13c2fe292eedfde5eb8fb630673c8e20_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

13c2fe292eedfde5eb8fb630673c8e20_NeikiAnalytics
Size

1.0MB
MD5

13c2fe292eedfde5eb8fb630673c8e20
SHA1

5a3f1db1c93ab40aa339040e160f9559fa1bc3b7
SHA256

cf0ff4ad8b67c2c6189d2da2bc2fb08902c226ddbbe296a8e3ef847b18013eab
SHA512

bc138e0a16b5ebad1a8016f64f6d736113d9a6fa0270182774639c3c513009dd5b128aee9b80fe480b60ad22141253fd0ce206c25febc6d7164f66e6925326e8
SSDEEP

12288:DBr0K6zHtUmtTExYFmWgAgRo/2a3VWBXAloBBEmq91SeK4XBrT:tXWg1W13wAl/SYxH

Score

1^/10

Malware Config

Signatures

Files

13c2fe292eedfde5eb8fb630673c8e20_NeikiAnalytics
.exe windows:6 windows x64 arch:x64

e7d37ffd77edb7075f1b1ad4258d9f93

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

Issuer

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

19/06/2014, 18:09

Not After

03/06/2017, 18:09

Subject

CN=Intel Corporation - pGFX,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:ff:88:00:01:00:00:00:10
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

08/02/2013, 22:21

Not After

08/02/2018, 22:31

Subject

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

01/02/2013, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:42:fe:af:2c:b3:5e:97:1b:f4:e3:96:48:e3:77:1b:2e:16:4d:a6
Signer

Actual PE Digest

00:42:fe:af:2c:b3:5e:97:1b:f4:e3:96:48:e3:77:1b:2e:16:4d:a6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

GetCommandLineW
DecodePointer
CloseHandle
SetLastError
SetEvent
WaitForSingleObject
CreateEventW
Sleep
GetCurrentProcess
CreateThread
GetCurrentThreadId
FlushInstructionCache
LockResource
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
MulDiv
lstrcmpW
GetSystemPowerStatus
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionEx
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetStartupInfoW
GetFileType
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
IsProcessorFeaturePresent
EncodePointer
HeapSize
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
SetUnhandledExceptionFilter
DeleteCriticalSection
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapFree
HeapAlloc
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FlushFileBuffers
CreateFileW
ReadFile
LocalFree
ReadConsoleW

user32

GetWindow
LoadCursorW
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostQuitMessage
ShowWindow
EndDialog
SendDlgItemMessageW
SetWindowContextHelpId
MapDialogRect
GetClassNameW
GetParent
GetDesktopWindow
UnregisterClassW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharUpperW
GetDlgItem
CreateDialogIndirectParamW
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostThreadMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
MessageBoxW
CharNextW
SetWindowLongPtrW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoInitialize
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CreateStreamOnHGlobal
OleRun
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetClassObject

oleaut32

OleCreateFontIndirect
UnRegisterTypeLi
RegisterTypeLi
VariantClear
VariantInit
SysAllocStringLen
GetRecordInfoFromGuids
SafeArrayGetVartype
SafeArrayCreateEx
SafeArrayGetDim
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SafeArrayDestroy
SafeArrayCopy
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim

gdi32

BitBlt
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreateCompatibleBitmap

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7d37ffd77edb7075f1b1ad4258d9f93

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35Certificate

Extended Key Usages

Key Usages

61:2c:ff:88:00:01:00:00:00:10Certificate

Key Usages

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88Certificate

Extended Key Usages

Key Usages

00:42:fe:af:2c:b3:5e:97:1b:f4:e3:96:48:e3:77:1b:2e:16:4d:a6Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

ole32

oleaut32

gdi32

Sections

.text Size: 415KB - Virtual size: 415KB

.rdata Size: 304KB - Virtual size: 303KB

.data Size: 60KB - Virtual size: 71KB

.pdata Size: 35KB - Virtual size: 35KB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 17KB - Virtual size: 16KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

61:2c:ff:88:00:01:00:00:00:10
Certificate

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

00:42:fe:af:2c:b3:5e:97:1b:f4:e3:96:48:e3:77:1b:2e:16:4d:a6
Signer

.text
Size: 415KB - Virtual size: 415KB

.rdata
Size: 304KB - Virtual size: 303KB

.data
Size: 60KB - Virtual size: 71KB

.pdata
Size: 35KB - Virtual size: 35KB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 17KB - Virtual size: 16KB