4f51412e6b5312641281a78f221a425c02ce17fe1ed34e820c3b574a626684fb_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4f51412e6b5312641281a78f221a425c02ce17fe1ed34e820c3b574a626684fb_NeikiAnalytics.exe
Size

1.5MB
MD5

8bf99963dead9133551643ae017bd6b0
SHA1

96b7d4b56d738884b7f79265414340475140207c
SHA256

4f51412e6b5312641281a78f221a425c02ce17fe1ed34e820c3b574a626684fb
SHA512

11866105970dc628ba4400de2aef1cbd8cc0db029892548c61498e69913cf3d577280c1fa6c46f26c667d87db1a9d2c9f39d24ebee9a66df759d8e0c48aeb651
SSDEEP

24576:znWKZAJti5+wMQy1+KpP7X9UObPU2wbFOdlTfpE7aLJkkLGDZ7rEH70:yKeti5AZls2wZAt+ZJ

Score

1^/10

Malware Config

Signatures

Files

4f51412e6b5312641281a78f221a425c02ce17fe1ed34e820c3b574a626684fb_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

f3dcba3971dfa0300e0d5a5436750597

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23-11-2021 00:00

Not After

09-01-2024 23:59

Subject

SERIALNUMBER=215-87-21739,CN=iniLINE Co.\, Ltd.,O=iniLINE Co.\, Ltd.,L=Guro-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23-11-2021 00:00

Not After

09-01-2024 23:59

Subject

SERIALNUMBER=215-87-21739,CN=iniLINE Co.\, Ltd.,O=iniLINE Co.\, Ltd.,L=Guro-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:bc:38:8c:de:55:b5:81:cc:ba:2d:83:9f:44:d1:74:8c:4c:5c:d4:30:c1:cc:57:b2:62:51:5b:67:87:51:6e
Signer

Actual PE Digest

34:bc:38:8c:de:55:b5:81:cc:ba:2d:83:9f:44:d1:74:8c:4c:5c:d4:30:c1:cc:57:b2:62:51:5b:67:87:51:6e

Digest Algorithm

sha256

PE Digest Matches

false

c1:e6:39:66:4d:ea:4c:bc:26:b5:92:ba:e4:9c:4c:e4:ac:46:f8:a6
Signer

Actual PE Digest

c1:e6:39:66:4d:ea:4c:bc:26:b5:92:ba:e4:9c:4c:e4:ac:46:f8:a6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Build\CrossEXService\client\projects\windows\Release\CrossEXService.pdb

Imports

kernel32

ReadConsoleInputA
SetConsoleMode
FindFirstFileA
lstrlenW
GetModuleHandleW
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
lstrcmpA
FileTimeToSystemTime
SystemTimeToFileTime
GetModuleFileNameW
GetCurrentProcessId
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedDecrement
InterlockedIncrement
CompareStringW
lstrcmpW
GlobalFlags
FindClose
GetCurrentThreadId
GlobalAddAtomW
LoadLibraryW
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetModuleHandleA
GetVersionExA
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringA
FileTimeToLocalFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetFileType
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetModuleFileNameA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
SetStdHandle
GetConsoleCP
GetConsoleMode
GetProcessHeap
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetDriveTypeA
GetFullPathNameA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
SetLastError
GetStdHandle
GetTickCount
SetHandleInformation
GetCurrentProcess
TerminateProcess
CreateProcessA
GetExitCodeProcess
Sleep
UnregisterWaitEx
RegisterWaitForSingleObject
DisconnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
UnregisterWait
DeleteCriticalSection
CreateEventW
EnterCriticalSection
LeaveCriticalSection
TerminateThread
InitializeCriticalSection
SetEvent
WaitForSingleObject
ExitProcess
LoadLibraryExA
LockResource
GetProcAddress
SizeofResource
WideCharToMultiByte
GetUserDefaultLangID
LoadResource
FreeLibrary
FindResourceW
CloseHandle
ReleaseMutex
SetNamedPipeHandleState
GetLastError
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
lstrlenA
CreateMutexW

user32

RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
DestroyMenu
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CallWindowProcW
CopyRect
GetMenu
GetForegroundWindow
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessagePos
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowsHookExW
CallNextHookEx
GetKeyState
PeekMessageW
ValidateRect
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetTopWindow
DestroyWindow
GetMessageTime
GetMessageW
PostQuitMessage
LoadCursorW
TranslateMessage
RegisterClassExW
LoadIconW
LoadStringW
MapWindowPoints
ShowWindow
CreateWindowExW
UpdateWindow
DefWindowProcW
DispatchMessageW
GetWindowTextW

advapi32

RegOpenKeyExA
RegCloseKey
ReportEventA
RegQueryValueExA
DeregisterEventSource
RegisterEventSourceA

ole32

CoTaskMemAlloc
CoTaskMemFree

ws2_32

sendto
setsockopt
closesocket
recv
ntohs
htons
__WSAFDIsSet
bind
socket
getsockname
gethostbyname
send
getsockopt
listen
accept
shutdown
getpeername
WSASetLastError
ioctlsocket
connect
inet_ntoa
WSAStartup
recvfrom
ntohl
htonl
select
WSAGetLastError

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
SetViewportExtEx
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SaveDC
RestoreDC
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetDeviceCaps
SetBkColor
SetTextColor
SetMapMode
GetClipBox

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 991KB - Virtual size: 991KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3dcba3971dfa0300e0d5a5436750597

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7fCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7fCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

34:bc:38:8c:de:55:b5:81:cc:ba:2d:83:9f:44:d1:74:8c:4c:5c:d4:30:c1:cc:57:b2:62:51:5b:67:87:51:6eSigner

c1:e6:39:66:4d:ea:4c:bc:26:b5:92:ba:e4:9c:4c:e4:ac:46:f8:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

ws2_32

version

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 991KB - Virtual size: 991KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 61KB - Virtual size: 84KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 70KB - Virtual size: 69KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:5e:a2:df:61:66:a5:4c:e4:28:7a:6c:80:ed:fc:7f
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

34:bc:38:8c:de:55:b5:81:cc:ba:2d:83:9f:44:d1:74:8c:4c:5c:d4:30:c1:cc:57:b2:62:51:5b:67:87:51:6e
Signer

c1:e6:39:66:4d:ea:4c:bc:26:b5:92:ba:e4:9c:4c:e4:ac:46:f8:a6
Signer

.text
Size: 991KB - Virtual size: 991KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 61KB - Virtual size: 84KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 70KB - Virtual size: 69KB