37647785b9b66416bbd2408f54a71e70_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

37647785b9b66416bbd2408f54a71e70_NeikiAnalytics
Size

248KB
MD5

37647785b9b66416bbd2408f54a71e70
SHA1

dec535bb7d56680f3daf57f4477fa087864c2b85
SHA256

c2fc41b3e7085c7422589937bad79b6b9b4fc544600fb44fec7460833273fd58
SHA512

6a82aada7f2a0ba94466ff2082526d623bee4e5367a707a0ccab22d0e7baff2a1fa8e103c8b6f54e6a0c0ae341d61ae4fa308e406e1af75079e928695e620c1d
SSDEEP

3072:StHW8EOCxSPlgiTIF+9qzSrrRqLinWA6mju9yQFDeXuGgGGFCSzkHxZ52DJ3CM6T:St+xalgLTgrmIEZFQ1752RC1

Score

1^/10

Malware Config

Signatures

Files

37647785b9b66416bbd2408f54a71e70_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

f186b6a95c91ba9117535c9569ad2320

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:80:32:06:47:30:c0:30:37:44:bf:fd:0e:6f:3b:90
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

13/11/2003, 00:00

Not After

21/11/2004, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:ca:c4:21:26:1b:fa:01:00:7d:49:27:c9:9b:a2:f2:c5:8d:f2:aa
Signer

Actual PE Digest

11:ca:c4:21:26:1b:fa:01:00:7d:49:27:c9:9b:a2:f2:c5:8d:f2:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\cc\Common_Client_210\src\r2.1.0\bin\bin.ira\ccEvtMgr.pdb

Imports

kernel32

GetCurrentThread
GetCurrentThreadId
lstrcpyW
GetWindowsDirectoryA
GetSystemDirectoryA
SetFilePointer
CreateFileA
GetCurrentProcessId
CloseHandle
OutputDebugStringA
LoadLibraryA
GetSystemInfo
SetErrorMode
SetConsoleActiveScreenBuffer
CreateConsoleScreenBuffer
SetConsoleMode
SetConsoleWindowInfo
GetShortPathNameA
FindResourceA
LoadResource
SizeofResource
GetModuleFileNameA
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetFileAttributesA
Sleep
lstrcatA
LoadLibraryExA
FormatMessageA
LocalAlloc
TerminateProcess
GetCurrentProcess
SetProcessWorkingSetSize
lstrlenA
WriteConsoleA
lstrcpyA
FreeLibrary
GetProcAddress
InterlockedDecrement
WriteFile
InterlockedIncrement
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
GetCommandLineA
SetLastError
TerminateThread
ResumeThread
AllocConsole
GetConsoleMode
SetConsoleCtrlHandler
FreeConsole
GetNumberOfConsoleInputEvents
ReadConsoleInputA
GetStdHandle
SetConsoleTextAttribute
SetConsoleScreenBufferSize
GetModuleHandleA
SetStdHandle
FillConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
CreateEventA
OpenMutexA
CreateMutexA
CreateSemaphoreA
ResetEvent
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjectsEx
GetTickCount
SetEvent
LocalFree
GlobalAlloc
lstrcmpA
SetConsoleTitleA
GetConsoleTitleA
GlobalFree

user32

UnregisterClassA
CharNextA
CharUpperA
PostThreadMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
SetWindowLongA
CreateWindowExA
PostMessageA
MsgWaitForMultipleObjectsEx
PeekMessageA
LoadStringA
GetMessageA
PostQuitMessage
DefWindowProcA
GetClassInfoExA
GetWindowLongA
wsprintfA
RegisterClassExA

advapi32

RegOpenKeyA
ReportEventA
LookupAccountNameA
GetUserNameA
RegisterEventSourceA
SetSecurityDescriptorDacl
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
RegQueryValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetLengthSid
CopySid
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
DeregisterEventSource

ole32

CoInitializeEx
CoSuspendClassObjects
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
StringFromGUID2
CoInitializeSecurity
CoDisconnectObject
CoUninitialize

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayUnlock
SafeArrayLock
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayGetDim
SafeArrayGetElement
SafeArrayRedim
SafeArrayPutElement
VariantInit
VariantChangeType
VariantClear
SysFreeString
SafeArrayCreate

shlwapi

StrTrimA
PathFindExtensionA
PathAddBackslashA
SHDeleteKeyA
SHDeleteEmptyKeyA
PathRemoveBackslashA

msvcp70

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sync_with_stdio@ios_base@std@@SA_N_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Nomemory@std@@YAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

msvcr70

_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
memset
_splitpath
_XcptFilter
?_query_new_handler@@YAP6AHI@ZXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
realloc
??_V@YAXPAX@Z
free
malloc
_except_handler3
_mbsicmp
_vsnprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
sscanf
_beginthreadex
_snprintf
_endthreadex
_open_osfhandle
_fdopen
_iob
fclose
?_query_new_mode@@YAHXZ
_callnewh

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f186b6a95c91ba9117535c9569ad2320

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

76:80:32:06:47:30:c0:30:37:44:bf:fd:0e:6f:3b:90Certificate

Extended Key Usages

Key Usages

11:ca:c4:21:26:1b:fa:01:00:7d:49:27:c9:9b:a2:f2:c5:8d:f2:aaSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp70

msvcr70

version

Sections

.text Size: 152KB - Virtual size: 150KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 20KB - Virtual size: 19KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

76:80:32:06:47:30:c0:30:37:44:bf:fd:0e:6f:3b:90
Certificate

11:ca:c4:21:26:1b:fa:01:00:7d:49:27:c9:9b:a2:f2:c5:8d:f2:aa
Signer

.text
Size: 152KB - Virtual size: 150KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 19KB