50bd6336da6511ccf11fed8b45d4907874926c34b23af074aa3992f1bf4dba66_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

50bd6336da6511ccf11fed8b45d4907874926c34b23af074aa3992f1bf4dba66_NeikiAnalytics.exe
Size

554KB
MD5

535dc7205e76490e94f8a0bcdee2aa70
SHA1

1b49cb31edbf3de5f2e27d3a2c1193355c620162
SHA256

50bd6336da6511ccf11fed8b45d4907874926c34b23af074aa3992f1bf4dba66
SHA512

3cbc05f358a77352bfbbe439f9fb3ad57580de57743c1b267f01bf18c1127b8e84143eb45d10cb678af697c0b67b8b335b8d3d5825e0cdfb97503043f97023d7
SSDEEP

12288:ydhHgRGlJQtZ8tv3RGlJQtZ8tv3RGlJQtZ8tvB:UhHWGlJyO5GlJyO5GlJyOJ

Score

1^/10

Malware Config

Signatures

Files

50bd6336da6511ccf11fed8b45d4907874926c34b23af074aa3992f1bf4dba66_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

6bf28b2c99d61d7bf13bb8ffed5351ac

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:4d:d3:64:11:70:e6:c2:8f:d6:04:e3
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27-11-2023 08:43

Not After

27-11-2024 08:43

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:62:66:14:b2:10:65:2f:dc:f2:50:57:5b:bf:df:1e:47:b6:7f:72:5f:72:16:16:94:e3:2b:1f:14:6b:53:b6
Signer

Actual PE Digest

72:62:66:14:b2:10:65:2f:dc:f2:50:57:5b:bf:df:1e:47:b6:7f:72:5f:72:16:16:94:e3:2b:1f:14:6b:53:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\RDBuildPool\20240206-07999\startup\Src\main_cpp\Release\PowerDVD.pdb

Imports

shlwapi

PathIsDirectoryW
PathStripPathA
PathRemoveFileSpecA
PathStripPathW
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW

kernel32

GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
SearchPathW
GetCurrentProcess
GetProcAddress
HeapAlloc
HeapFree
GetProcessHeap
RaiseException
GetFileAttributesW
GetLastError
CompareFileTime
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObject
LoadLibraryA
CreateProcessW
GetCommandLineW
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
CreateDirectoryW
SetEvent
ResetEvent
CreateMutexW
CreateEventW
GetCurrentThreadId
FreeLibrary
GetModuleFileNameA
LoadLibraryExA
LoadLibraryExW
LocalFree
SetDllDirectoryW
MultiByteToWideChar
CreateFileW
GetTempPathW
GetDriveTypeW
CloseHandle
EncodePointer
DecodePointer
IsDebuggerPresent
LoadLibraryW
GetExitCodeProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

EnumDisplayDevicesW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

shell32

CommandLineToArgvW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

msvcp110

??0_Pad@std@@QEAA@XZ
??1_Pad@std@@QEAA@XZ
?_Launch@_Pad@std@@QEAAXPEAU_Thrd_imp_t@@@Z
?_Release@_Pad@std@@QEAAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_current
_Thrd_equal
_Thrd_join
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7ios_base@std@@6B@
?id@?$ctype@_W@std@@2V0locale@2@A
??_7?$codecvt@_WDH@std@@6B@
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDH@std@@QEBAHAEAHPEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDH@std@@QEBAHAEAHPEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_WDH@std@@MEAA@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Add_vtordisp1@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?_BADOFF@std@@3_JB
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
?id@?$codecvt@_WDH@std@@2V0locale@2@A

msvcr110

_unlock_file
__crtUnhandledException
__crt_debugger_hook
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
__crtSetUnhandledExceptionFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_configthreadlocale
_ismbblead
_cexit
__crtCapturePreviousContext
_purecall
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memmove
wcsnlen
swprintf_s
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
strnlen
sprintf_s
_set_purecall_handler
_set_invalid_parameter_handler
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
signal
__C_specific_handler
memcpy_s
strcat_s
wcscat_s
_wsplitpath_s
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_vsnprintf_s
fgetwc
fputwc
ungetwc
_vsnwprintf_s
_lock_file
_exit
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
??0bad_cast@std@@QEAA@PEBD@Z
strftime
_localtime64_s
_time64
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_stricmp
wcscpy_s
wcstok_s
_wcsicmp
vswprintf_s
_beginthreadex
_endthreadex
__argc
__argv
tolower
strcpy_s
_strlwr_s
_wputenv_s
?terminate@@YAXXZ
memcmp
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
exit
__crtTerminateProcess

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bf28b2c99d61d7bf13bb8ffed5351ac

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

11:4d:d3:64:11:70:e6:c2:8f:d6:04:e3Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

72:62:66:14:b2:10:65:2f:dc:f2:50:57:5b:bf:df:1e:47:b6:7f:72:5f:72:16:16:94:e3:2b:1f:14:6b:53:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

msvcp110

msvcr110

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 443KB - Virtual size: 442KB

.reloc Size: 2KB - Virtual size: 1KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

11:4d:d3:64:11:70:e6:c2:8f:d6:04:e3
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

72:62:66:14:b2:10:65:2f:dc:f2:50:57:5b:bf:df:1e:47:b6:7f:72:5f:72:16:16:94:e3:2b:1f:14:6b:53:b6
Signer

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 443KB - Virtual size: 442KB

.reloc
Size: 2KB - Virtual size: 1KB