918d2d61d5cb432a3233fd66578a6480_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

918d2d61d5cb432a3233fd66578a6480_NeikiAnalytics
Size

529KB
MD5

918d2d61d5cb432a3233fd66578a6480
SHA1

2feb456babd5969b60e87b8c385e6ad3aa60b546
SHA256

e12a36a435859ea6af46454219801a95a93782ae3074388b71d58f50e566fc50
SHA512

7aaafdb9739788ac6d14d209072209b8772703de19691cf019d7424c16d0d9d3ec65f09fb899087f1ebd327b9c02ae0e91f37d33e178664729efcacd1eb0b09a
SSDEEP

3072:CEDUL+DVnRj9ywoIXfdfRJdMXtv43+THkqor5iqae4nc0/OM2Ckk:tnDVLywoKf3JWSYtHnchFCk

Score

1^/10

Malware Config

Signatures

Files

918d2d61d5cb432a3233fd66578a6480_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

a761b10f70faa3898a9b1572512d5d4b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:e0:76:08:76:04:58:d5:bd:ae:fc:be:9f:d3:b6:99
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/05/2008, 00:00

Not After

21/07/2011, 23:59

Subject

CN=Capital Intellect Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Winferno Software,O=Capital Intellect Inc,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:8c:99:55:34:05:14:b0:8a:71:6f:95:d8:1e:54:bf:4e:07:7b:9b
Signer

Actual PE Digest

cc:8c:99:55:34:05:14:b0:8a:71:6f:95:d8:1e:54:bf:4e:07:7b:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA

gdi32

CreateRoundRectRgn

oleaut32

SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime

ole32

CLSIDFromString
CoTaskMemFree

kernel32

GlobalUnlock
FreeResource
GetDateFormatA
GetTempPathA
RtlMoveMemory
LoadResource
LoadLibraryExA
FormatMessageA
FindResourceExA
FreeLibrary
GetVersion
LockResource
CloseHandle
GetVersionExA
ExpandEnvironmentStringsA
GetTimeFormatA
GetEnvironmentVariableA
CreateFileA

shell32

ShellExecuteA

user32

LoadImageA
GetWindowLongA
SetWindowLongA
SystemParametersInfoA

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaHresultCheck
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
__vbaVarTextTstLt
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaBoolErrVar
ord553
__vbaRecDestruct
__vbaStrDate
__vbaSetSystemError
ord662
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaForEachCollObj
__vbaExitProc
__vbaI4Abs
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord705
__vbaBoolVar
__vbaStrTextCmp
_CIsin
ord709
ord631
__vbaVargVarMove
__vbaNextEachCollObj
ord525
__vbaVarTextCmpLe
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarAbs
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaGet4
__vbaDateR8
ord561
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
_adj_fpatan
__vbaVarTextCmpLt
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaVarSetUnk
__vbaNew
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
ord605
__vbaPrintFile
__vbaStrToUnicode
ord712
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaVarDiv
__vbaI2Str
__vbaFailedFriend
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord536
ord644
ord537
ord645
ord538
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
ord570
ord648
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
ord616
ord617
__vbaLateMemCallLd
__vbaRecDestructAnsi
_CIatan
__vbaAryCopy
__vbaUI1Str
ord618
__vbaStrMove
__vbaCastObj
ord542
ord650
ord543
_allmul
ord544
ord545
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a761b10f70faa3898a9b1572512d5d4b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1a:e0:76:08:76:04:58:d5:bd:ae:fc:be:9f:d3:b6:99Certificate

Extended Key Usages

Key Usages

cc:8c:99:55:34:05:14:b0:8a:71:6f:95:d8:1e:54:bf:4e:07:7b:9bSigner

Headers

File Characteristics

Imports

advapi32

gdi32

oleaut32

ole32

kernel32

shell32

user32

msvbvm60

Sections

.text Size: 152KB - Virtual size: 151KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 336KB - Virtual size: 333KB

.reloc Size: 28KB - Virtual size: 24KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1a:e0:76:08:76:04:58:d5:bd:ae:fc:be:9f:d3:b6:99
Certificate

cc:8c:99:55:34:05:14:b0:8a:71:6f:95:d8:1e:54:bf:4e:07:7b:9b
Signer

.text
Size: 152KB - Virtual size: 151KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 336KB - Virtual size: 333KB

.reloc
Size: 28KB - Virtual size: 24KB