03b773737a904f7979b9cf6959438d60_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

03b773737a904f7979b9cf6959438d60_NeikiAnalytics
Size

134KB
MD5

03b773737a904f7979b9cf6959438d60
SHA1

06487098b52a7aaced9d11a3623e45dbb48467ae
SHA256

7e610bdad0eef6c3d12877dcc75ee7cd0eaffd464993fb977b74fbba772f14bb
SHA512

41d9b0783c88033ce3f009b0d93b0a2d471b66cbde35a5b0e2b8a2995b157d1a331573c554541b954d449f0370d4a4ea9623b88b9153e900e2b0b2934ecbdfcf
SSDEEP

3072:EnAPpFFet1sF1wBK01eOCbYYqIJdWnGCR90KRKOARKwol:EA73F1wY01eOGJY0rOARKl

Score

1^/10

Malware Config

Signatures

Files

03b773737a904f7979b9cf6959438d60_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

8a259a3205c9541ecf18efbcc51af514

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

07/05/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Photoshop\, Bridge,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:94:63:c7:36:62:ff:05:6f:39:c7:9c:9f:23:58:b2:50:10:ed:2a
Signer

Actual PE Digest

41:94:63:c7:36:62:ff:05:6f:39:c7:9c:9f:23:58:b2:50:10:ed:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\DynamicLinkMediaServer10\releases\2016.03\shared\third_party\projects\boost_threads\lib\win\release\64\boost_threads.pdb

Imports

boost_system

?system_category@system@boost@@YAAEBVerror_category@12@XZ

boost_date_time

??0greg_month@gregorian@boost@@QEAA@G@Z

kernel32

QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
GetSystemTimeAsFileTime
CreateEventA
OpenEventA
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
ReleaseSemaphore
DuplicateHandle
Sleep
GetTickCount64
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
SetEvent
ResetEvent
GetProcessHeap
HeapAlloc
HeapFree
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
CreateWaitableTimerW
SystemTimeToFileTime
EncodePointer

msvcp120

?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

msvcr120

??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memmove
??_V@YAXPEAX@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_gmtime64
_hypot
_beginthreadex
_CxxThrowException
__CxxFrameHandler3
memcpy
?terminate@@YAXXZ
__C_specific_handler
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_purecall

