018f308234f7c37ebc18d0f46c0c3c15e21979b5ee45ab9ceb589c82513de214_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

018f308234f7c37ebc18d0f46c0c3c15e21979b5ee45ab9ceb589c82513de214_NeikiAnalytics.exe
Size

1.1MB
MD5

468644181c415da49469bdb01e675b90
SHA1

9148e9b06220b0a4292a5b5cb1d41a224479154a
SHA256

018f308234f7c37ebc18d0f46c0c3c15e21979b5ee45ab9ceb589c82513de214
SHA512

01f811dba828d62536f7fb8f19f83630e8c33274231064ae9c47da48d6ccc90ac3025bd4b4029a81815083dbcfeba6b960fff5845eb05697d87c0a663b5521ea
SSDEEP

24576:ar9h5bFLiR/eojrJBxnhaw6uoQu/Ok6GRA702nn:a9FL0tjrJJaw6uoQi6GF2nn

Score

1^/10

Malware Config

Signatures

Files

018f308234f7c37ebc18d0f46c0c3c15e21979b5ee45ab9ceb589c82513de214_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

81540850f1daa6680911041ba90d48be

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06-05-2022 00:00

Not After

20-05-2025 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06-05-2022 00:00

Not After

20-05-2025 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19-01-2024 16:46

Not After

01-06-2029 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:88:03:0d:88:7a:7c:4f:b6:87:0b:18:4a:2a:71:56:d5:67:28:cf:a4:3e:3c:ff:b9:2c:2b:bb:76:e1:9f:39
Signer

Actual PE Digest

78:88:03:0d:88:7a:7c:4f:b6:87:0b:18:4a:2a:71:56:d5:67:28:cf:a4:3e:3c:ff:b9:2c:2b:bb:76:e1:9f:39

Digest Algorithm

sha256

PE Digest Matches

true

b0:51:a4:ce:d7:e7:bb:39:4e:18:30:c4:f7:14:a5:ea:9f:26:d0:13
Signer

Actual PE Digest

b0:51:a4:ce:d7:e7:bb:39:4e:18:30:c4:f7:14:a5:ea:9f:26:d0:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cp-x64.pdb

Imports

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

kernel32

GetLogicalDriveStringsA
GetCommandLineW
GetVersionExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
GetSystemInfo
VirtualLock
VirtualUnlock
TerminateProcess
SetStdHandle
InitOnceComplete
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetCurrentDirectoryW
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
VirtualQuery
VirtualProtect
VirtualAlloc
InitOnceBeginInitialize
FormatMessageA
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
RaiseException
RtlPcToFileHeader
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetFileType
FormatMessageW
SetLastError
GetTimeZoneInformation
GetSystemTimeAsFileTime
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileExW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
SetEndOfFile
DeleteFileW
SetFileTime
GetLogicalDrives
GetDriveTypeA
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetConsoleMode
GetTimeFormatW
GetDateFormatW
GetStdHandle
WaitForMultipleObjects
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CreateMutexW
ReleaseMutex
GetProcAddress
GetModuleHandleW
GetTickCount
OpenThread
GetCurrentThread
QueueUserAPC
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
ReadFile
LocalAlloc
GetLocalTime
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
OutputDebugStringA
GetTempPathW
WriteFile
CreateFileW
DisableThreadLibraryCalls
WTSGetActiveConsoleSessionId
LocalFree
ProcessIdToSessionId
CloseHandle
lstrlenW
GetCurrentThreadId
GetCurrentProcessId
GetLastError
IsProcessorFeaturePresent
CreateDirectoryW
GetDriveTypeW
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
GetLocaleInfoEx
EncodePointer
GetStringTypeW
SetCurrentDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
OpenProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
VerifyVersionInfoW
LoadLibraryW
GetSystemDirectoryW
VerSetConditionMask
OpenEventA
CreateEventA
WaitForSingleObjectEx
ResetEvent
GetComputerNameExW
FindClose
ExpandEnvironmentStringsW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeLibraryWhenCallbackReturns

user32

GetShellWindow
GetSystemMetrics
GetWindowThreadProcessId

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString

advapi32

RevertToSelf
CredFree
CredUnmarshalCredentialW
ConvertSidToStringSidW
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
OpenThreadToken
RegDisablePredefinedCacheEx
LookupAccountSidW
ImpersonateLoggedOnUser
GetLengthSid
DuplicateToken
CreateWellKnownSid
CopySid
CheckTokenMembership
RegCopyTreeW
RegDeleteTreeW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyTransactedW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyTransactedW
RegCreateKeyExW
RegConnectRegistryW
RegOpenCurrentUser
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenProcessToken
CredIsMarshaledCredentialW
LsaNtStatusToWinError
LookupAccountNameW
IsValidSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CredProtectW
LogonUserW
EqualSid
CredIsProtectedW

credui

CredPackAuthenticationBufferW

secur32

LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
LsaConnectUntrusted

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory

shlwapi

SHStrDupW
PathFileExistsW
ord219

ktmw32

CreateTransaction
CommitTransaction

userenv

UnloadUserProfile
LoadUserProfileW

mpr

WNetGetUniversalNameW

crypt32

CertOpenSystemStoreW
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CryptFindLocalizedName
CryptUnprotectData
CryptProtectData
CertStrToNameW
CryptExportPublicKeyInfoEx
CryptSignAndEncodeCertificate
CertGetPublicKeyLength
CertAddEncodedCertificateToStore
CertCreateCertificateContext
CertCloseStore
CertSaveStore
CertOpenStore
CryptMsgControl
CryptMsgGetParam
CryptMsgUpdate
CryptMsgClose
CryptMsgOpenToDecode
CryptMsgOpenToEncode
CryptEncodeObjectEx
CryptUnprotectMemory
CryptProtectMemory

ncrypt

NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptOpenStorageProvider
NCryptFreeObject
NCryptSetProperty

ws2_32

htonl
ntohl

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bmgrcfg
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81540850f1daa6680911041ba90d48be

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

78:88:03:0d:88:7a:7c:4f:b6:87:0b:18:4a:2a:71:56:d5:67:28:cf:a4:3e:3c:ff:b9:2c:2b:bb:76:e1:9f:39Signer

b0:51:a4:ce:d7:e7:bb:39:4e:18:30:c4:f7:14:a5:ea:9f:26:d0:13Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

kernel32

user32

shell32

ole32

oleaut32

advapi32

credui

secur32

wtsapi32

shlwapi

ktmw32

userenv

mpr

crypt32

ncrypt

ws2_32

Exports

Exports

Sections

.text Size: 768KB - Virtual size: 767KB

.rdata Size: 258KB - Virtual size: 257KB

.data Size: 30KB - Virtual size: 69KB

.pdata Size: 39KB - Virtual size: 39KB

.bmgrcfg Size: 512B - Virtual size: 80B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 6KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

78:88:03:0d:88:7a:7c:4f:b6:87:0b:18:4a:2a:71:56:d5:67:28:cf:a4:3e:3c:ff:b9:2c:2b:bb:76:e1:9f:39
Signer

b0:51:a4:ce:d7:e7:bb:39:4e:18:30:c4:f7:14:a5:ea:9f:26:d0:13
Signer

.text
Size: 768KB - Virtual size: 767KB

.rdata
Size: 258KB - Virtual size: 257KB

.data
Size: 30KB - Virtual size: 69KB

.pdata
Size: 39KB - Virtual size: 39KB

.bmgrcfg
Size: 512B - Virtual size: 80B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB