b0067679a079b26ae355c78a60051ce0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

b0067679a079b26ae355c78a60051ce0_NeikiAnalytics
Size

2.9MB
MD5

b0067679a079b26ae355c78a60051ce0
SHA1

34820874dd0243515659d9838e5005c23a096ed1
SHA256

40eed855885fdb44b963dadda66dfc951b0be7e615a652fa8b421a31e8dd71f0
SHA512

70e3ee12c3b979835f9dd4b80b4189c4971eac808d109a95d027f5647408fb321babd2ccdf093372d0b3f1a2eb26d8f980ac6a5ab4a28f98a9bf15ec82d0cee4
SSDEEP

24576:rLT0aQYsbradt2kRqeBB/+Qj+l4wW8YDXm5LWZMkY8Avrb2vcO4z1Pq3eAvIH:z0bYsgqCX8W/ATyvcO4z1Pq3eAQH

Score

1^/10

Malware Config

Signatures

Files

b0067679a079b26ae355c78a60051ce0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

27c848e1bcc5c3a4db396ad2b469129a

Code Sign

a8:c1:f9:41:4c:1f:f9:08:b4:b8:db:a0:37:ab:5c:7d
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/01/2018, 00:00

Not After

09/07/2018, 23:59

Subject

CN=LTD PRIVET,O=LTD PRIVET,POSTALCODE=390013,STREET=26 ul. Vokzalnaya,L=Ryazan,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupGetFileCompressionInfoA
SetupGetBinaryField
SetupDecompressOrCopyFileW
SetupGetFileCompressionInfoW

wininet

HttpAddRequestHeadersW
InternetOpenW
InternetErrorDlg
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestExA

kernel32

ExpandEnvironmentStringsA
GetDateFormatA
GetConsoleCP
GetShortPathNameA
GetExitCodeThread
GetProcAddress
GetLastError
GetModuleHandleW
lstrcatA
lstrcpyA
IsBadReadPtr
VirtualAlloc
HeapAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
SetEndOfFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
lstrcmpiA
DuplicateHandle
IsValidCodePage
RemoveDirectoryA
GlobalLock
GlobalFlags
GetTimeZoneInformation
FindFirstFileA
GetStringTypeW
FindClose
RaiseException
GlobalUnlock
InterlockedExchange
GetTimeFormatA
FlushFileBuffers
GetDriveTypeW
GetFileAttributesA
FindNextFileA
UnlockFile
SetCurrentDirectoryA
QueryPerformanceCounter
CreateFileMappingA
GetSystemTimeAsFileTime
GetACP
GetCurrentThreadId
GetTickCount
GetVersionExA
CloseHandle
HeapReAlloc
SetStdHandle
GetCPInfo
GetOEMCP
LoadLibraryA
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
HeapDestroy

user32

EndPaint
CallWindowProcA
DrawTextA
SetClassLongW
IsWindowVisible
BeginPaint
CloseClipboard
LoadBitmapA
InvalidateRect
GetSystemMenu
CreatePopupMenu
GetWindowLongA
EmptyClipboard
EndDialog
GetMessagePos
GetSysColor
GetSystemMetrics
SetCursor
wsprintfW
EnableMenuItem
LoadCursorA

gdi32

SetWindowExtEx
GetMapMode
GetBkColor
TextOutW
RestoreDC
SaveDC
CreateFontIndirectW
GetDIBits
CreateFontIndirectA
PtVisible
ExtSelectClipRgn
DeleteDC
ExtTextOutW
EnumFontsA
ScaleViewportExtEx
SetMapMode
GetWindowExtEx
SetViewportExtEx
GetClipBox
DeleteObject
SetTextColor
SetBkMode
GetDeviceCaps
GetStockObject
GetViewportExtEx
SelectObject

rpcrt4

NdrComplexArrayBufferSize
NdrClientInitializeNew
NdrClientCall2

advapi32

RegDeleteValueW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
FreeSid
RegSetValueExW
AllocateAndInitializeSid
RegEnumKeyW
RegOpenKeyW

shell32

ShellExecuteA
Shell_NotifyIconW
SHGetFileInfoA

oleaut32

SafeArrayPutElement
VarAdd
VarDecRound

shlwapi

PathAddBackslashW
PathAddBackslashA

Sections

.text
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27c848e1bcc5c3a4db396ad2b469129a

Code Sign

a8:c1:f9:41:4c:1f:f9:08:b4:b8:db:a0:37:ab:5c:7dCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

setupapi

wininet

kernel32

user32

gdi32

rpcrt4

advapi32

shell32

oleaut32

shlwapi

Sections

.text Size: 575KB - Virtual size: 574KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 374KB

.tls Size: 512B - Virtual size: 164B

.rsrc Size: 2.3MB - Virtual size: 2.3MB

a8:c1:f9:41:4c:1f:f9:08:b4:b8:db:a0:37:ab:5c:7d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 575KB - Virtual size: 574KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 374KB

.tls
Size: 512B - Virtual size: 164B

.rsrc
Size: 2.3MB - Virtual size: 2.3MB