Exports

Exports

??0disable_interruption@this_thread@boost@@QEAA@XZ
??0handle_manager@win32@detail@boost@@QEAA@PEAX@Z
??0handle_manager@win32@detail@boost@@QEAA@XZ
??0restore_interruption@this_thread@boost@@QEAA@AEAVdisable_interruption@12@@Z
??0thread@boost@@QEAA@$$QEAV01@@Z
??0thread@boost@@QEAA@V?$intrusive_ptr@Uthread_data_base@detail@boost@@@1@@Z
??0thread@boost@@QEAA@XZ
??0thread_data_base@detail@boost@@QEAA@XZ
??1disable_interruption@this_thread@boost@@QEAA@XZ
??1handle_manager@win32@detail@boost@@QEAA@XZ
??1restore_interruption@this_thread@boost@@QEAA@XZ
??1thread@boost@@QEAA@XZ
??1thread_data_base@detail@boost@@UEAA@XZ
??4handle_manager@win32@detail@boost@@QEAAAEAV0123@PEAX@Z
??4thread@boost@@QEAAAEAV01@$$QEAV01@@Z
??7handle_manager@win32@detail@boost@@QEBA_NXZ
??8thread@boost@@QEBA_NAEBV01@@Z
??9thread@boost@@QEBA_NAEBV01@@Z
??Bhandle_manager@win32@detail@boost@@QEBAPEAXXZ
??_7thread_data_base@detail@boost@@6B@
?add_thread_exit_function@detail@boost@@YAXPEAUthread_exit_function_base@12@@Z
?cleanup@handle_manager@win32@detail@boost@@AEAAXXZ
?detach@thread@boost@@QEAAXXZ
?do_try_join_until@thread@boost@@AEAA_N_K@Z
?do_try_join_until_noexcept@thread@boost@@AEAA_N_KAEA_N@Z
?duplicate@handle_manager@win32@detail@boost@@QEBAPEAXXZ
?get_current_thread_data@detail@boost@@YAPEAUthread_data_base@12@XZ
?get_id@this_thread@boost@@YA?AVid@thread@2@XZ
?get_id@thread@boost@@QEBA?AVid@12@XZ
?get_thread_info@thread@boost@@QEBA?AV?$intrusive_ptr@Uthread_data_base@detail@boost@@@2@XZ
?get_tss_data@detail@boost@@YAPEAXPEBX@Z
?hardware_concurrency@thread@boost@@SAIXZ
?interrupt@thread@boost@@QEAAXXZ
?interrupt@thread_data_base@detail@boost@@QEAAXXZ
?interruptible_wait@this_thread@boost@@YA_NPEAXUtimeout@detail@2@@Z
?interruption_enabled@this_thread@boost@@YA_NXZ
?interruption_point@this_thread@boost@@YAXXZ
?interruption_requested@this_thread@boost@@YA_NXZ
?interruption_requested@thread@boost@@QEBA_NXZ
?join@thread@boost@@QEAAXXZ
?join_noexcept@thread@boost@@AEAA_NXZ
?joinable@thread@boost@@QEBA_NXZ
?make_ready_at_thread_exit@thread_data_base@detail@boost@@QEAAXV?$shared_ptr@Ushared_state_base@detail@boost@@@3@@Z
?make_thread_info@thread@boost@@SA?AV?$intrusive_ptr@Uthread_data_base@detail@boost@@@2@P6AXXZ@Z
?native_handle@thread@boost@@QEAAPEAXXZ
?notify_all_at_thread_exit@boost@@YAXAEAVcondition_variable@1@V?$unique_lock@Vmutex@boost@@@1@@Z
?notify_all_at_thread_exit@thread_data_base@detail@boost@@UEAAXPEAVcondition_variable@3@PEAVmutex@3@@Z
?on_process_enter@boost@@YAXXZ
?on_process_exit@boost@@YAXXZ
?on_thread_enter@boost@@YAXXZ
?on_thread_exit@boost@@YAXXZ
?release@handle_manager@win32@detail@boost@@QEAAPEAXXZ
?release_handle@thread@boost@@AEAAXXZ
?set_tss_data@detail@boost@@YAXPEBXV?$shared_ptr@Utss_cleanup_function@detail@boost@@@2@PEAX_N@Z
?sleep@thread@boost@@SAXAEBVptime@posix_time@2@@Z
?start_thread@thread@boost@@QEAAXAEBVthread_attributes@2@@Z
?start_thread@thread@boost@@QEAAXXZ
?start_thread_noexcept@thread@boost@@AEAA_NAEBVthread_attributes@2@@Z
?start_thread_noexcept@thread@boost@@AEAA_NXZ
?swap@handle_manager@win32@detail@boost@@QEAAXAEAV1234@@Z
?swap@thread@boost@@QEAAXAEAV12@@Z
?timed_join@thread@boost@@QEAA_NAEBVptime@posix_time@2@@Z
?try_join_until@thread@boost@@QEAA_NAEBV?$time_point@Vsystem_clock@chrono@boost@@V?$duration@_JV?$ratio@$00$0DLJKMKAA@@boost@@@23@@chrono@2@@Z
?yield@this_thread@boost@@YAXXZ
?yield@thread@boost@@SAXXZ

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a259a3205c9541ecf18efbcc51af514

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

41:94:63:c7:36:62:ff:05:6f:39:c7:9c:9f:23:58:b2:50:10:ed:2aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

boost_system

boost_date_time

kernel32

msvcp120

msvcr120

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 572B

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

41:94:63:c7:36:62:ff:05:6f:39:c7:9c:9f:23:58:b2:50:10:ed:2a
Signer

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 572B