c7fc240b2856cbddd8c4f32d4e35c810_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

c7fc240b2856cbddd8c4f32d4e35c810_NeikiAnalytics
Size

1.2MB
MD5

c7fc240b2856cbddd8c4f32d4e35c810
SHA1

ad6303302992c5b6407ced897104d429dd3d9b10
SHA256

deaf59ff63427e18b1158accedb72ac6f96954401a73c8a4c9eb64edaba8a07e
SHA512

c349ef871ee96cf344755eb43a10015030d086a24c36ecc88f20fcf90c5abcd260be02f281d72a14571fede8fe0b660c6601df3a24ee4da2087ef54510a87776
SSDEEP

24576:bCmuzoNEIkc0FV/IvA+hJpHgbe18MVc/AKDbZOUWJrLaDenOKbrEH7R:bC9zoNEIkbFV/IvA+hJyq1FVc/FDbZOC

Score

1^/10

Malware Config

Signatures

Files

c7fc240b2856cbddd8c4f32d4e35c810_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

814d9e5c82b805568941908a38d8a5f5

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:6c:83:37:2a:36:32:cf:f4:01:b1:af:20:50:32:5f:a5:b7:ac:45
Signer

Actual PE Digest

2d:6c:83:37:2a:36:32:cf:f4:01:b1:af:20:50:32:5f:a5:b7:ac:45

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mfc90u.i386.pdb

Imports

kernel32

GetSystemTime
InterlockedIncrement
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyA
LoadLibraryExW
GetEnvironmentVariableW
FormatMessageA
GetEnvironmentVariableA
lstrcpyW
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetErrorMode
CompareStringA
InterlockedExchange
GetCurrentThread
EnumResourceLanguagesW
ConvertDefaultLocale
GetLocaleInfoW
SuspendThread
ResumeThread
SetThreadPriority
SetEvent
FindNextFileW
FormatMessageW
SearchPathW
GetTempPathW
LocalUnlock
LocalLock
GetTempFileNameW
GetDiskFreeSpaceW
GlobalFlags
RaiseException
FindResourceExW
GetModuleHandleA
VirtualProtect
LoadLibraryA
GetProfileIntW
MulDiv
GetCurrentProcessId
GetVersionExW
GetCurrentThreadId
GlobalAddAtomW
CompareStringW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
lstrcmpW
WaitForMultipleObjects
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
WaitForSingleObject
TlsSetValue
LocalReAlloc
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalHandle
TlsFree
InitializeCriticalSection
TlsAlloc
LocalFree
GetLastError
LocalAlloc
InterlockedDecrement
GetModuleHandleW
FreeLibrary
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
GetShortPathNameW
GetModuleFileNameW
GetStringTypeExW
GetThreadLocale
lstrcmpiW
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
GetProcAddress
LoadLibraryW
DeleteFileW
MoveFileW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
DuplicateHandle
lstrlenA
lstrcmpA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GlobalGetAtomNameW
GetAtomNameW
SetLastError
GetVersion
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent

msvcr90

_strlwr_s
_CxxThrowException
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_mbscspn
_vscprintf
_mbsinc
_mbsupr_s
_wcsrev
_mbsspn
_mbscoll
_wcsicoll
_mbsrchr
_mbschr
vsprintf_s
_ismbcspace
_mbsstr
_mbsicoll
_mbsrev
strlen
wcscoll
memmove
_mbsicmp
__CxxFrameHandler3
_mbslwr_s
_mbspbrk
_wcslwr_s
memcpy
strcpy_s
_itow_s
_ultow_s
_ltow_s
iswdigit
ceil
wcsncmp
_mbscmp
strnlen
_wcsupr_s
wcsstr
_wcsnicmp
__wargv
__argc
_beginthreadex
_endthreadex
_wfullpath
_wtol
_wcsdup
wcsspn
wcscspn
wcspbrk
_expand
_wtoi
_recalloc
wcsrchr
wcstod
wcstoul
wcstol
_resetstkoflw
_wcsicmp
_wmakepath_s
_wsplitpath_s
_vsnwprintf_s
_snwscanf_s
labs
abs
calloc
_msize
wcscat_s
wcschr
_snwprintf_s
_errno
wcscmp
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgetws
fputws
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
wcscpy_s
_vscwprintf
vswprintf_s
abort
free
malloc
memcmp
memset
wcsnlen
wcslen
memmove_s
memcpy_s
swprintf_s
wcsncpy_s
_purecall
iswspace

user32

GetKeyNameTextW
LoadBitmapW
DrawFocusRect
FillRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutW
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
SetWindowTextW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuW
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
SetWindowRgn
DrawIcon
GetTabbedTextExtentW
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassW
ShowOwnedPopups
InsertMenuW
RegisterClipboardFormatW
SendNotifyMessageW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
OemToCharBuffA
CharToOemBuffA
AppendMenuW
DeleteMenu
GetSystemMenu
IsRectEmpty
SetParent
IsZoomed
ReleaseDC
GetDC
SetRect
SetTimer
KillTimer
InflateRect
RedrawWindow
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DefFrameProcW
TranslateMessage
GetMessageW
ClientToScreen
WindowFromPoint
SetCapture
WaitMessage
GetCursorPos
LoadCursorW
MapVirtualKeyW
BringWindowToTop
InsertMenuItemW
CreatePopupMenu
InvalidateRect
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuW
GetActiveWindow
GetWindowThreadProcessId
ShowWindow
IsWindowEnabled
GetDesktopWindow
SetCursor
ReleaseCapture
TranslateAcceleratorW
LoadAcceleratorsW
SetRectEmpty
EnableWindow
LoadIconW
PostMessageW
UpdateWindow
SendDlgItemMessageA
SendDlgItemMessageW
MapWindowPoints
GetSysColor
DispatchMessageW
PeekMessageW
PtInRect
SetFocus
SetActiveWindow
GetFocus
AdjustWindowRectEx
DeferWindowPos
EqualRect
ScreenToClient
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
ScrollWindow
IsWindowVisible
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxW
IsChild
GetParent
GetCapture
WinHelpW
RegisterClassW
GetClassInfoW
GetSubMenu
GetMenuItemCount
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextW
GetWindowTextLengthW
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExW
SetWindowsHookExW
SetPropW
GetClassNameW
GetClassInfoExW
GetClassLongW
CallNextHookEx
RemovePropW
CallWindowProcW
GetPropW
DefWindowProcW
SetMenu
GetMenu
GetMessagePos
GetMessageTime
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
SendMessageW
IsWindow
GetWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
UnionRect
GrayStringW
DrawTextExW
DrawTextW
GetTabbedTextExtentA
GetDCEx
GetMenuBarInfo
LockWindowUpdate
RegisterWindowMessageW
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetSystemMetrics
CharUpperW
GetMenuItemID

gdi32

GetClipBox
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileW
CopyMetaFileW
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocW
EnumFontFamiliesExW
CreateDCW
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutW
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutW
MoveToEx
GetCurrentPositionEx
GetTextExtentPoint32A
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectW
GetTextFaceW
GetTextColor
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
GetCharWidthW
CreateFontW
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectW

shlwapi

UrlUnescapeW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

Sections

.text
Size: 986KB - Virtual size: 986KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

814d9e5c82b805568941908a38d8a5f5

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

2d:6c:83:37:2a:36:32:cf:f4:01:b1:af:20:50:32:5f:a5:b7:ac:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

user32

gdi32

shlwapi

Sections

.text Size: 986KB - Virtual size: 986KB

.data Size: 18KB - Virtual size: 27KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 76KB - Virtual size: 76KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

2d:6c:83:37:2a:36:32:cf:f4:01:b1:af:20:50:32:5f:a5:b7:ac:45
Signer

.text
Size: 986KB - Virtual size: 986KB

.data
Size: 18KB - Virtual size: 27KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 76KB - Virtual size: 76KB