20bb3e4dfcfc1ca1e673355184c58ee0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

20bb3e4dfcfc1ca1e673355184c58ee0_NeikiAnalytics
Size

2.8MB
MD5

20bb3e4dfcfc1ca1e673355184c58ee0
SHA1

fa89f7ba87eb3f6c4d3bccd6a664145062f8158b
SHA256

483ecce011247ff00150d68d1ba5d5d32afc0678cbe5dd9e213ae02e414458f7
SHA512

4540e63dbca589a47d940247be22904322f6b876a73039e1159f4d34b8769507d88c214736c71f96ad5bf471d96278c904cb21119d7d0146e3294d9e9b8b6dbe
SSDEEP

49152:kYhRH3/aSgyc36s2YzIcw7QE4ck7SEj3ATavcO4zlAQt3luP:rRH3/azqs2SFMjCAWvcOIA+34

Score

1^/10

Malware Config

Signatures

Files

20bb3e4dfcfc1ca1e673355184c58ee0_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

58dfbf0327e59787a6c725611009a992

Code Sign

d7:2f:99:0c:16:3c:84:5b:a9:f5:16:cb:b9:db:af:ae
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/11/2018, 00:00

Not After

25/09/2019, 23:59

Subject

CN=KAKA\, BABAN LTD\,,O=KAKA\, BABAN LTD\,,POSTALCODE=DA2 6QD,STREET=Dartford\, Admirals Park- Sipher Accounting and Tax.,L=DARTFORD,ST=kent,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

FindDebugInfoFile
MapAndLoad
MapFileAndCheckSumA
ImageRemoveCertificate
ImageNtHeader
MapFileAndCheckSumW

version

VerQueryValueW
VerQueryValueA

kernel32

GlobalFlags
GetExitCodeProcess
GetDateFormatA
SetCurrentDirectoryA
GetVersionExA
GetModuleHandleW
GetProcAddress
GetModuleHandleA
GetCommandLineA
VirtualProtect
IsBadReadPtr
LoadLibraryA
MultiByteToWideChar
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
FindResourceExW
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
HeapFree
ExitProcess
GetStartupInfoA
UnlockFile
CreateDirectoryA
ResetEvent
LCMapStringW
DuplicateHandle
ReleaseMutex
GetTimeFormatA
FindNextFileA
TerminateThread
FormatMessageW
ResumeThread
GetTempPathA
CreateMutexW
lstrcmpiA
CopyFileA
GlobalUnlock
GetDiskFreeSpaceA
FindFirstFileA
GetVersion
DeleteFileW
QueryPerformanceCounter
FreeLibrary
GetCurrentThreadId
GetTickCount
GetSystemTimeAsFileTime
CloseHandle
GetStringTypeA
GetStringTypeW
LCMapStringA

user32

MoveWindow
ClientToScreen
DispatchMessageW
SendMessageA
wsprintfA
DeleteMenu
DrawTextA
EnableMenuItem
CharLowerBuffW
TrackPopupMenuEx
GetSystemMenu
TrackPopupMenu
RegisterClassExW
IsWindowVisible
TranslateMessage
GetParent
GetKeyState
LoadBitmapA
DefWindowProcW
GetWindowLongW
SetFocus
LoadMenuW
GetSubMenu
GetWindowLongA
GetSysColor
CheckMenuRadioItem
DestroyWindow
SendMessageW
DefWindowProcA
EndPaint
AppendMenuW
LoadStringW
CharNextW
IsWindowEnabled
InvalidateRect
GetSystemMetrics
GetClientRect

gdi32

DeleteObject

rpcrt4

NdrComplexStructFree
NdrComplexArrayFree
NdrComplexStructBufferSize
NdrClientInitialize
NdrComplexArrayUnmarshall
NdrComplexStructMarshall
NdrClientInitializeNew
NdrComplexArrayMarshall
NdrComplexArrayMemorySize

advapi32

RegEnumValueW
LookupPrivilegeValueW
LookupPrivilegeDisplayNameA
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
LookupPrivilegeDisplayNameW
LookupPrivilegeValueA
EqualSid
RegEnumKeyExW
OpenEventLogW
FreeSid
AllocateLocallyUniqueId
InitializeSid
RegCreateKeyExW
IsValidSid
LookupPrivilegeNameA
LookupAccountNameA
LookupPrivilegeNameW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyW
OpenEventLogA

shell32

ShellExecuteW
SHGetFileInfoA
Shell_NotifyIconW

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 978KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 4KB - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58dfbf0327e59787a6c725611009a992

Code Sign

d7:2f:99:0c:16:3c:84:5b:a9:f5:16:cb:b9:db:af:aeCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

imagehlp

version

kernel32

user32

gdi32

rpcrt4

advapi32

shell32

Sections

.text Size: 936KB - Virtual size: 935KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 978KB

.ndata Size: 4KB - Virtual size: 79B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

d7:2f:99:0c:16:3c:84:5b:a9:f5:16:cb:b9:db:af:ae
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

.text
Size: 936KB - Virtual size: 935KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 978KB

.ndata
Size: 4KB - Virtual size: 79B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB