4c20727f4253491df2f2b100d3744a83974ab92bce03a531b90abb2cea5e23f9_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4c20727f4253491df2f2b100d3744a83974ab92bce03a531b90abb2cea5e23f9_NeikiAnalytics.exe
Size

2.0MB
MD5

df64e92f3ac7a41b725e7278e5fc3910
SHA1

3bb31516473621a7ff88e7094120b2429e9b6b6c
SHA256

4c20727f4253491df2f2b100d3744a83974ab92bce03a531b90abb2cea5e23f9
SHA512

88b417521af14a3ec8b9910bf7830031e2163364ed4e8dbacda9fb8b44256edf952bec1bb5a670e221d65feeb1f117cdae63a77d15d165b94521eb10ba7ff0ae
SSDEEP

12288:TX9u9oswvkTIlYGZ72EcRtDgakfoVpkUAHAYYjMYGxP4oguSmM4:TX9SoHknkfI/Agv+xqz4

Score

1^/10

Malware Config

Signatures

Files

4c20727f4253491df2f2b100d3744a83974ab92bce03a531b90abb2cea5e23f9_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

3cae79c5ba1c2ff91f11ad792bd2a7da

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:2d:b7:14:4f:a2:ad:f6:89:83:52:07
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

01/02/2023, 11:50

Not After

30/04/2026, 11:50

Subject

SERIALNUMBER=B40247744,CN=PEÑALARA SOFTWARE SL,O=PEÑALARA SOFTWARE SL,STREET=C/ Teodosio El Grande\, 8-oficina 7,L=Segovia,ST=Segovia,C=ES,1.2.840.113549.1.9.1=#0c16616c6c6f72656e74654070656e616c6172612e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:b1:43:53:03:4f:3d:b1:10:a5:78:0f:52:68:67:2f:c9:bd:7c:af:06:39:5f:13:f9:ef:dc:29:05:0e:9b:2f
Signer

Actual PE Digest

4a:b1:43:53:03:4f:3d:b1:10:a5:78:0f:52:68:67:2f:c9:bd:7c:af:06:39:5f:13:f9:ef:dc:29:05:0e:9b:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Usuario\OneDrive - Peñalara Software\Documentos\Visual Studio 2022\GHC-19\GHC\Release\xgenhor.pdb

