43d514eadea0ad4aec41a02b187bd8f0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

43d514eadea0ad4aec41a02b187bd8f0_NeikiAnalytics
Size

3.3MB
MD5

43d514eadea0ad4aec41a02b187bd8f0
SHA1

80a6cb2103dd751ccc2b36686db5720b30129a41
SHA256

26b9823ef28d556ac00c5b92d0e4b3ab12ab8b0a82d0d483d070d7de381d3883
SHA512

652522da4f38b0c7f6c8089d376d4ea95feea3d85f8143e32577187e6b915f82072bfad79762dd33ae70f6588307252cedf139c00938c3962956c4c8db28b8a3
SSDEEP

49152:XHsPA6HUDwVriL6w7k9dCrZAuvfS20EPLab1Zf4hR6b1qlQbesG2++QSz6Imd4Ig:mAU6OWpQbNGwzg8IBBy

Score

1^/10

Malware Config

Signatures

Files

43d514eadea0ad4aec41a02b187bd8f0_NeikiAnalytics
.exe windows:5 windows x64 arch:x64

445cf3e2562ec739c9d290f1d9d97584

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/09/2015, 00:00

Not After

07/11/2018, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:9d:a9:d4:ee:2a:70:fb:cb:49:c0:70:4d:44:49:1a:6f:42:b0:18
Signer

Actual PE Digest

4e:9d:a9:d4:ee:2a:70:fb:cb:49:c0:70:4d:44:49:1a:6f:42:b0:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

raabout.pdb

Imports

ws2_32

ntohs
getsockname
getservbyname
WSASetLastError
WSAStartup
ntohl
socket
getservbyport
gethostname
gethostbyname
gethostbyaddr
getpeername
setsockopt
send
recv
inet_ntoa
inet_addr
htons
WSACleanup
closesocket
WSAGetLastError
ioctlsocket
connect
htonl

kernel32

GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
GetThreadLocale
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetFullPathNameW
GetUserDefaultLCID
GetCurrentDirectoryW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetPrivateProfileIntW
GetWindowsDirectoryW
GetFileAttributesExW
GetFileSizeEx
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetCPInfo
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
GetSystemInfo
VirtualAlloc
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
GetStringTypeW
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableA
lstrcmpA
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
EncodePointer
CopyFileW
FormatMessageW
MulDiv
GlobalSize
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
FreeResource
OutputDebugStringA
GetFileTime
SetEndOfFile
FlushFileBuffers
GlobalFlags
ExitProcess
GetModuleHandleA
SetErrorMode
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
ResumeThread
GetExitCodeThread
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
GetTimeZoneInformation
WideCharToMultiByte
GetUserDefaultLangID
GetSystemDefaultLangID
LoadLibraryA
CreateFileW
GetTempFileNameW
GetTempPathW
GetVersionExA
DeleteFileA
GetFileAttributesA
CreateFileA
CreateDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetEnvironmentVariableA
GetTickCount
GetLocalTime
SetFilePointer
WriteFile
SuspendThread
GetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
lstrcpynW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
VirtualQuery
FindFirstFileW
FindClose
GetProcAddress
FreeLibrary
DeleteFileW
CreateEventW
ResetEvent
MultiByteToWideChar
GetVersionExW
GetComputerNameW
GetFileAttributesW
FindResourceW
GetCommandLineW
CreateProcessW
GetModuleHandleW
CreateMutexW
lstrcpyW
SizeofResource
LoadResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersion
LockResource
ReadFile
GetFileSize
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
SetEvent
SetLastError
LocalFree
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentThreadId
GetCurrentThread
RaiseException
GetCurrentProcessId
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
IsWow64Process
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryW
GetCurrentProcess
VirtualProtect
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceExW

user32

CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetWindowRgn
GetIconInfo
DrawFocusRect
WindowFromPoint
MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatW
SetParent
GetSystemMenu
UnionRect
GetMenuDefaultItem
SetWindowContextHelpId
CharNextW
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharUpperW
DeleteMenu
ReuseDDElParam
UnpackDDElParam
DestroyIcon
IntersectRect
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
CopyImage
GetSysColorBrush
RealChildWindowFromPoint
InflateRect
GetMenuItemInfoW
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
ReleaseDC
GetDC
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
MapDialogRect
GetAsyncKeyState
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageW
IsRectEmpty
FillRect
ClientToScreen
GetCursorPos
SetWindowRgn
DrawIcon
ReleaseCapture
SetCapture
InvalidateRect
IsIconic
IsDialogMessageW
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
ModifyMenuW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetSystemMetrics
CharNextExA
LoadCursorW
SetCursor
ScreenToClient
SetMenuDefaultItem
LoadMenuW
SetRectEmpty
MsgWaitForMultipleObjects
EnumChildWindows
GetWindowTextW
SetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetDlgItem
GetDlgItemTextW
SetWindowTextW
CopyIcon
GetDoubleClickTime
SetClassLongPtrW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
IsZoomed
GetComboBoxInfo
LoadImageW
OffsetRect
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
DrawFrameControl
DrawEdge
DrawStateW
EnumDisplayMonitors
SetLayeredWindowAttributes
SystemParametersInfoW
LoadIconW
GetParent
MessageBoxW
GetWindowRect
GetClientRect
SetForegroundWindow
EnableWindow
KillTimer
SetTimer
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
PostMessageW
SendMessageW
RegisterWindowMessageW
UnregisterClassW
PostThreadMessageW
LockWindowUpdate
NotifyWinEvent
InvertRect
HideCaret
SetWindowLongW
EnableScrollBar
GetClassNameW
DrawIconEx

gdi32

CreateHatchBrush
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextMetricsW
CreateCompatibleBitmap
EnumFontFamiliesExW
GetRgnBox
GetBkColor
GetTextColor
CombineRgn
GetMapMode
SetRectRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
Rectangle
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PatBlt
CreateRectRgnIndirect
LPtoDP
DPtoLP
CreateDIBSection
SelectObject
Ellipse
DeleteObject
DeleteDC
CreateEllipticRgn
CreateCompatibleDC
BitBlt
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
GetTextExtentPoint32W
CreateFontIndirectW
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
EnumFontFamiliesW
CreateFontW
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RevertToSelf
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
DragQueryFileW
SHGetFileInfoW
SHGetSpecialFolderLocation
DragFinish
SHAppBarMessage

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
AssocQueryStringW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetThemeColor
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
CoCreateGuid
OleLockRunning
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoInitialize
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleDuplicateData
ReleaseStgMedium
OleCreateMenuDescriptor
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromString
CoDisconnectObject
CoInitializeEx
OleDraw
CreateStreamOnHGlobal

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

oledlg

OleUIBusyW

version

GetFileVersionInfoA
VerQueryValueA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

445cf3e2562ec739c9d290f1d9d97584

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4e:9d:a9:d4:ee:2a:70:fb:cb:49:c0:70:4d:44:49:1a:6f:42:b0:18Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

version

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 814KB - Virtual size: 813KB

.data Size: 46KB - Virtual size: 135KB

.pdata Size: 106KB - Virtual size: 105KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 69KB - Virtual size: 68KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:9d:a9:d4:ee:2a:70:fb:cb:49:c0:70:4d:44:49:1a:6f:42:b0:18
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 814KB - Virtual size: 813KB

.data
Size: 46KB - Virtual size: 135KB

.pdata
Size: 106KB - Virtual size: 105KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 69KB - Virtual size: 68KB