49615bd18310418c444b06de0eb58421d897b41bb666ccb1e65bb19f80fd086c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

49615bd18310418c444b06de0eb58421d897b41bb666ccb1e65bb19f80fd086c_NeikiAnalytics.exe
Size

2.4MB
MD5

ff905157df303e305f0f2766cb24ff70
SHA1

85f3d5d95bfc0547612844640cd8fcad241ea6ff
SHA256

49615bd18310418c444b06de0eb58421d897b41bb666ccb1e65bb19f80fd086c
SHA512

cdb13b4fb16d4964ebc10fbdbb58a2d594f4ffa1828643dde5d9bcf3d895200fe23793f2b78bda72c49e834cf588dbe2f6dfe7c398d12d7d118977e8a0e62de6
SSDEEP

49152:HAL1LJ18AUF2J5lTnlIrKJ6WTEHRHw3Ldfd7ppKMvzPA:Hez8QJ5l5s7HRHwze

Score

1^/10

Malware Config

Signatures

Files

49615bd18310418c444b06de0eb58421d897b41bb666ccb1e65bb19f80fd086c_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

429bee3c88d32f7b2b91516fc0ab8784

Code Sign

61:3b:c7:91:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 20:15

Not After

15/04/2021, 20:25

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:8d:a6:4b:7b:d5:2c:4f:d1:8e:a4:cb:bb:86:9d:b6
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

03/08/2022, 10:16

Not After

02/08/2024, 10:16

Subject

CN=Hans Roes,O=Hans Roes,L=Tielen,C=BE,1.2.840.113549.1.9.1=#0c1568616e732e63657274756d406d6f6470726f2e6265

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:e0:52:ac:01:48:20:ab:2b:a5:c2:5e:f9:f9:42:4e:43:da:72:69:2f:8e:d4:51:8a:09:74:14:94:df:f1:99
Signer

Actual PE Digest

64:e0:52:ac:01:48:20:ab:2b:a5:c2:5e:f9:f9:42:4e:43:da:72:69:2f:8e:d4:51:8a:09:74:14:94:df:f1:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BuildAgent\work\67cb58dabc057465\Build\Symbols\Nightly_Win32\Client Core.pdb

Imports

ws2_32

recvfrom
closesocket
select
htons
setsockopt
inet_addr
gethostbyname
inet_ntoa
sendto
ioctlsocket
socket

d3dx9_42

D3DXCheckVersion
D3DXMatrixInverse
D3DXVec3Transform
D3DXLoadSurfaceFromFileInMemory
D3DXCreateEffectFromFileA
D3DXCreateEffect
D3DXMatrixTransformation2D
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixTranslation
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateSprite
D3DXCreateCubeTextureFromFileExA
D3DXCreateTextureFromFileExA
D3DXCreateVolumeTexture
D3DXCreateCubeTexture
D3DXGetImageInfoFromFileA
D3DXDisassembleEffect
D3DXMatrixMultiply
D3DXMatrixTranspose
D3DXSaveVolumeToFileInMemory
D3DXCreateVolumeTextureFromFileExA
D3DXSaveTextureToFileInMemory
D3DXCreateTexture
D3DXSaveSurfaceToFileInMemory
D3DXLoadSurfaceFromSurface
D3DXCreateLine
D3DXCreateFontA

xinput1_3

ord4
ord2

shlwapi

PathGetDriveNumberW
PathBuildRootW

winmm

timeGetTime

gdi32

DeleteObject
AddFontResourceExW
RemoveFontResourceExW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetDeviceCaps
RemoveFontResourceExA
AddFontResourceExA
CreateSolidBrush

