3c08826eee4c7dc1072aac024da1af30_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

3c08826eee4c7dc1072aac024da1af30_NeikiAnalytics
Size

403KB
MD5

3c08826eee4c7dc1072aac024da1af30
SHA1

5e236a7373e98879a1043ce405536cc48a446123
SHA256

e5bb67e2c6def2c66ffbb5ddfe06df226f789ba2526f688e4f403aec351f10e2
SHA512

5e864e45e4633099310d394fe567924b24eb2bc9296b552241c23145028f7909e35efc1c4727576c3cc1154fff3e33d41645a1a97896620353e74e71282d5308
SSDEEP

6144:VXsr4Rp+5B0Pw7Q7k8lcODvtMJfDVChJW3wY5:GQ+5SPw7QoHMvt6fDVChm

Score

1^/10

Malware Config

Signatures

Files

3c08826eee4c7dc1072aac024da1af30_NeikiAnalytics
.exe windows:6 windows x86 arch:x86

6562753d587b1499732423b3a4b025dc

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

Issuer

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

19/06/2014, 18:09

Not After

03/06/2017, 18:09

Subject

CN=Intel Corporation - pGFX,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:ff:88:00:01:00:00:00:10
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

08/02/2013, 22:21

Not After

08/02/2018, 22:31

Subject

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

01/02/2013, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:b7:10:02:09:08:8f:d5:1b:3f:a7:f8:b1:71:3c:01:3f:30:8b:12
Signer

Actual PE Digest

47:b7:10:02:09:08:8f:d5:1b:3f:a7:f8:b1:71:3c:01:3f:30:8b:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetCurrentThreadId
FlushInstructionCache
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
GetCurrentProcess
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetStartupInfoW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
EncodePointer
RtlUnwind
LocalFree
WideCharToMultiByte
lstrlenA
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
GetCommandLineW

user32

wsprintfW
PostMessageW
CreatePopupMenu
DestroyMenu
GetMenuItemCount
InsertMenuW
AppendMenuW
SetForegroundWindow
LoadImageW
LoadIconW
FindWindowExW
GetWindowLongW
GetCursorPos
GetWindowRect
GetClientRect
SetWindowTextW
EndPaint
BeginPaint
ReleaseDC
SetMenuDefaultItem
TrackPopupMenuEx
GetSubMenu
GetSystemMetrics
KillTimer
SetTimer
GetDlgItem
CreateDialogParamW
IsWindowVisible
GetWindowPlacement
ShowWindow
DestroyWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
RegisterWindowMessageW
LoadCursorW
GetDesktopWindow
SetWindowLongW
CharNextW
CharUpperW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
MessageBoxW
GetDC

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
OleRun
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoReleaseServerProcess

shell32

Shell_NotifyIconW

oleaut32

VariantClear
GetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayGetVartype
VarBstrCat
VarBstrCmp
VarUI4FromStr
LoadTypeLi

gdi32

DeleteDC
CreateCompatibleDC
BitBlt
GetTextExtentPointW
SelectObject
DeleteObject

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6562753d587b1499732423b3a4b025dc

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35Certificate

Extended Key Usages

Key Usages

61:2c:ff:88:00:01:00:00:00:10Certificate

Key Usages

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88Certificate

Extended Key Usages

Key Usages

47:b7:10:02:09:08:8f:d5:1b:3f:a7:f8:b1:71:3c:01:3f:30:8b:12Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 83KB - Virtual size: 91KB

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 9KB - Virtual size: 8KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

61:2c:ff:88:00:01:00:00:00:10
Certificate

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

47:b7:10:02:09:08:8f:d5:1b:3f:a7:f8:b1:71:3c:01:3f:30:8b:12
Signer

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 83KB - Virtual size: 91KB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 9KB - Virtual size: 8KB