeLayout@FExrSwizzlePS@@SAAEAUFTypeLayoutDesc@@XZ
?StaticGetTypeLayout@FExrSwizzleVS@@SAAEAUFTypeLayoutDesc@@XZ
?TILE_PADDING@FExrReader@@2HB
InitializeModule

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 512B - Virtual size: 87B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c25b34b2863c58cfd25a7b0af05c62a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5e:87:7b:22:c0:39:ed:5b:3a:e7:b2:be:e2:ab:a5:da:6b:8d:98:ed:68:48:bb:6d:7c:4e:ae:b5:bd:27:27:16Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

factoryserver-core

factoryserver-rendercore

factoryserver-projects

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.uedbg Size: 512B - Virtual size: 87B

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 512B - Virtual size: 316B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

59:dd:d2:bf:a6:72:e1:01:5a:f0:0f:f1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5e:87:7b:22:c0:39:ed:5b:3a:e7:b2:be:e2:ab:a5:da:6b:8d:98:ed:68:48:bb:6d:7c:4e:ae:b5:bd:27:27:16
Signer

.text
Size: 33KB - Virtual size: 33KB

.uedbg
Size: 512B - Virtual size: 87B

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 512B - Virtual size: 316B