17d8796e49ade0837e1c3f5c331ff830_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

17d8796e49ade0837e1c3f5c331ff830_NeikiAnalytics
Size

2.9MB
MD5

17d8796e49ade0837e1c3f5c331ff830
SHA1

7ebb61ec1869c7be29bbe3ffb4a0bd3c2a1cf85f
SHA256

f6a6094c70456e53c4cbb6eda1eef87f2843edb2e54f7836fb3da3f446d5b4ab
SHA512

3403711aad97b82d60b989451805071b25293bc71bcc0ff8e280326d03b35632eb35c99e16d86f0afcb3146a6c79afbe230a15b56a8aedaa548671760da96684
SSDEEP

49152:1KWQw0c+FX0RNcb7CWS95beuQcGXmF08+PGmt5XtVwKF9:1KWQTc+FXKcM5XGWFgPGmtvt9

Score

1^/10

Malware Config

Signatures

Files

17d8796e49ade0837e1c3f5c331ff830_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

447fcfa8796c35f21dd48ea62ee4b7ae

Code Sign

b9:e0:db:2c:4f:b8:75:a2:a3:fb:7f:1c:09:47:c4:81
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/02/2019, 00:00

Not After

07/08/2019, 23:59

Subject

CN=MIR\, CORPORATION. - LTD,O=MIR\, CORPORATION. - LTD,POSTALCODE=W1B 5DF,STREET=Venture House 4th Floor 27/29 Glasshouse Street,L=LONDON,ST=LONDON\,,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
ord17
PropertySheetW
ImageList_GetIconSize
ImageList_Add
ImageList_Draw
ImageList_AddMasked
ImageList_LoadImageW
ImageList_Create

setupapi

SetupGetFileCompressionInfoW
SetupGetBinaryField
SetupDecompressOrCopyFileW
SetupGetFileCompressionInfoA

wininet

HttpAddRequestHeadersW
InternetOpenW
HttpSendRequestExA
InternetErrorDlg
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

kernel32

SetConsoleMode
LoadLibraryW
HeapFree
VirtualFree
HeapCreate
HeapDestroy
FreeLibrary
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
IsBadReadPtr
GetModuleHandleW
GetLastError
TerminateThread
OpenProcess
GetFileAttributesA
GetTimeZoneInformation
VirtualProtect
SetFileAttributesA
SearchPathA
SetEndOfFile
ResumeThread
CopyFileA
GetBinaryTypeW
GetDiskFreeSpaceA
CreateDirectoryA
GetTempPathA
DuplicateHandle
ResetEvent
GetStringTypeW
RaiseException
GetShortPathNameA
LeaveCriticalSection
GetExitCodeProcess
GlobalFlags
RemoveDirectoryA
CreateMutexW
MulDiv
FindResourceA
GetVersion
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetCurrentThreadId
GetModuleFileNameA
GetVersionExA
GetProcAddress
lstrcmpiA
RtlUnwind
WriteFile
GetCPInfo
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetEnvironmentVariableA

user32

SetWindowPos
CharNextW
TrackPopupMenu
EnableMenuItem
SetFocus
DestroyMenu
IsWindowVisible
LoadMenuW
LoadStringW
GetClassInfoExW
IsWindowEnabled
SetCursor
DefWindowProcA
TranslateMessage
SetClassLongW
GetWindowLongW
TranslateAcceleratorW
LoadAcceleratorsW
AppendMenuW
MessageBoxW
GetSubMenu
SendMessageA
EndPaint
DispatchMessageW
GetSystemMenu
CloseClipboard
OpenClipboard
ReleaseDC
EmptyClipboard
SetWindowLongW
GetClientRect
SendMessageW
DefWindowProcW
DestroyWindow
BeginPaint
LoadBitmapA
GetClassNameW
RegisterClassExW
CreatePopupMenu
ClientToScreen
GetWindowLongA
GetSysColor
CheckDlgButton

gdi32

DeleteObject
SetMapMode
SetTextColor
GetMapMode
GetTextColor
CreateFontIndirectA
CreateBrushIndirect
SelectObject
CreateFontIndirectW
ScaleViewportExtEx
PtVisible
CreateBitmap
GetBkColor
SetViewportOrgEx
EnumFontsA
ScaleWindowExtEx
GetDIBits
RectVisible
OffsetViewportOrgEx
SaveDC
GetDeviceCaps
GetRgnBox
GetClipBox
SetViewportExtEx
DeleteDC
CreateRectRgnIndirect
TextOutW

advapi32

RegEnumKeyA
IsValidSid
InitializeSid
LookupPrivilegeDisplayNameW
RegQueryValueW
LookupPrivilegeValueW
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
AllocateLocallyUniqueId
RegSetValueExA
LookupPrivilegeNameA
EqualSid
RegCloseKey
RegOpenKeyW
LookupAccountNameA
OpenEventLogW
RegOpenKeyExA
RegOpenKeyExW
LookupPrivilegeNameW
RegQueryInfoKeyW
RegDeleteValueW
AllocateAndInitializeSid
RegEnumValueA
RegCreateKeyExW

oleaut32

SysStringLen
VarAdd
SysAllocString
SysFreeString
VarDecRound
SysAllocStringByteLen
VariantClear
SysStringByteLen
SafeArrayPutElement

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

447fcfa8796c35f21dd48ea62ee4b7ae

Code Sign

b9:e0:db:2c:4f:b8:75:a2:a3:fb:7f:1c:09:47:c4:81Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

setupapi

wininet

kernel32

user32

gdi32

advapi32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 10KB - Virtual size: 177KB

.rsrc Size: 876KB - Virtual size: 876KB

b9:e0:db:2c:4f:b8:75:a2:a3:fb:7f:1c:09:47:c4:81
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 10KB - Virtual size: 177KB

.rsrc
Size: 876KB - Virtual size: 876KB