70d0ff43b8da01a427db680f5f165b00_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

70d0ff43b8da01a427db680f5f165b00_NeikiAnalytics
Size

570KB
MD5

70d0ff43b8da01a427db680f5f165b00
SHA1

1e91ca50a89ab1f8275ca448315ed8f2905d97bf
SHA256

6cecd695e12b67e12af93b93ec817eb29472012d42f741ee953146d4e84bb15e
SHA512

59cffd4735bc5855616622268efd78efcd9e1d026865d7c26418f01f290b2758b5387f5525d0dba5f3a0228e855bb2923a75aa76a6d0ac6fa6642bcad0f89ace
SSDEEP

12288:qHAeda/evZxsZnDdPCbg5ep+cQACHT8YXWAFThGgA:CdamBxsxPCbAq+cQACHTPrYgA

Score

1^/10

Malware Config

Signatures

Files

70d0ff43b8da01a427db680f5f165b00_NeikiAnalytics
.dll windows:6 windows x64 arch:x64

135f5fbb1c93fb5b9e280769d3f6942f

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/05/2015, 00:00

Not After

07/05/2017, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Photoshop\, Bridge,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:b7:84:18:80:7f:e5:10:d7:2d:f2:2d:74:e7:c9:09:c2:05:da:31
Signer

Actual PE Digest

55:b7:84:18:80:7f:e5:10:d7:2d:f2:2d:74:e7:c9:09:c2:05:da:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\PS18\PS_18.1_Win_x64_Daily_Retail\20170309.r.207\photoshop\main\shared\agf\psinitial\formats\lib3mf\library\Release\x64\Lib3MFC.pdb

Imports

xmllite

CreateXmlReader

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent

ole32

CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

msvcp140

?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ

shlwapi

SHCreateStreamOnFileEx

vcruntime140

__C_specific_handler
wcschr
__std_type_info_destroy_list
__std_terminate
__std_exception_copy
memmove
__std_exception_destroy
memset
_purecall
__CxxFrameHandler3
__RTDynamicCast
memcmp
memcpy
_CxxThrowException
memchr

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_initialize_onexit_table
_initterm_e
_initterm
_register_onexit_function
_cexit
_execute_onexit_table
_crt_atexit
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

roundf
floorf
sqrtf
_fdtest

api-ms-win-crt-convert-l1-1-0

wcstod
wcstoul
wcstol
wcstof

api-ms-win-crt-string-l1-1-0

wcscpy_s
tolower
strnlen
strcpy_s

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

Exports

Exports

lib3mf_basematerial_addmaterial
lib3mf_basematerial_addmaterialutf8
lib3mf_basematerial_getcount
lib3mf_basematerial_getdisplaycolor
lib3mf_basematerial_getname
lib3mf_basematerial_getnameutf8
lib3mf_basematerial_removematerial
lib3mf_basematerial_setdisplaycolorfloatrgb
lib3mf_basematerial_setdisplaycolorfloatrgba
lib3mf_basematerial_setdisplaycolorrgb
lib3mf_basematerial_setdisplaycolorrgba
lib3mf_basematerial_setname
lib3mf_basematerial_setnameutf8
lib3mf_builditem_gethandle
lib3mf_builditem_getobjectresource
lib3mf_builditem_getobjectresourceid
lib3mf_builditem_getobjecttransform
lib3mf_builditem_getpartnumber
lib3mf_builditem_getpartnumberutf8
lib3mf_builditem_hasobjecttransform
lib3mf_builditem_setobjecttransform
lib3mf_builditem_setpartnumber
lib3mf_builditem_setpartnumberutf8
lib3mf_builditemiterator_clone
lib3mf_builditemiterator_getcurrent
lib3mf_builditemiterator_movenext
lib3mf_builditemiterator_moveprevious
lib3mf_component_getobjectresource
lib3mf_component_getobjectresourceid
lib3mf_component_gettransform
lib3mf_component_hastransform
lib3mf_component_settransform
lib3mf_componentsobject_addcomponent
lib3mf_componentsobject_getcomponent
lib3mf_componentsobject_getcomponentcount
lib3mf_createmodel
lib3mf_defaultpropertyhandler_getbasematerial
lib3mf_defaultpropertyhandler_getcolor
lib3mf_defaultpropertyhandler_getpropertytype
lib3mf_defaultpropertyhandler_gettexture
lib3mf_defaultpropertyhandler_removeproperty
lib3mf_defaultpropertyhandler_setbasematerial
lib3mf_defaultpropertyhandler_setcolor
lib3mf_defaultpropertyhandler_setcolorrgb
lib3mf_defaultpropertyhandler_setcolorrgba
lib3mf_defaultpropertyhandler_setfloatcolorrgb
lib3mf_defaultpropertyhandler_setfloatcolorrgba
lib3mf_defaultpropertyhandler_settexture
lib3mf_getinterfaceversion
lib3mf_getlasterror
lib3mf_getspecversion
lib3mf_meshobject_addtriangle
lib3mf_meshobject_addvertex
lib3mf_meshobject_createmultipropertyhandler
lib3mf_meshobject_createpropertyhandler
lib3mf_meshobject_gettriangle
lib3mf_meshobject_gettrianglecount
lib3mf_meshobject_gettriangleindices
lib3mf_meshobject_getvertex
lib3mf_meshobject_getvertexcount
lib3mf_meshobject_getvertices
lib3mf_meshobject_ismanifoldandoriented
lib3mf_meshobject_setgeometry
lib3mf_meshobject_settriangle
lib3mf_meshobject_setvertex
lib3mf_model_addbasematerialgroup
lib3mf_model_addbuilditem
lib3mf_model_addcomponentsobject
lib3mf_model_addmeshobject
lib3mf_model_addmetadata
lib3mf_model_addmetadatautf8
lib3mf_model_addtexture2d
lib3mf_model_addtexture2dutf8
lib3mf_model_get2dtextures
lib3mf_model_getbasematerialbyid
lib3mf_model_getbasematerials
lib3mf_model_getbuilditems
lib3mf_model_getcomponentsobjectbyid
lib3mf_model_getcomponentsobjects
lib3mf_model_getlanguage
lib3mf_model_getlanguageutf8
lib3mf_model_getmeshobjectbyid
lib3mf_model_getmeshobjects
lib3mf_model_getmetadatacount
lib3mf_model_getmetadatakey
lib3mf_model_getmetadatakeyutf8
lib3mf_model_getmetadatavalue
lib3mf_model_getmetadatavalueutf8
lib3mf_model_getobjects
lib3mf_model_getresourcebyid
lib3mf_model_gettexture2dbyid
lib3mf_model_gettexturestreamcount
lib3mf_model_gettexturestreampath
lib3mf_model_gettexturestreampathutf8
lib3mf_model_gettexturestreamsize
lib3mf_model_getthumbnails
lib3mf_model_getunit
lib3mf_model_mergetomodel
lib3mf_model_queryreader
lib3mf_model_querywriter
lib3mf_model_removebuilditem
lib3mf_model_removemetadata
lib3mf_model_resources
lib3mf_model_setlanguage
lib3mf_model_setlanguageutf8
lib3mf_model_setunit
lib3mf_object_createdefaultmultipropertyhandler
lib3mf_object_createdefaultpropertyhandler
lib3mf_object_getname
lib3mf_object_getnameutf8
lib3mf_object_getpartnumber
lib3mf_object_getpartnumberutf8
lib3mf_object_gettype
lib3mf_object_iscomponentsobject
lib3mf_object_ismeshobject
lib3mf_object_isvalidobject
lib3mf_object_setname
lib3mf_object_setnameutf8
lib3mf_object_setpartnumber
lib3mf_object_setpartnumberutf8
lib3mf_object_settype
lib3mf_propertyhandler_getbasematerial
lib3mf_propertyhandler_getbasematerialarray
lib3mf_propertyhandler_getcolor
lib3mf_propertyhandler_getcolorarray
lib3mf_propertyhandler_getpropertytype
lib3mf_propertyhandler_gettexture
lib3mf_propertyhandler_gettexturearray
lib3mf_propertyhandler_removeallproperties
lib3mf_propertyhandler_removeproperty
lib3mf_propertyhandler_setbasematerial
lib3mf_propertyhandler_setbasematerialarray
lib3mf_propertyhandler_setgradientcolor
lib3mf_propertyhandler_setgradientcolorarray
lib3mf_propertyhandler_setsinglecolor
lib3mf_propertyhandler_setsinglecolorarray
lib3mf_propertyhandler_setsinglecolorfloatrgb
lib3mf_propertyhandler_setsinglecolorfloatrgba
lib3mf_propertyhandler_setsinglecolorrgb
lib3mf_propertyhandler_setsinglecolorrgba
lib3mf_propertyhandler_settexture
lib3mf_propertyhandler_settexturearray
lib3mf_reader_getwarning
lib3mf_reader_getwarningcount
lib3mf_reader_readfromfile
lib3mf_reader_readfromfileutf8
lib3mf_release
lib3mf_resource_getresourceid
lib3mf_resourceiterator_clone
lib3mf_resourceiterator_getcurrent
lib3mf_resourceiterator_movenext
lib3mf_resourceiterator_moveprevious
lib3mf_texture2d_clearbox2d
lib3mf_texture2d_getbox2d
lib3mf_texture2d_getcontenttype
lib3mf_texture2d_getpath
lib3mf_texture2d_getpathutf8
lib3mf_texture2d_getstreamsize
lib3mf_texture2d_readfrombuffer
lib3mf_texture2d_readfromfile
lib3mf_texture2d_readfromfileutf8
lib3mf_texture2d_setbox2d
lib3mf_texture2d_setcontenttype
lib3mf_texture2d_setpath
lib3mf_texture2d_setpathutf8
lib3mf_texture2d_writetobuffer
lib3mf_texture2d_writetocallback
lib3mf_texture2d_writetofile
lib3mf_texture2d_writetofileutf8
lib3mf_thumbnailiterator_clone
lib3mf_thumbnailiterator_getcurrent
lib3mf_thumbnailiterator_movenext
lib3mf_thumbnailiterator_moveprevious
lib3mf_writer_writetocallback
lib3mf_writer_writetofile
lib3mf_writer_writetofileutf8

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

135f5fbb1c93fb5b9e280769d3f6942f

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

55:b7:84:18:80:7f:e5:10:d7:2d:f2:2d:74:e7:c9:09:c2:05:da:31Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xmllite

kernel32

ole32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 191KB - Virtual size: 190KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 20KB - Virtual size: 19KB

.gfids Size: 512B - Virtual size: 44B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

4c:fc:1a:5e:14:00:45:3f:59:a4:26:ca:71:f0:aa:6f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

55:b7:84:18:80:7f:e5:10:d7:2d:f2:2d:74:e7:c9:09:c2:05:da:31
Signer

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 191KB - Virtual size: 190KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 20KB - Virtual size: 19KB

.gfids
Size: 512B - Virtual size: 44B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB