508134856cc2a60e72a98fa5d40191c0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

508134856cc2a60e72a98fa5d40191c0_NeikiAnalytics
Size

5.6MB
MD5

508134856cc2a60e72a98fa5d40191c0
SHA1

68a7880b27a9ab509a2f4129adedf4b11748d762
SHA256

1e5d9aee95ea576325fa0e7c993ec08ff25c33011d8de36f5560f57b937700dc
SHA512

b37e4f547e355f59f6ba32a915d375fd2cba41bc5347525f02cf5c0ebf9f3b7189c3cd4660a70838008b36187c745728571b9ae91a811db657cf6d713c9801fd
SSDEEP

49152:LJ5OP32JSnkIU6imGtlqcVwASOdCs+2M2YKgLSqXOtYl+8onaeMMnVzkkxMxp20W:cr+7RVMUEi3/mRX/kbCQW8Nw9tAsw

Score

1^/10

Malware Config

Signatures

Files

508134856cc2a60e72a98fa5d40191c0_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

9ff039a97b5986434d0b70c98416143f

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:a4:13:b6:8a:c7:22:0d:6b:ed:12:eb:5f:d6:90:a3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/04/2018, 00:00

Not After

16/04/2019, 12:00

Subject

CN=MainConcept GmbH.,O=MainConcept GmbH.,L=Aachen,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:f2:09:b2:01:d1:0c:50:66:7e:f4:ed:75:93:a2:46:7a:59:81:f3
Signer

Actual PE Digest

52:f2:09:b2:01:d1:0c:50:66:7e:f4:ed:75:93:a2:46:7a:59:81:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ahpwc\mc\build_release\build\mc_enc_avcsr_dbginfo_build_win64_x64_release\mc_enc_avcsr.pdb

Imports

mc_mfimport

ord65
ord64
ord62
ord63
ord16
ord4

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

crypt32

CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

kernel32

IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
CloseHandle
WaitForSingleObject
CreateEventA
GetCurrentProcess
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
GetFileType
WriteFile
GetLastError
GetModuleHandleW
GetACP
GetSystemTimeAsFileTime
DeleteFiber
WideCharToMultiByte
RtlVirtualUnwind
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
ConvertFiberToThread
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
FreeLibrary
LoadLibraryA
LoadLibraryW
ReleaseSemaphore
Sleep
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
SetThreadAffinityMask
CreateSemaphoreA
RaiseException
GetNumaNodeProcessorMaskEx
SetThreadGroupAffinity
GetActiveProcessorGroupCount
GetActiveProcessorCount
SwitchToThread
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
GetFileAttributesW
LoadLibraryExW
SetThreadErrorMode
HeapReAlloc
HeapFree
HeapAlloc
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileW
HeapSize
SetEndOfFile
WriteConsoleW
MultiByteToWideChar
TryEnterCriticalSection
EncodePointer
DecodePointer
SetLastError
CreateEventW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlPcToFileHeader
RtlUnwindEx
ReadFile
ExitProcess

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryInfoKeyW

Exports

Exports

avcSRWrapperCheckSettings
avcSRWrapperDone
avcSRWrapperFree
avcSRWrapperGetAPIExt
avcSRWrapperGetDefaultSettings
avcSRWrapperGetSettings
avcSRWrapperInit
avcSRWrapperInputAttach
avcSRWrapperInputDetach
avcSRWrapperNew
avcSRWrapperPutFrame
avcSRWrapperSetSettings

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ff039a97b5986434d0b70c98416143f

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:a4:13:b6:8a:c7:22:0d:6b:ed:12:eb:5f:d6:90:a3Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

52:f2:09:b2:01:d1:0c:50:66:7e:f4:ed:75:93:a2:46:7a:59:81:f3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mc_mfimport

ws2_32

crypt32

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 749KB - Virtual size: 748KB

.data Size: 132KB - Virtual size: 1.2MB

.pdata Size: 113KB - Virtual size: 113KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 32KB - Virtual size: 31KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 27KB - Virtual size: 27KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:a4:13:b6:8a:c7:22:0d:6b:ed:12:eb:5f:d6:90:a3
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

52:f2:09:b2:01:d1:0c:50:66:7e:f4:ed:75:93:a2:46:7a:59:81:f3
Signer

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 749KB - Virtual size: 748KB

.data
Size: 132KB - Virtual size: 1.2MB

.pdata
Size: 113KB - Virtual size: 113KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 27KB - Virtual size: 27KB