1d3e05676c0b90da397c33d0bfee8f80_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

1d3e05676c0b90da397c33d0bfee8f80_NeikiAnalytics
Size

4.0MB
MD5

1d3e05676c0b90da397c33d0bfee8f80
SHA1

8565f4bfae4d4903c4de2d077ff4d9a09767cc6b
SHA256

f82c84e8e8b6e1e3bf88e5e1029be0d227d1d64c3b0c666e0e140a3382a5f2ee
SHA512

4aa86908e41a0f53451894b210c2496a81626a24d57d42a40904b30ba8f56242c9662f019d9444e3d298d799573176034a3a550e7b934486511bbe559a8ce8bd
SSDEEP

49152:dEnVKqTgxpdhb9mW3fMpVYstXRSyNIdLKY:fMmmWUtSLKY

Score

1^/10

Malware Config

Signatures

Files

1d3e05676c0b90da397c33d0bfee8f80_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

1684488c25c6573559b36ff07263eac8

Code Sign

dc:22:7e:63:01:cc:07:88:a6:61:02:1e:45:86:a8:df
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/06/2016, 00:00

Not After

20/06/2017, 23:59

Subject

CN=\"RIKO-INFORM\",O=\"RIKO-INFORM\",POSTALCODE=156013,STREET=STREET Kostroma Galich\, 47b\, 206,L=Kostroma,ST=RU,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:e0:d1:71:31:2e:ec:9e:c5:0c:26:8a:a8:ba:ad:e8:34:f7:11:15:48:c8:3a:1f:88:17:48:12:a8:5a:53:9e
Signer

Actual PE Digest

44:e0:d1:71:31:2e:ec:9e:c5:0c:26:8a:a8:ba:ad:e8:34:f7:11:15:48:c8:3a:1f:88:17:48:12:a8:5a:53:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_DrawEx
ImageList_Remove
ImageList_BeginDrag

kernel32

QueryPerformanceCounter
MultiByteToWideChar
DeleteFileW
CreateFileW
GetTempFileNameW
GetFileSize
CloseHandle
GetTempPathW
ReadFile
ExitProcess
VirtualAlloc
GetSystemTimeAsFileTime
GetProcAddress
FileTimeToDosDateTime
GetVersionExA
DeleteFileA
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
WriteFile
GlobalHandle
WaitForSingleObject
GetCurrentProcessId
GetModuleHandleA
EnumSystemLocalesA
GetTickCount
GetEnvironmentStrings
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind

user32

GetSystemMetrics
LoadStringA
MessageBoxA
GetUserObjectInformationA
GetClientRect
LoadKeyboardLayoutA
CreateDialogParamA
ShowWindow
DispatchMessageA
TranslateMessage

gdi32

UnrealizeObject
Rectangle
GetStockObject
StretchBlt

advapi32

AllocateLocallyUniqueId

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.udata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1684488c25c6573559b36ff07263eac8

Code Sign

dc:22:7e:63:01:cc:07:88:a6:61:02:1e:45:86:a8:dfCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

44:e0:d1:71:31:2e:ec:9e:c5:0c:26:8a:a8:ba:ad:e8:34:f7:11:15:48:c8:3a:1f:88:17:48:12:a8:5a:53:9eSigner

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.udata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 14KB

.tls Size: 4KB - Virtual size: 16B

.rsrc Size: 60KB - Virtual size: 58KB

dc:22:7e:63:01:cc:07:88:a6:61:02:1e:45:86:a8:df
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

44:e0:d1:71:31:2e:ec:9e:c5:0c:26:8a:a8:ba:ad:e8:34:f7:11:15:48:c8:3a:1f:88:17:48:12:a8:5a:53:9e
Signer

.text
Size: 3.9MB - Virtual size: 3.9MB

.udata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 14KB

.tls
Size: 4KB - Virtual size: 16B

.rsrc
Size: 60KB - Virtual size: 58KB