51cf61d97e2f7d102b6fdc6d9b9d2770_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

51cf61d97e2f7d102b6fdc6d9b9d2770_NeikiAnalytics
Size

1.5MB
MD5

51cf61d97e2f7d102b6fdc6d9b9d2770
SHA1

347cf12e307924c1f9dfd63c27dd910bbd114507
SHA256

aaf0f45544eead85b02fd4618fc219b02fc0626047644666aadc09992721997b
SHA512

b6471282d1241ace2388cb5109c0353c8aa7d3ffa64b319516821f7d45a02dccbbc58d4d6f68c0259b36efdf3a0408b5fb841e6c1425162c4970b37bf97907e9
SSDEEP

24576:EHiBfwdpmVSlTGILJWpgpxWXRMPIbu4VQPlpH4Z:8yfwdfSKJWprXRMPIi4qO

Score

1^/10

Malware Config

Signatures

Files

51cf61d97e2f7d102b6fdc6d9b9d2770_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

908bba5a2b67b6ec807e25393327d4ca

Code Sign

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/09/2017, 00:00

Not After

11/09/2018, 23:59

Subject

CN=RITA\, TOV,O=RITA\, TOV,POSTALCODE=61145,STREET=Bud. 11\, Kimnata 129\, vul. Kosmichna,L=Misto Kharkiv,ST=Kharkiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:44:7f:50:79:dc:47:36:fa:ad:e9:99:50:0d:cb:2b:74:09:50:b9
Signer

Actual PE Digest

03:44:7f:50:79:dc:47:36:fa:ad:e9:99:50:0d:cb:2b:74:09:50:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDeleteStringFormat
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipAlloc
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLines
GdipFillPolygon
GdipDrawImageRectI
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight

kernel32

SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
SetEndOfFile
WriteConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
SetFilePointerEx
WaitForSingleObject
InterlockedCompareExchange
SetEvent
GetModuleHandleW
LocalFlags
WriteFile
OpenProcess
Sleep
FormatMessageW
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
GetLastError
SetLastError
RegisterWaitForSingleObject
LocalAlloc
CreateFileMappingW
CreateEventW
WaitForMultipleObjects
lstrcmpiW
GetCurrentThreadId
DuplicateHandle
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
UnregisterWaitEx
LocalFree
MulDiv
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
ResetEvent
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InterlockedPushEntrySList
VerifyVersionInfoW
GetModuleFileNameW
MoveFileExW
GetThreadPriority
ReadFile
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetCommandLineW
MoveFileW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
GetStringTypeW
HeapSize
GetStdHandle
WideCharToMultiByte
GetProcAddress
GetModuleHandleExW
ExitProcess
GetProcessHeap
RtlUnwind
GetSystemTimeAsFileTime
TlsGetValue
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
EncodePointer
HeapAlloc
HeapFree
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
FreeLibrary
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
InterlockedFlushSList
QueryDepthSList
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
ExitThread
GetExitCodeProcess
InterlockedPopEntrySList
VirtualProtect
ReleaseSemaphore
InitializeSListHead
LoadLibraryW
GetTimeZoneInformation
VerSetConditionMask
SetEnvironmentVariableA

user32

GetDlgItem
ReleaseCapture
InvalidateRect
SetCapture
SetCursor
GetWindowTextW
PostQuitMessage
IsDlgButtonChecked
LoadCursorW
GetDlgCtrlID
PostMessageW
PtInRect
ScreenToClient
EndPaint
OffsetRect
FillRect
BeginPaint
UpdateWindow
MoveWindow
SendMessageW
SetWindowTextW
SetWindowPos
SetWindowLongW
AdjustWindowRect
SetRect
DrawTextW
CheckDlgButton
EnableWindow
GetMessageW
IsDialogMessageW
RegisterClassW
GetWindowLongW
GetDC
ReleaseDC
DestroyWindow
RemovePropW
RegisterWindowMessageW
TranslateMessage
ShowWindow
SendMessageTimeoutW
IsWindow
CreateWindowExW
IsWindowVisible
CallWindowProcW
DefWindowProcW
DispatchMessageW
GetSystemMetrics

gdi32

SetBkColor
GetObjectA
CreateFontW
CreateSolidBrush
SetTextColor
SetBkMode
SelectObject
GetDeviceCaps
DeleteObject

advapi32

ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

VarI4FromStr
VarUI8FromStr

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption

urlmon

ObtainUserAgentString

shlwapi

PathAppendW
StrCmpNW
StrCmpNA

Sections

.text
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908bba5a2b67b6ec807e25393327d4ca

Code Sign

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:deCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

03:44:7f:50:79:dc:47:36:fa:ad:e9:99:50:0d:cb:2b:74:09:50:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

urlmon

shlwapi

Sections

.text Size: 437KB - Virtual size: 436KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 24KB - Virtual size: 50KB

.rsrc Size: 993KB - Virtual size: 993KB

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

03:44:7f:50:79:dc:47:36:fa:ad:e9:99:50:0d:cb:2b:74:09:50:b9
Signer

.text
Size: 437KB - Virtual size: 436KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 24KB - Virtual size: 50KB

.rsrc
Size: 993KB - Virtual size: 993KB