3149618572105b8191f8c2216032eae0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

3149618572105b8191f8c2216032eae0_NeikiAnalytics
Size

1.4MB
MD5

3149618572105b8191f8c2216032eae0
SHA1

6c0a34a2456604eea97f35b9e56a485052d2f257
SHA256

b9b34e788fc8ee9d223d10d138ca38f097790cb9785fd3b22bd5d7e586f2fa16
SHA512

49fba49df0b3a739b2fc6aa8b881c90c4bb31103ee00231e01653d8fd1688cbfadf0efe4ad2e390c4d27ccfc87322774b4c0295ec22291d1c63dcadffca4099f
SSDEEP

24576:AYlDzwQwulBwh4Ec/E0oIYxTV6m69dmskwjQrPKBntTimFp/CYXKaW3:HIQwuAh5Vf36fmskJWT/Fp/CYXKaW3

Score

1^/10

Malware Config

Signatures

Files

3149618572105b8191f8c2216032eae0_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

62cf3802c2eef2841a29afd23fd694ce

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:1f:09:78:71:13:57:85:67:bb:45:12:22:aa:64:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/12/2012, 00:00

Not After

04/01/2014, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:a3:8c:e5:5d:c5:c3:09:1e:69:b4:d5:d5:dc:c8:ee:3e:a7:0d:65
Signer

Actual PE Digest

c0:a3:8c:e5:5d:c5:c3:09:1e:69:b4:d5:d5:dc:c8:ee:3e:a7:0d:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\BT\BDNIMBUS-479607\BDNIMBUS\bin\release\bdnc.pdb

Imports

user32

GetUserObjectInformationW
GetDesktopWindow
MessageBoxA
GetProcessWindowStation

winmm

timeGetTime

ws2_32

WSASend
sendto
gethostname
recvfrom
htonl
bind
listen
getsockname
accept
getaddrinfo
freeaddrinfo
getprotobynumber
getservbyname
WSARecv
WSASetLastError
socket
connect
getsockopt
closesocket
ioctlsocket
WSACleanup
WSAStartup
WSAGetLastError
recv
send
ntohs
htons
inet_addr
getnameinfo
shutdown
setsockopt
select
WSAIoctl
WSAGetOverlappedResult
ntohl

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
CryptGenRandom
CryptAcquireContextA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCloseKey

shell32

SHGetSpecialFolderPathA

kernel32

GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
GetFullPathNameA
FlushFileBuffers
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
GetLocaleInfoA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetProcessHeap
SetEndOfFile
GetConsoleCP
GetStartupInfoA
SetHandleCount
RtlUnwind
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
GetCurrentProcess
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
FreeEnvironmentStringsW
TerminateProcess
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
SetEvent
DeleteCriticalSection
CloseHandle
WaitForSingleObject
CreateEventA
InitializeCriticalSection
CreateThread
ReleaseMutex
GetLastError
CreateMutexA
ReadFile
GetFileSize
CreateFileW
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
DeleteFileA
WriteFile
GetCurrentProcessId
MoveFileA
GetFileTime
GetFileSizeEx
FormatMessageA
LocalFree
LoadLibraryA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LocalAlloc
GetVersion
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetCurrentThreadId
ResetEvent
GetTickCount
GetSystemInfo
Sleep
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateSemaphoreA
PostQueuedCompletionStatus
SetLastError
GetModuleHandleA
GetFileType
GetStdHandle
MultiByteToWideChar
FindFirstFileA
FindClose
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
HeapAlloc
HeapFree
HeapReAlloc
SetFilePointer
WideCharToMultiByte
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
SetStdHandle
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
ExitProcess
ExitThread
ResumeThread
SetConsoleCtrlHandler
GetTimeZoneInformation
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
VirtualFree
VirtualAlloc
HeapCreate

Exports

Exports

bdnimbus_ask
bdnimbus_ask_async
bdnimbus_file_upload
bdnimbus_file_upload_async
bdnimbus_free_response
bdnimbus_get_option
bdnimbus_init
bdnimbus_push_info
bdnimbus_set_option
bdnimbus_text
bdnimbus_uninit

Sections

.text
Size: 1024KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62cf3802c2eef2841a29afd23fd694ce

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

49:1f:09:78:71:13:57:85:67:bb:45:12:22:aa:64:d1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c0:a3:8c:e5:5d:c5:c3:09:1e:69:b4:d5:d5:dc:c8:ee:3e:a7:0d:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

winmm

ws2_32

advapi32

shell32

kernel32

Exports

Exports

Sections

.text Size: 1024KB - Virtual size: 1023KB

.rdata Size: 251KB - Virtual size: 251KB

.data Size: 127KB - Virtual size: 153KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 58KB - Virtual size: 58KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

49:1f:09:78:71:13:57:85:67:bb:45:12:22:aa:64:d1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c0:a3:8c:e5:5d:c5:c3:09:1e:69:b4:d5:d5:dc:c8:ee:3e:a7:0d:65
Signer

.text
Size: 1024KB - Virtual size: 1023KB

.rdata
Size: 251KB - Virtual size: 251KB

.data
Size: 127KB - Virtual size: 153KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 58KB - Virtual size: 58KB