26f4119a11fb05a3f0b648866d6328e0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

26f4119a11fb05a3f0b648866d6328e0_NeikiAnalytics
Size

334KB
MD5

26f4119a11fb05a3f0b648866d6328e0
SHA1

f056532b34d46edae8f2ee27a4c0cf6103755aa1
SHA256

2c48548060a060f48a9a44b09931163c70cec066f58844f719fff51a65addfcf
SHA512

2c2ea630c80e4a71f15bdec802258ffbb2af4480f760dc32838818986f14d3bcc99294259419af51c0890292e5c7e614effb15c8d7a288971d5b18eafe9d02c8
SSDEEP

6144:6lBalW9hhKQS5fJbcfZvhbUTpkcGpkcd0d8+7:KHIQ6JgfdvI1n7

Score

1^/10

Malware Config

Signatures

Files

26f4119a11fb05a3f0b648866d6328e0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

663673067059dec8f6b69ad0193c3717

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:12:d5:0c:84:8e:41:59:e6:96:56:20:be:a5:e3:80:1a:44:8d:c1
Signer

Actual PE Digest

a3:12:d5:0c:84:8e:41:59:e6:96:56:20:be:a5:e3:80:1a:44:8d:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

astu.pdb

Imports

ole32

CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantInit
SysStringByteLen
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

ws2_32

WSCEnumProtocols
WSAEnumNameSpaceProvidersW
WSACleanup
WSAStartup
inet_ntoa
inet_addr

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

shell32

ShellExecuteW

mapi32

ord140
ord23
ord17
ord11
ord21

wininet

InternetQueryOptionW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile
HttpQueryInfoW

kernel32

CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
LCMapStringW
RaiseException
FormatMessageW
LocalAlloc
LocalFree
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
CreateProcessW
OutputDebugStringW
TerminateProcess
WaitForSingleObject
Sleep
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
lstrlenW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
CompareStringW
lstrcpyW
GetVersionExW
CreateThread
MulDiv
TerminateThread
lstrcpynW
lstrcmpW
GlobalUnlock
GlobalLock
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
GlobalFree
GlobalHandle
LockResource
CreateMutexW
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
WriteFile
GetLocalTime
CreateFileW
GetTempPathW
GetTickCount
WideCharToMultiByte
DeleteFileW
CopyFileW
CreateDirectoryW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateEventW
lstrlenA
ReadFile
GetSystemDefaultLCID
DuplicateHandle
CreatePipe
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
ExitProcess
GetStartupInfoW
TlsGetValue
LCMapStringA
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetCPInfo
GetACP
GetOEMCP
GetStdHandle
GetModuleFileNameA
TlsAlloc

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW

gdi32

SetTextColor
GetObjectW
SelectObject
DeleteObject
DeleteDC
CreateFontIndirectW
GetStockObject
CreateSolidBrush
GetClipBox
PatBlt
CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
SetBkMode

user32

LoadImageW
MapDialogRect
EndDialog
GetDesktopWindow
SystemParametersInfoW
MapWindowPoints
GetSystemMetrics
MessageBoxW
GetWindow
EnableWindow
RedrawWindow
IsWindowVisible
ShowWindow
GetWindowRect
SetWindowContextHelpId
MoveWindow
GetClassNameW
LoadCursorW
SetCursor
OffsetRect
GetSysColor
GetFocus
GetCapture
ClientToScreen
InvalidateRgn
IsChild
DestroyAcceleratorTable
CreateAcceleratorTableW
GetActiveWindow
RegisterWindowMessageW
RegisterClassW
LoadIconW
MessageBoxIndirectW
LoadStringW
UnregisterClassA
GetWindowTextLengthW
GetDlgItem
SendMessageW
PostMessageW
FindWindowW
WaitForInputIdle
CharNextW
SetWindowLongW
GetWindowLongW
CharUpperW
RegisterClassExW
GetClassInfoExW
DialogBoxIndirectParamW
DefWindowProcW
SetRectEmpty
DestroyWindow
SetWindowTextW
GetWindowTextW
GetClientRect
ScreenToClient
UpdateWindow
InvalidateRect
IsWindowEnabled
SetCapture
SetFocus
GetParent
GetDlgCtrlID
IsWindow
SetWindowPos
CallWindowProcW
PtInRect
DrawFocusRect
DrawTextW
FillRect
CreateWindowExW
GetCursorPos
BeginPaint
EndPaint
GetDC
ReleaseDC
ReleaseCapture

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

663673067059dec8f6b69ad0193c3717

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

a3:12:d5:0c:84:8e:41:59:e6:96:56:20:be:a5:e3:80:1a:44:8d:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

oleaut32

setupapi

ws2_32

version

iphlpapi

shell32

mapi32

wininet

kernel32

advapi32

gdi32

user32

Sections

.text Size: 240KB - Virtual size: 238KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 72KB - Virtual size: 72KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

a3:12:d5:0c:84:8e:41:59:e6:96:56:20:be:a5:e3:80:1a:44:8d:c1
Signer

.text
Size: 240KB - Virtual size: 238KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 72KB - Virtual size: 72KB