f3dfc42435754ed22732f2e3027d4000_NEIKI

Sharing

Copy URL Twitter E-mail

General

Target

f3dfc42435754ed22732f2e3027d4000_NEIKI
Size

4.5MB
MD5

f3dfc42435754ed22732f2e3027d4000
SHA1

1ff1b696b55710d80278a90c1e69ef11cb29d8d6
SHA256

e93c0d179824ebaf2f96ed14e10bd9c325595b9f11505c5d105c6880eaccc6a7
SHA512

2bc882ac5c6e0276b9a1ee9d7a1c20e714ed39d6b6be535d4c8f06ba3452e9a076aa0c91cb76d48fc4a564637bf3632f29aad9b0db87cb50b760b56344f931ba
SSDEEP

98304:BcrArX8Lw3+hAYYHsW9jsQVzWF432lz9+q8oHB6dSXXahK9aZQ+3QuNR6RbXx7vS:Bd9OgGFNAdSXXahKMZQ+3QuNR6h9KPZ

Score

1^/10

Malware Config

Signatures

Files

f3dfc42435754ed22732f2e3027d4000_NEIKI
.exe windows:4 windows x86 arch:x86

77682fd488b19d0cfcf7d338cd0aa4ee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:33:f2:87:09:e2:63:de:83:af:fd:88:3e:39:b9:12
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/06/2011, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Google Inc.,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb

Imports

gdi32

GetTextMetricsA
SetBkMode
GetGlyphOutlineW
CreateFontIndirectA
DeleteObject
CreateDIBSection
SetStretchBltMode
StretchBlt
GetStockObject
CreatePen
Rectangle
BitBlt
GetDeviceCaps
GetGlyphOutlineA
GetKerningPairsA
GetTextExtentPoint32A
TextOutW
ExtTextOutW
GetTextExtentPoint32W
TextOutA
ExtTextOutA
GetObjectA
CreateSolidBrush
GetICMProfileA
CreateCompatibleBitmap
DeleteDC
SelectObject
GetOutlineTextMetricsA
CreateCompatibleDC

kernel32

GetTempPathW
SetFileAttributesW
CopyFileW
CreateProcessA
CreateFileW
FindNextFileA
GetShortPathNameW
FindNextFileW
GetTempPathA
FindFirstFileExW
RemoveDirectoryA
GetFileAttributesExA
FindFirstFileA
CreateDirectoryExW
FindFirstFileW
SetFileAttributesA
CreateDirectoryW
DeleteFileA
GetDriveTypeA
FindResourceA
SizeofResource
SetFileTime
LoadResource
LockResource
LockFileEx
UnlockFileEx
GetFileSize
SetFilePointerEx
GetFileSizeEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
QueryPerformanceFrequency
MulDiv
lstrcmpW
GlobalLock
GlobalUnlock
GlobalAlloc
CreateThread
GetSystemInfo
GetSystemDefaultLCID
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcessTimes
GlobalFree
lstrlenA
DisableThreadLibraryCalls
lstrcmpiA
FlushInstructionCache
IsDBCSLeadByte
lstrlenW
lstrcmpA
DeleteFileW
LoadLibraryExW
GetFileAttributesA
LoadLibraryW
GetFileAttributesW
GetThreadLocale
IsProcessorFeaturePresent
ExitThread
VirtualProtect
FormatMessageA
GlobalMemoryStatusEx
QueryPerformanceCounter
GetCommandLineW
ExitProcess
GetLongPathNameA
GetLongPathNameW
CreateMutexA
FindClose
GetLastError
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
OpenProcess
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
Sleep
OpenMutexA
CreateEventA
SetEvent
CloseHandle
GetShortPathNameA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
FindFirstFileExA
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
RaiseException
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
RtlUnwind
SetHandleCount
GetFileType
SetFilePointer
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
CreateFileA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualQuery
ResetEvent
TerminateThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DebugBreak
GetVersion
OutputDebugStringA
LoadLibraryExA
SetErrorMode
LocalFree
GetModuleFileNameW
GetSystemDirectoryA
SearchPathA
GetWindowsDirectoryA
MoveFileW
GetFileAttributesExW
MoveFileExW
CopyFileA
GetDateFormatW
CreateDirectoryA
GetTimeFormatW
CreateDirectoryExA
MoveFileA
RemoveDirectoryW
MoveFileExA
CreateProcessW
FindFirstChangeNotificationW
CopyFileExW
FindFirstChangeNotificationA
MoveFileWithProgressW
CopyFileExA
MoveFileWithProgressA
GetModuleHandleW

ole32

CLSIDFromString
OleUninitialize
CoResumeClassObjects
CoRegisterClassObject
CreateStreamOnHGlobal
CoTaskMemRealloc
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
OleInitialize

oleaut32

SysFreeString
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicturePath
VariantInit
VariantClear
SysStringByteLen
SysAllocStringLen
VarBstrCat
LoadTypeLi
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
VarUI4FromStr

