11ab1c26e43a14ef868fa34123c52c10_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

11ab1c26e43a14ef868fa34123c52c10_NeikiAnalytics
Size

3.0MB
MD5

11ab1c26e43a14ef868fa34123c52c10
SHA1

dfb282e458aae97a28987c5a7a31e8de1f14935d
SHA256

6a179d7856a3ae4f1c5acfa747b217063ec4a5b7eb00b5cd26c5da5c0d9fdfbc
SHA512

b2e9ea67d3c1ac353ddc73d70adeefeb7bc27a41f9160ee944d159240290d74a29f7b434b29f6239c385fccb73eecd4413334f32a17e4b0dcf18926642bca0d9
SSDEEP

49152:6RpJ5C7+70s3Koc9icsYkGzbTWjRbf6qVKsPGmt5XtVwKFM:6XJ5q+70L9icFkGvTWjpDPGmtvtM

Score

1^/10

Malware Config

Signatures

Files

11ab1c26e43a14ef868fa34123c52c10_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

b519c6b2538323c93569a401154abdd6

Code Sign

8b:41:45:59:06:e0:e6:ac:69:73:a6:9f:5c:22:01:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/02/2019, 00:00

Not After

11/10/2019, 23:59

Subject

CN=FIFIZIZIZAZA\, - \,.LTD\,,O=FIFIZIZIZAZA\, - \,.LTD\,,POSTALCODE=E17 6SH\,,STREET=Waltham Forest\, Business\, / Centre 5 - Blackhorse Lane\, Suite 22,L=LONDON,ST=LONDON,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
ImageList_LoadImageW
ord17
ImageList_Draw
ImageList_Add
PropertySheetW

kernel32

WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
DuplicateHandle
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCPInfo
GetModuleHandleA
VirtualProtect
SetFileAttributesA
SearchPathA
TerminateThread
SetEndOfFile
CopyFileA
GetBinaryTypeW
OpenProcess
GetDiskFreeSpaceA
GlobalFlags
GetStringTypeW
RemoveDirectoryA
CreateMutexW
GetVersion
GetACP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetModuleFileNameA
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
SetConsoleMode
LoadLibraryA
FreeLibrary
IsBadReadPtr
GetModuleHandleW
GetLastError
RaiseException
LeaveCriticalSection
GetExitCodeProcess
GetShortPathNameA
ResetEvent
MulDiv
GetSystemDirectoryW
FindResourceA
GetFileAttributesA
ResumeThread
GetTimeZoneInformation
CreateDirectoryA
GetStartupInfoA
GetTempPathA
DeleteFileA
GetProcAddress
ExitProcess
GetCurrentProcessId
lstrcmpiA
CloseHandle
GetVersionExA

user32

SendMessageA
MessageBoxA
GetClientRect
DrawTextA
SendMessageW
DispatchMessageW
GetSystemMenu
SetWindowLongW
DefWindowProcW
GetWindowLongA
ClientToScreen
RegisterClassExW
IsWindowVisible
CreatePopupMenu
GetSubMenu
SetWindowPos
CharNextW
CloseClipboard
OpenClipboard
EmptyClipboard
ReleaseDC
TrackPopupMenu
EnableMenuItem
GetWindowLongW
SetClassLongW
SetFocus
DestroyMenu
CharLowerBuffW
LoadMenuW
LoadStringW
AppendMenuW
CheckDlgButton
TranslateMessage
GetParent
LoadAcceleratorsW
TranslateAcceleratorW
GetClassInfoExW
IsWindowEnabled
InvalidateRect
SetCursor
DefWindowProcA
GetSysColor
EndPaint
BeginPaint
LoadBitmapA
GetClassNameW
DestroyWindow

gdi32

GetRgnBox
GetDeviceCaps
ScaleViewportExtEx
DeleteDC
SetViewportExtEx
CreateFontIndirectW
SelectObject
SaveDC
GetMapMode
SetTextColor
SetMapMode
DeleteObject
OffsetViewportOrgEx
RectVisible
GetDIBits
ExtTextOutW
TextOutW
GetClipBox
ScaleWindowExtEx
EnumFontsA
SetViewportOrgEx
GetBkColor
CreateBitmap
PtVisible
CreateBrushIndirect
CreateFontIndirectA
GetTextColor
CreateRectRgnIndirect
GetStockObject

advapi32

RegCreateKeyExA
AllocateLocallyUniqueId
RegEnumValueA
RegOpenKeyExW
EqualSid
RegCloseKey
LookupPrivilegeValueW
RegQueryValueW
RegDeleteValueA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
AllocateAndInitializeSid
LookupPrivilegeNameW
InitializeSid
IsValidSid
RegCreateKeyExW
RegSetValueExA
RegDeleteKeyA
RegOpenKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExA
OpenEventLogW
LookupAccountNameA
RegEnumKeyA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b519c6b2538323c93569a401154abdd6

Code Sign

8b:41:45:59:06:e0:e6:ac:69:73:a6:9f:5c:22:01:38Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 10KB - Virtual size: 177KB

.rsrc Size: 976KB - Virtual size: 976KB

8b:41:45:59:06:e0:e6:ac:69:73:a6:9f:5c:22:01:38
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 10KB - Virtual size: 177KB

.rsrc
Size: 976KB - Virtual size: 976KB