2e2db391ea828236d34fcdbf1a94c750_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

2e2db391ea828236d34fcdbf1a94c750_NeikiAnalytics
Size

238KB
MD5

2e2db391ea828236d34fcdbf1a94c750
SHA1

a53fcb298b0c0ef87b43412374b493746d8775f1
SHA256

1ee4345eb8c8c81e28fb2964066de0600c6c5ca4ff40ea42ad3e3bb4ecb7bbb1
SHA512

8e0129cf29f02642e06636d6b933b9cbab1b2887e34d558ecd242a9a341674ad12d1c683f0e78e8125e62a5d5acface1fa27b2ab021a5c4fb3c6f6744a8b6139
SSDEEP

3072:44M3pq0N9QTv4JW8ZQlzOJe/bWuqU2HEoGzZqi7NrOFZ7qAYTZ/zRnFESn1wJpZV:h0N9QT3lAybKU2aNBRGzHQK

Score

1^/10

Malware Config

Signatures

Files

2e2db391ea828236d34fcdbf1a94c750_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

334fe9b5f4a1541252c8e48b585dc41d

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

07/05/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Photoshop\, Bridge,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:51:d4:ec:63:27:d0:ae:87:60:8c:58:cf:bf:5f:49:4b:43:d1:84
Signer

Actual PE Digest

65:51:d4:ec:63:27:d0:ae:87:60:8c:58:cf:bf:5f:49:4b:43:d1:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\labuser\Documents\Projects\3dprinting\shared\agf\psinitial\formats\prcsdk\build\3d\common\a3d\dev\ttf\bin\x64\Release\TfFontMgr.pdb

Imports

kernel32

WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
MultiByteToWideChar
OutputDebugStringW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetCPInfo
lstrcpyW
lstrcpyA
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FindNextFileW
FindFirstFileW
FindClose

user32

wsprintfW
GetDC

tfkgeom

ord1555
ord1583

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

__std_type_info_destroy_list
__vcrt_InitializeCriticalSectionEx
__telemetry_main_return_trigger
wcsrchr
__std_terminate
__C_specific_handler
__std_exception_destroy
__std_exception_copy
memmove
memset
wcsstr
wcschr
memcpy
__CxxFrameHandler3
_CxxThrowException
__telemetry_main_invoke_trigger

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

fgetws
_wfopen
fclose
feof
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

_wtoi
atof

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-string-l1-1-0

towlower
wcscat_s
wcsncpy
iswspace
_wcsicmp
towupper
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_seh_filter_dll
_register_onexit_function
_cexit
_initialize_narrow_environment
_crt_atexit
_initterm
_execute_onexit_table
_configure_narrow_argv
terminate
_initterm_e
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-math-l1-1-0

sqrt
log10
ceil

api-ms-win-crt-time-l1-1-0

_time64

gdi32

DeleteObject
GetOutlineTextMetricsW
AddFontResourceExW
SelectObject
GetTextMetricsW
CreateFontIndirectW

Exports

Exports

??0TfFontBox@@QEAA@XZ
??0TfFontKey@@QEAA@AEBV0@@Z
??0TfFontKey@@QEAA@HHH@Z
??0TfFontKey@@QEAA@XZ
??4TfFontBox@@QEAAAEAV0@$$QEAV0@@Z
??4TfFontBox@@QEAAAEAV0@AEBV0@@Z
??4TfFontKey@@QEAAAEAV0@AEBV0@@Z
?AddAttributes@TfFontKey@@QEAAXW4EFontAttributes@@@Z
?FontFamilyIndex@TfFontKey@@QEBAHXZ
?FontFilePath@TfFontKey@@QEBAAEBVTfString@@XZ
?FontLibAddFont@@YAXAEBVTfString@@_N1@Z
?FontLibCreateFontMgr@@YAXAEBVTfFontMgrInitializationData@@@Z
?FontLibCreateTextByBmp@@YA_NAEBVTfFontKey@@AEBVTfString@@@Z
?FontLibCreateTextByVector@@YAMAEBVTfFontKey@@AEBVTfString@@PEA_N@Z
?FontLibDeleteFontMgr@@YAXXZ
?FontLibDrawTextByBmp@@YAMAEBVTfFontKey@@AEBVTfString@@@Z
?FontLibDrawTextByVector@@YAMAEBVTfFontKey@@AEBVTfString@@PEAUct_Mesh@@PEAVTfFontBox@@@Z
?FontLibDrawTextByVectorContour@@YAMAEBVTfFontKey@@AEBVTfString@@@Z
?FontLibEstimateLength@@YAM_NAEBVTfString@@1W4EFontType@@AEAM3333AEA_NAEAW4EPRCCharSet@@4@Z
?FontLibExistFontName@@YA_NAEBVTfString@@@Z
?FontLibFindFontKey@@YA_NAEBVTfString@@GAEAVTfFontKey@@_N222@Z
?FontLibFindFontKey@@YA_NAEBVTfString@@GDAEAVTfFontKey@@W4EPRCCharSet@@@Z
?FontLibFindFontKey@@YA_NHGAEAVTfFontKey@@_N111@Z
?FontLibFontMgrExist@@YA_NPEAH@Z
?FontLibGetDefaultFontName@@YAAEBVTfString@@XZ
?FontLibGetFontName@@YAXHAEAVTfString@@@Z
?FontLibGetFontNameForRTF@@YAXAEAVTfString@@@Z
?FontLibGetFontNameWithPrefix@@YAXAEAVTfString@@PEA_N@Z
?FontLibGetResolution@@YAHXZ
?FontLibGetSymbolFontKey@@YAXAEAVTfFontKey@@@Z
?FontLibGetSymbolFontName@@YAXAEAVTfString@@@Z
?FontLibGetTextBox@@YAXAEBVTfFontKey@@AEBVTfString@@AEAM2_N@Z
?FontLibGetTypeFontFromName@@YA?AW4EFontType@@AEAVTfString@@@Z
?FontLibInitFctSystem@@YA_NP6A?AW4EFontStatus@@AEAV?$TfSArray@VTfString@@@@@Z@Z
?FontLibIsCoolType@@YA_NXZ
?FontLibLoadAllFont@@YAXAEBV?$TfSArray@VTfString@@@@H@Z
?FontLibLoadCatiaFont@@YAXAEBV?$TfSArray@VTfString@@@@@Z
?FontLibLoadUGFont@@YAXAEBV?$TfSArray@VTfString@@@@@Z
?FontLibRemoveAllFonts@@YAXXZ
?FontLibRetrieveFontFamilies@@YAXHAEAV?$TfSArray@VTfString@@@@@Z
?FontLibSetDefaultFontName@@YAXAEBVTfString@@@Z
?FontLibSetResolution@@YAXH@Z
?FontLibSetSymbolFontName@@YAXAEBVTfString@@@Z
?FontSizeIndex@TfFontKey@@QEBAHXZ
?FontStyleIndex@TfFontKey@@QEBAHXZ
?GetAttributes@TfFontKey@@QEBADXZ
?GetBitmapFont@TfFontKey@@QEBA?AV?$C_ptr@VTfFont@@@@XZ
?GetCharSet@TfFontKey@@QEBA?AW4EPRCCharSet@@XZ
?GetFontAdvance@TfFontKey@@QEBAMAEBVTfString@@_N@Z
?GetFontAscent@TfFontKey@@QEBAM_N@Z
?GetFontContours@TfFontKey@@QEBA_NAEB_WAEAV?$TfSArray@VTfContour@@@@_N@Z
?GetFontDescent@TfFontKey@@QEBAM_N@Z
?GetFontFamilyInfo@TfFontKey@@QEBA_NHAEAVTfString@@@Z
?GetFontFamilyName@TfFontKey@@QEBAAEBVTfString@@XZ
?GetFontScale@TfFontKey@@QEBAMXZ
?GetFontScalePixel@TfFontKey@@QEBAMXZ
?GetFontSize@TfFontKey@@QEBAGXZ
?GetInternalFontInfo@TfFontKey@@QEBAMW4EFontInfo@@@Z
?GetTextBox@TfFontKey@@QEBAXAEBVTfString@@AEAM1_N@Z
?GetTextBox@TfFontKey@@QEBAXAEBVTfString@@AEAVTfFontBox@@_N@Z
?GetType@TfFontKey@@QEBA?AW4EFontType@@XZ
?GetVectorFont@TfFontKey@@QEBA?AV?$C_ptr@VTfFont@@@@XZ
?HasSymbol@TfFontKey@@QEBA_NXZ
?HasValidFamily@TfFontKey@@QEBA_NXZ
?HasValidStyle@TfFontKey@@QEBA_NXZ
?IsBold@TfFontKey@@QEBA_NXZ
?IsFixedWidth@TfFontKey@@QEBA_NXZ
?IsInternal@TfFontKey@@QEBA_NXZ
?IsItalic@TfFontKey@@QEBA_NXZ
?IsNull@TfFontKey@@QEAA_NXZ
?IsOverlined@TfFontKey@@QEBA_NXZ
?IsSoftware@TfFontKey@@QEBA_NXZ
?IsStretch@TfFontKey@@QEBA_NXZ
?IsStrikeOut@TfFontKey@@QEBA_NXZ
?IsTTFSymbols@TfFontKey@@QEBA_NXZ
?IsUnderlined@TfFontKey@@QEBA_NXZ
?IsValid@TfFontKey@@QEBA_NXZ
?IsWired@TfFontKey@@QEBA_NXZ
?LoadInternal@TfFontKey@@QEAA_NXZ
?ReSet@TfFontKey@@QEAAXXZ
?Set@TfFontKey@@QEAAXHHH@Z
?SetAttributes@TfFontKey@@QEAAXD@Z
?SetCharSet@TfFontKey@@QEAAXW4EPRCCharSet@@@Z
?SetFamily@TfFontKey@@QEAAXH@Z
?SetFontScale@TfFontKey@@QEBAXM@Z
?SetInternalBold@TfFontKey@@QEAAX_N@Z
?SetInternalItalic@TfFontKey@@QEAAX_N@Z
?SetOverlined@TfFontKey@@QEAAX_N@Z
?SetSize@TfFontKey@@QEAAXH@Z
?SetStrikeOut@TfFontKey@@QEAAX_N@Z
?SetStyle@TfFontKey@@QEAAXH@Z
?SetStyleSoftware@TfFontKey@@QEAAXAEA_N0_N@Z
?SetUnderlined@TfFontKey@@QEAAX_N@Z

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

334fe9b5f4a1541252c8e48b585dc41d

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

65:51:d4:ec:63:27:d0:ae:87:60:8c:58:cf:bf:5f:49:4b:43:d1:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

tfkgeom

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

gdi32

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 1KB - Virtual size: 6.2MB

.pdata Size: 9KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 36B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 352B

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

65:51:d4:ec:63:27:d0:ae:87:60:8c:58:cf:bf:5f:49:4b:43:d1:84
Signer

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 6.2MB

.pdata
Size: 9KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 36B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 352B