imm32

ImmGetCompositionStringW
ImmNotifyIME
ImmReleaseContext
ImmGetContext

kernel32

GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
OutputDebugStringW
SetEnvironmentVariableW
GetTimeZoneInformation
IsValidLocale
GetModuleHandleExW
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
LCMapStringEx
DecodePointer
InterlockedFlushSList
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
WriteConsoleW
Sleep
GetCommandLineA
SetCurrentDirectoryA
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesA
GetFileAttributesExW
GetFullPathNameW
GetLongPathNameW
ReadFile
SetFileAttributesA
GetTempPathW
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThread
GetCurrentThreadId
OpenThread
GetThreadTimes
OpenProcess
GlobalMemoryStatusEx
GetSystemTime
GetLocalTime
CreateTimerQueueTimer
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
LocalFree
GetProcessHeap
lstrcmpiA
SetDllDirectoryA
GetDllDirectoryW
MoveFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
K32GetModuleFileNameExW
K32GetModuleInformation
K32GetProcessMemoryInfo
CreateDirectoryA
CreateFileA
FreeLibrary
GetModuleFileNameA
CopyFileA
LoadLibraryExA
FormatMessageA
CreateThread
SetThreadPriority
ResumeThread
SetPriorityClass
SetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
ExitProcess
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
SetDllDirectoryW
CopyFileW
MoveFileW
WideCharToMultiByte
SetUnhandledExceptionFilter
IsBadCodePtr
GetFileSize
MapViewOfFile
CreateFileMappingA
EncodePointer
InitializeCriticalSectionEx
GetFileInformationByHandleEx
AreFileApisANSI
FindFirstFileExW
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetLocaleInfoEx
WaitNamedPipeW
PeekNamedPipe
WriteFile
MultiByteToWideChar
lstrlenW
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
GetSystemTimeAsFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
FreeEnvironmentStringsW
SetStdHandle
HeapSize
SetEndOfFile
RtlUnwind
UnmapViewOfFile

user32

MoveWindow
MapWindowPoints
SetWindowTextW
LoadImageA
GetWindowLongW
IsWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
LoadIconA
LoadCursorA
SetWindowLongW
SetWindowLongA
GetWindowLongA
FillRect
GetClientRect
EndPaint
BeginPaint
UpdateWindow
GetDC
SetCapture
GetKeyboardState
SetWindowPos
AdjustWindowRect
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
CallWindowProcW
DefWindowProcW
DefWindowProcA
PostMessageA
GetKeyboardLayout
ToUnicodeEx
ClientToScreen
GetKeyState
GetMessageTime
PeekMessageA
SendMessageA
GetCursorPos
SetCursorPos
MapVirtualKeyA
SetProcessDPIAware
MessageBoxW
GetForegroundWindow
KillTimer
SetTimer
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsIconic
GetAsyncKeyState
GetDesktopWindow
GetWindowRect
EnumDisplaySettingsA
SetRect
ChangeDisplaySettingsExA
SetLayeredWindowAttributes
EnumDisplayDevicesA
MonitorFromWindow
ReleaseCapture
GetMonitorInfoA

advapi32

RegFlushKey
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

shell32

Shell_NotifyIconW
ShellExecuteW
ShellExecuteA
SHGetFolderPathW
SHGetFolderPathA
SetCurrentProcessExplicitAppUserModelID
ShellExecuteExW

ole32

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

pthread

pthread_create
pthread_cancel
pthread_mutex_init
pthread_mutex_destroy
pthread_mutex_lock
pthread_mutex_unlock
pthread_cond_init
pthread_cond_destroy
pthread_cond_wait
pthread_cond_timedwait
pthread_cond_signal
pthread_setcancelstate

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

Exports

Exports

GetLibMtaVersion
InitializeCore
L10n_CreateLocalization
SetGTADirectory
SetMTADirectory

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

429bee3c88d32f7b2b91516fc0ab8784

Code Sign

61:3b:c7:91:00:00:00:00:00:34Certificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

32:8d:a6:4b:7b:d5:2c:4f:d1:8e:a4:cb:bb:86:9d:b6Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

64:e0:52:ac:01:48:20:ab:2b:a5:c2:5e:f9:f9:42:4e:43:da:72:69:2f:8e:d4:51:8a:09:74:14:94:df:f1:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

d3dx9_42

xinput1_3

shlwapi

winmm

gdi32

imm32

kernel32

user32

advapi32

shell32

ole32

oleaut32

pthread

version

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 325KB - Virtual size: 324KB

.data Size: 27KB - Virtual size: 246KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 87KB - Virtual size: 87KB

.reloc Size: 78KB - Virtual size: 77KB

61:3b:c7:91:00:00:00:00:00:34
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

32:8d:a6:4b:7b:d5:2c:4f:d1:8e:a4:cb:bb:86:9d:b6
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

64:e0:52:ac:01:48:20:ab:2b:a5:c2:5e:f9:f9:42:4e:43:da:72:69:2f:8e:d4:51:8a:09:74:14:94:df:f1:99
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 325KB - Virtual size: 324KB

.data
Size: 27KB - Virtual size: 246KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 78KB - Virtual size: 77KB