8f75d1cc00ff05df0abbf27b4bc467d0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

8f75d1cc00ff05df0abbf27b4bc467d0_NeikiAnalytics
Size

231KB
MD5

8f75d1cc00ff05df0abbf27b4bc467d0
SHA1

66e692d4ecb46abd6d2f51cc656ddf87e269a8ed
SHA256

7326a936b1fd70c4a1412bf1827723dbabeb275e56fb98035844d0b211c5352b
SHA512

f003e99024db1464d4e4bbc2a832bba284fd54b36a8acb627c058ab6af0ffa56f486278e6b687d4b20758ab8b0571164a8c8b531806d839f073bcd355ced198e
SSDEEP

6144:x0CshD7CcAxBKfylXLeXGIpbmIIGSWcBGR/Dlv:eLhPCdBaIXLYGimPGSfB4pv

Score

1^/10

Malware Config

Signatures

Files

8f75d1cc00ff05df0abbf27b4bc467d0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

e4d8c3a1a334a5b30c07d0ae1540afcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/04/2010, 00:00

Not After

09/04/2011, 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87
Signer

Actual PE Digest

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
RemoveDirectoryW
DosDateTimeToFileTime
GetEnvironmentStringsW
LoadLibraryA
FileTimeToLocalFileTime
lstrlenA
GlobalDeleteAtom
DeleteAtom
GetSystemDirectoryW
SetLastError
GetTimeFormatW
OpenWaitableTimerW
FlushFileBuffers
GetFullPathNameA
GetMailslotInfo
CreateThread
DuplicateHandle
FindResourceA
GetSystemInfo
GetProcAddress
GetCPInfo
IsBadReadPtr
InitializeCriticalSection
SetComputerNameA
GetAtomNameW

user32

AppendMenuW
MonitorFromPoint
DeleteMenu
MessageBoxIndirectW
DialogBoxParamW
SendDlgItemMessageA
GetClassNameW
GetMenuItemCount
WinHelpA
GetActiveWindow
CopyRect
RegisterClassExW
CreateCaret
MonitorFromWindow
PeekMessageW
CheckMenuItem
SendMessageA
ActivateKeyboardLayout
DrawIcon
CheckDlgButton
CallWindowProcW
GetTopWindow
ReleaseDC
CreateDialogIndirectParamA
GetKeyboardLayout
CharPrevW
GetClassInfoExA
LoadImageW
GetWindowRgn
CharPrevA
GetMenu
SetActiveWindow
UpdateLayeredWindow
GetSysColorBrush
SendDlgItemMessageW
SendMessageW
keybd_event
EnableMenuItem
EnumWindows
SetWindowPos
ClientToScreen
CharUpperW
IsWindow
wsprintfW
InvalidateRgn
SetDlgItemTextW
RegisterClassA
GetClassInfoW
LoadMenuIndirectW

gdi32

GetPixelFormat
SetICMMode
CreateDCW
GetObjectA
EnumFontsA
GetEnhMetaFilePaletteEntries
CreateFontIndirectW
SetDIBColorTable
PolyPolygon
EnumFontsW
LPtoDP
GetPaletteEntries
CloseEnhMetaFile
SelectBrushLocal
EndPage
GetRegionData
Polyline
CheckColorsInGamut
Ellipse

advapi32

RegQueryInfoKeyW
RegReplaceKeyW
RegQueryValueA
RegQueryInfoKeyA
RegOpenKeyA
RegRestoreKeyW
RegCloseKey
RegOpenKeyW

shlwapi

StrChrIA
PathCommonPrefixA
PathFindFileNameW
StrRetToBufA
UrlApplySchemeA
SHQueryValueExW
SHDeleteEmptyKeyA
SHRegQueryInfoUSKeyW
PathUnExpandEnvStringsA

urlmon

IsLoggingEnabledA
GetSoftwareUpdateInfo
RegisterFormatEnumerator
ReleaseBindInfo
CoInternetCreateZoneManager
IsJITInProgress
HlinkNavigateString
URLDownloadA
RegisterBindStatusCallback
CoInstall
CreateURLMonikerEx
UrlMkBuildVersion
ObtainUserAgentString

wsock32

SetServiceA
WSAAsyncSelect
MigrateWinsockConfiguration
GetTypeByNameA
recvfrom
rresvport
TransmitFile
getpeername
socket
gethostbyname
WSAGetLastError
send
WSAUnhookBlockingHook
sendto

crypt32

CertFindRDNAttr
I_CryptRegisterSmartCardStore
CertAddEncodedCertificateToSystemStoreW
I_CryptFindSmartCardCertInStore
CertEnumCRLsInStore
I_CryptGetLruEntryIdentifier
I_CertProtectFunction
CryptGetDefaultOIDFunctionAddress
CertRDNValueToStrA
PFXVerifyPassword
I_CryptGetAsn1Decoder
CryptInstallOIDFunctionAddress

Sections

.I
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lEq
Size: 4KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ejkao
Size: 3KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jS
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RuWz
Size: 1KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TsV
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ng
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 174KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.S
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aVqhQ
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZTNeF
Size: 2KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d8c3a1a334a5b30c07d0ae1540afcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

urlmon

wsock32

crypt32

Sections

.I Size: 5KB - Virtual size: 5KB

.lEq Size: 4KB - Virtual size: 373KB

.ejkao Size: 3KB - Virtual size: 109KB

.jS Size: 13KB - Virtual size: 12KB

.RuWz Size: 1KB - Virtual size: 227KB

.TsV Size: 4KB - Virtual size: 21KB

.ng Size: 1KB - Virtual size: 416KB

.data Size: 174KB - Virtual size: 378KB

.S Size: 1024B - Virtual size: 3KB

.aVqhQ Size: 4KB - Virtual size: 3KB

.ZTNeF Size: 2KB - Virtual size: 296KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 894B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

9c:8b:ca:d4:4c:a8:53:86:25:4e:dc:0a:94:10:4d:e2:a2:9e:75:87
Signer

.I
Size: 5KB - Virtual size: 5KB

.lEq
Size: 4KB - Virtual size: 373KB

.ejkao
Size: 3KB - Virtual size: 109KB

.jS
Size: 13KB - Virtual size: 12KB

.RuWz
Size: 1KB - Virtual size: 227KB

.TsV
Size: 4KB - Virtual size: 21KB

.ng
Size: 1KB - Virtual size: 416KB

.data
Size: 174KB - Virtual size: 378KB

.S
Size: 1024B - Virtual size: 3KB

.aVqhQ
Size: 4KB - Virtual size: 3KB

.ZTNeF
Size: 2KB - Virtual size: 296KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 894B