Imports

rpcrt4

UuidCreateSequential

msvcp140

?_Xlength_error@std@@YAXPBD@Z

mfc140

ord4865
ord13028
ord6996
ord2860
ord14048
ord14514
ord7783
ord890
ord1389
ord358
ord13234
ord5858
ord1106
ord13966
ord13230
ord4640
ord3946
ord9422
ord7375
ord7603
ord966
ord1441
ord10628
ord11306
ord10770
ord9211
ord10949
ord3249
ord3619
ord3636
ord12425
ord9873
ord10476
ord9535
ord3613
ord3895
ord14180
ord14178
ord3880
ord3848
ord5022
ord13167
ord2690
ord1789
ord4081
ord4131
ord4132
ord7871
ord5735
ord5667
ord14293
ord14286
ord4164
ord13892
ord14191
ord14204
ord4468
ord2751
ord14487
ord3866
ord2989
ord8704
ord4215
ord3184
ord9088
ord6562
ord1177
ord3330
ord3137
ord6444
ord1053
ord1182
ord553
ord3689
ord2202
ord500
ord1140
ord11907
ord346
ord1058
ord2869
ord2880
ord1653
ord498
ord7106
ord511
ord1147
ord7470
ord14460
ord10453
ord14461
ord12119
ord9183
ord3168
ord12066
ord2678
ord6847
ord5011
ord5010
ord5009
ord5008
ord12031
ord13679
ord6194
ord8266
ord11222
ord11225
ord9463
ord9478
ord9468
ord9940
ord9944
ord9480
ord11065
ord8877
ord8869
ord11692
ord9482
ord11070
ord8968
ord11094
ord10000
ord10001
ord7751
ord3796
ord3676
ord3669
ord13044
ord14421
ord974
ord1447
ord13198
ord501
ord1141
ord4085
ord6290
ord7107
ord10334
ord9226
ord7471
ord514
ord1149
ord930
ord982
ord1456
ord968
ord1444
ord1074
ord9258
ord8435
ord1810
ord13556
ord14097
ord12045
ord2339
ord2388
ord13475
ord7890
ord6237
ord2199
ord11487
ord13843
ord13320
ord13176
ord12544
ord8470
ord13216
ord8776
ord13582
ord13730
ord6924
ord8466
ord841
ord5679
ord2533
ord8120
ord5792
ord9170
ord5910
ord13625
ord9194
ord2555
ord4486
ord12120
ord12024
ord8172
ord3169
ord8358
ord5017
ord5018
ord6105
ord12403
ord1783
ord13634
ord5915
ord13632
ord5914
ord11377
ord5931
ord8789
ord11746
ord11741
ord5348
ord3835
ord4578
ord11442
ord10353
ord4209
ord3140
ord9083
ord6461
ord1064
ord6507
ord7295
ord2172
ord12540
ord7135
ord4217
ord9481
ord8870
ord8880
ord10458
ord11066
ord11226
ord11223
ord9090
ord2679
ord12048
ord1076
ord376
ord1458
ord540
ord1169
ord853
ord1372
ord7476
ord12469
ord4868
ord5648
ord13584
ord5826
ord11339
ord7855
ord12634
ord13574
ord8705
ord4218
ord6581
ord8312
ord2524
ord4869
ord14291
ord2251
ord929
ord14054
ord2001
ord6853
ord5696
ord5632
ord842
ord1366
ord2612
ord4068
ord4595
ord5316
ord4733
ord4216
ord9089
ord5960
ord6563
ord1178
ord8026
ord5827
ord10330
ord7618
ord993
ord1468
ord13189
ord7961
ord2301
ord2200
ord13830
ord4450
ord8421
ord2316
ord4580
ord5894
ord13405
ord6831
ord10202
ord5742
ord12869
ord7619
ord12194
ord10383
ord8180
ord12190
ord12182
ord3844
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11928
ord11927
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12484
ord2484
ord5336
ord8285
ord12806
ord8347
ord8429
ord1528
ord4958
ord5003
ord4926
ord4938
ord4944
ord4950
ord4920
ord12201
ord12205
ord307
ord5013
ord12485
ord1173
ord545
ord2394
ord321
ord12706
ord2297
ord2165
ord1650
ord3005
ord5898
ord305
ord1657
ord1655
ord6156
ord1186
ord557
ord6154
ord12541
ord6153
ord2458
ord2459
ord8322
ord12826
ord4656
ord12528
ord2992
ord1885
ord2004
ord4662
ord12555
ord4655
ord1692
ord2986
ord4607
ord4787
ord8465
ord4806
ord1652
ord1181
ord552
ord1696
ord300
ord1654
ord8467
ord1183
ord554
ord8426
ord4315
ord1526
ord6724
ord14571
ord12348
ord12291
ord2376
ord3230
ord2381
ord4841
ord1184
ord555
ord6811
ord13102
ord1448
ord975
ord12074
ord8997
ord10963
ord11343
ord10421
ord4084
ord3396
ord3395
ord3159
ord6193
ord13677
ord3298
ord3295
ord8173
ord2758
ord14699
ord10237
ord10239
ord10238
ord10236
ord10240
ord5631
ord11671
ord11672
ord9096
ord12032
ord3830
ord11881
ord14502
ord8922
ord12116
ord6947
ord10950
ord9192
ord3259
ord13798
ord1717
ord1739
ord1765
ord1751
ord1772
ord4987
ord4932
ord4997
ord4981
ord4896
ord4911
ord4972
ord4493
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord6848
ord11663
ord13628
ord5911
ord2680
ord12067
ord3933
ord3364
ord3363
ord3258
ord12111
ord5228
ord5528
ord5739
ord9305
ord5504
ord5769
ord5231
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388
ord8182
ord10207
ord9167
ord2241
ord7461
ord3688
ord3808
ord1111
ord2407
ord3839
ord2003
ord12686
ord6463
ord6540
ord3924
ord2344
ord8468
ord12539
ord3874

kernel32

FormatMessageA
CloseHandle
SearchPathA
CreateMutexA
ReleaseMutex
LocalFree
GetComputerNameA
GlobalLock
GlobalUnlock
CreateProcessA
GetTempPathA
VerifyVersionInfoW
VerSetConditionMask
Sleep
WaitForSingleObject
ResumeThread
CompareStringA
GetLastError
GetVolumeInformationA
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
CopyFileA
CreateEventA
ResetEvent
SetEvent
GetFullPathNameA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExA
GlobalFree
InitializeCriticalSectionEx
DeleteCriticalSection
GetLogicalDriveStringsA
GetDriveTypeA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

IsWindow
GetLastActivePopup
SetForegroundWindow
OpenClipboard
CloseClipboard
SetClipboardData
LoadIconW
LoadCursorA
SetWindowLongA
GetComboBoxInfo
CopyRect
GetClientRect
PtInRect
GetParent
InvalidateRect
CallWindowProcA
ReleaseCapture
GetDC
ReleaseDC
MapDialogRect
GetCapture
SetCapture
SetTimer
FillRect
FrameRect
IsWindowVisible
GetWindowRect
GetSysColor
FindWindowA
RegisterWindowMessageA
GetClassInfoA
LoadIconA
UpdateWindow
wsprintfA
GetCursorPos
ScreenToClient
LoadMenuW
GetSubMenu
SetMenuDefaultItem
RegisterClipboardFormatA
SystemParametersInfoA
KillTimer
IsIconic
PostMessageA
EnableWindow
InflateRect
SendMessageA
EmptyClipboard

gdi32

GetBkColor
GetTextColor
StretchBlt
CreateCompatibleBitmap
CreateFontIndirectA
CreateCompatibleDC
GetObjectA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
GetCurrentHwProfileA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetKnownFolderPath
ShellExecuteA
SHFileOperationA
DragQueryFileA

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord8

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

iphlpapi

GetAdaptersAddresses

vcruntime140

__std_exception_copy
__std_terminate
__current_exception
__std_exception_destroy
_CxxThrowException
_except_handler4_common
memset
memmove
__current_exception_context
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_get_narrow_winmain_command_line
_seh_filter_exe
strerror
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
exit
_exit
_crt_atexit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_controlfp_s
_errno
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_set_app_type

api-ms-win-crt-time-l1-1-0

asctime_s
_mktime32
_get_timezone
_mktime64
_time64
strftime
_localtime32_s
_localtime64_s
_time32

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
_callnewh
malloc
free

api-ms-win-crt-string-l1-1-0

strncpy_s
toupper
strcat_s
strncat_s
strncmp
strcpy_s
isxdigit
tolower
wcsncat_s
wcsncpy_s
_stricmp
isdigit
isspace
wcsncmp
iscntrl

api-ms-win-crt-stdio-l1-1-0

fopen_s
fread
fclose
_filelength
_read
_close
_write
__p__commode
_lseek
_fileno
__stdio_common_vfprintf
_set_fmode
__stdio_common_vsscanf
_lseeki64
_wopen
_sopen_s
_open
__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat32
_unlink
_stat32
remove
_mkdir
rename

api-ms-win-crt-math-l1-1-0

__setusermatherr
round

api-ms-win-crt-convert-l1-1-0

strtod
mbstowcs_s
strtol
atoi
atof
wcstombs

api-ms-win-crt-locale-l1-1-0

_free_locale
_create_locale
_configthreadlocale
setlocale
_setmbcp

Sections

.text
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cae79c5ba1c2ff91f11ad792bd2a7da

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

2c:2d:b7:14:4f:a2:ad:f6:89:83:52:07Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4a:b1:43:53:03:4f:3d:b1:10:a5:78:0f:52:68:67:2f:c9:bd:7c:af:06:39:5f:13:f9:ef:dc:29:05:0e:9b:2fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

msvcp140

mfc140

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 377KB - Virtual size: 376KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 34KB - Virtual size: 34KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

2c:2d:b7:14:4f:a2:ad:f6:89:83:52:07
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4a:b1:43:53:03:4f:3d:b1:10:a5:78:0f:52:68:67:2f:c9:bd:7c:af:06:39:5f:13:f9:ef:dc:29:05:0e:9b:2f
Signer

.text
Size: 377KB - Virtual size: 376KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 34KB - Virtual size: 34KB