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderPathA
DragQueryFileW
ShellExecuteA
ShellExecuteExA
DragQueryFileA
SHFileOperationW
SHChangeNotify
ShellExecuteW
ExtractIconExA
DragAcceptFiles
SHGetPathFromIDListW

shlwapi

StrRetToBufW
AssocQueryStringW
SHDeleteKeyA
SHDeleteValueA

user32

GetSystemMetrics
DrawIcon
DestroyIcon
EnableWindow
GetFocus
SetFocus
SendMessageA
GetWindowTextLengthA
MessageBeep
GetPropA
KillTimer
SetTimer
RemovePropA
SetPropA
GetSysColor
CreateAcceleratorTableA
CharNextA
RegisterClassExA
DestroyAcceleratorTable
IsChild
GetClassInfoExA
RegisterWindowMessageA
InvalidateRgn
GetParent
GetClientRect
InvalidateRect
DestroyWindow
FindWindowA
EnumWindows
GetClassNameA
GetWindowLongA
LoadIconA
SetWindowPos
LoadImageA
GetDlgItem
EndDialog
IsIconic
ShowWindow
SetForegroundWindow
EnableMenuItem
CheckMenuItem
DestroyMenu
ClientToScreen
GetDesktopWindow
GetDC
GetForegroundWindow
ReleaseDC
GetWindowPlacement
AdjustWindowRect
SetWindowLongA
PostMessageA
GetKeyState
SetParent
EnumChildWindows
MoveWindow
CallWindowProcA
AdjustWindowRectEx
UpdateWindow
GetClassLongA
GetScrollBarInfo
IsWindowEnabled
CreateDialogIndirectParamA
GetWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamW
SetClipboardData
EmptyClipboard
SystemParametersInfoA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
GetWindowRect
IsWindow
PeekMessageA
GetCursorPos
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
GetAsyncKeyState
SetActiveWindow
LoadCursorA
SetCursor
DrawTextW
GetCursor
ShowCursor
UnhookWindowsHookEx
CallNextHookEx
FlashWindowEx
SetWindowsHookExA
EnumThreadWindows
IsWindowVisible
CreateWindowExA
SetWindowLongW
RegisterClassA
GetWindowLongW
CallWindowProcW
UnregisterClassA
GetMenuItemInfoA
RegisterClassW
UnregisterClassW
SetMenuItemInfoA
GetClassInfoA
SetClassLongA
SetClassLongW
SetWindowTextW
SetWindowTextA
InsertMenuItemA
DialogBoxParamW
SendMessageW
AppendMenuA
DialogBoxParamA
SetDlgItemTextW
DefWindowProcW
MessageBoxA
LoadStringA
CreateDialogParamW
SetDlgItemTextA
DefWindowProcA
CreateWindowExW
CreateDialogParamA
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
SetMenu
ReleaseCapture
GetActiveWindow
PostQuitMessage
BeginPaint
EndPaint
SetCapture
FillRect
GetTopWindow
GetMenu
ScreenToClient
RedrawWindow
FindWindowExA
SetMenuInfo
TrackPopupMenu
CreatePopupMenu
OpenClipboard
CloseClipboard

wininet

InternetGetConnectedState
InternetGetConnectedStateEx
InternetGoOnline
InternetSetOptionA
InternetSetStatusCallback
InternetCloseHandle
HttpSendRequestExA
HttpAddRequestHeadersA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetQueryOptionA
InternetErrorDlg
InternetCrackUrlA
DeleteUrlCacheEntry
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

advapi32

CryptReleaseContext
RegQueryInfoKeyA
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
CryptAcquireContextA
CryptGenRandom
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyA
RegDeleteValueA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
RegCloseKey

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetA
CreatePropertySheetPageA
ord6
PropertySheetW

comdlg32

GetSaveFileNameA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA

mscms

GetColorDirectoryA

urlmon

URLDownloadToFileA
URLDownloadToFileW
CoInternetGetSession
FindMimeFromData

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

ws2_32

ntohl
gethostbyname
htons
ntohs
htonl

Exports

Exports

JSON_parser_char
JSON_parser_done
JSON_parser_is_legal_white_space_string
delete_JSON_parser
init_JSON_config
new_JSON_parser

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 492KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77682fd488b19d0cfcf7d338cd0aa4ee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:33:f2:87:09:e2:63:de:83:af:fd:88:3e:39:b9:12Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

wininet

advapi32

comctl32

comdlg32

mscms

urlmon

version

wintrust

ws2_32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 492KB - Virtual size: 490KB

.data Size: 96KB - Virtual size: 415KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:33:f2:87:09:e2:63:de:83:af:fd:88:3e:39:b9:12
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 492KB - Virtual size: 490KB

.data
Size: 96KB - Virtual size: 415KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB