4449a9373f5eb526b4d7c8801e941520_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

4449a9373f5eb526b4d7c8801e941520_NeikiAnalytics
Size

1.4MB
MD5

4449a9373f5eb526b4d7c8801e941520
SHA1

d109b7b712d146c097c4bcce68ccd6ee3e48fa44
SHA256

be291ea9a1547b83f0fc417d766d518c0ba6ca21f5dae8e6b98c0d578c9972df
SHA512

deef85a6da4232d6065c46cbfe589d5cd0891105816c42de0395cb06c11d6e4df97c64f752f21edf952a1cb7353e6635a7fd7bd1c554cf6e010e267510fe3911
SSDEEP

24576:vaZuTyKc3og56LHVxQXpkaeKMOApqn0YAqJVVuDdTWcTDmL9nG:vaZdKc3F56LHsXTeKMtzsidTdTDmg

Score

1^/10

Malware Config

Signatures

Files

4449a9373f5eb526b4d7c8801e941520_NeikiAnalytics
.dll windows:4 windows x64 arch:x64

baeeadfbc5d612cbcfdb16af83fe208a

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

07/05/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Photoshop\, Bridge,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a8:25:cd:0c:66:0b:23:af:1f:88:8a:13:4f:ef:50:ff:94:23:b8:21
Signer

Actual PE Digest

a8:25:cd:0c:66:0b:23:af:1f:88:8a:13:4f:ef:50:ff:94:23:b8:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
lstrlenW
WideCharToMultiByte
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenA
ResetEvent
GetCurrentThread
SetEvent
ReleaseSemaphore
WaitForMultipleObjects
CreateEventA
CreateSemaphoreA
InitializeCriticalSection
CreateThread
GetSystemInfo
LoadLibraryA
GetProcAddress
Sleep
EnterCriticalSection
CloseHandle
GetFileTime
CreateFileA
GetLongPathNameA
SetThreadAffinityMask
OutputDebugStringA
CompareStringW
CompareStringA
SetEndOfFile
LCMapStringW
LCMapStringA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetProcessHeap
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
GetModuleFileNameW
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
HeapSetInformation
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
SetFilePointer
SetHandleCount
GetStartupInfoA
HeapSize
HeapReAlloc
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryW
GetCPInfo
GetOEMCP
IsValidCodePage
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocStringLen

Exports

Exports

??0ISampleDecoder@@QEAA@AEBV0@@Z
??0ISampleDecoder@@QEAA@XZ
??1ISampleDecoder@@UEAA@XZ
??4ISampleDecoder@@QEAAAEAV0@AEBV0@@Z
??_7ISampleDecoder@@6B@
?GetFramePitch@ISampleDecoder@@SAHHW4CFHD_PixelFormat@@@Z
?GetFrameSize@ISampleDecoder@@SA_KHHW4CFHD_PixelFormat@@@Z
?GetPixelSize@ISampleDecoder@@SAHW4CFHD_PixelFormat@@@Z
?V210FramePitch@ISampleDecoder@@KAHH@Z
CFHD_ClearActiveMetadata
CFHD_CloseDecoder
CFHD_CloseMetadata
CFHD_CreateImageDeveloper
CFHD_CreateSampleDecoder
CFHD_DecodeSample
CFHD_FindMetadata
CFHD_GetImagePitch
CFHD_GetImageSize
CFHD_GetOutputFormats
CFHD_GetPixelSize
CFHD_GetSampleInfo
CFHD_GetThumbnail
CFHD_InitSampleMetadata
CFHD_OpenDecoder
CFHD_OpenMetadata
CFHD_ParseSampleHeader
CFHD_PrepareToDecode
CFHD_ReadMetadata
CFHD_ReadMetadataFromSample
CFHD_SetActiveMetadata
CFHD_SetLicense

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baeeadfbc5d612cbcfdb16af83fe208a

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

a8:25:cd:0c:66:0b:23:af:1f:88:8a:13:4f:ef:50:ff:94:23:b8:21Signer

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 155KB - Virtual size: 155KB

.data Size: 199KB - Virtual size: 573KB

.pdata Size: 19KB - Virtual size: 18KB

.data1 Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

a8:25:cd:0c:66:0b:23:af:1f:88:8a:13:4f:ef:50:ff:94:23:b8:21
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 155KB - Virtual size: 155KB

.data
Size: 199KB - Virtual size: 573KB

.pdata
Size: 19KB - Virtual size: 18KB

.data1
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB