bb66d60904fccb330293c99acf35cfc0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

bb66d60904fccb330293c99acf35cfc0_NeikiAnalytics
Size

536KB
MD5

bb66d60904fccb330293c99acf35cfc0
SHA1

08a1a283e9e6200d123ff08df19813b74e7feb1f
SHA256

d69cf231a3d7f31749fd762f0bc33600f4da49d0f80b0c2275d07769f6d64de8
SHA512

36c68540b3e1ab753f0e85925d2a2415009e62c4c53cc8c2a186096e938c5c9b778418cc8ba605710af0651cb6033da72065ffcec97af0c0b256d98f0eb024ea
SSDEEP

12288:lsxbV/M7Tuugu9zEW4hLmSi8eKe5atDEcP3Utzz7p/YQOHz3z:OLSuug4ERh6Si8eHwQ5qTHz3z

Score

1^/10

Malware Config

Signatures

Files

bb66d60904fccb330293c99acf35cfc0_NeikiAnalytics
.dll regsvr32 windows:4 windows x86 arch:x86

be7c9c56d4edaf8424066ca063eb6457

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

0a:42:eb
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

21/05/2003, 16:41

Not After

20/05/2004, 16:41

Subject

CN=Bytefusion Ltd.,OU=SecEx Business Group,O=Bytefusion Ltd.,L=Douglas,ST=Isle of Man,C=UK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

da:c1:b2:8f:c3:eb:dd:e1:6c:3f:60:2a:95:9d:15:2d:95:bb:e3:9b
Signer

Actual PE Digest

da:c1:b2:8f:c3:eb:dd:e1:6c:3f:60:2a:95:9d:15:2d:95:bb:e3:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4930
ord4935
ord4659
ord4925
ord4988
ord4909
ord4668
ord4667
ord4666
ord4648
ord4689
ord4908
ord4654
ord5023
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4643
ord4738
ord4409
ord4603
ord4741
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord5008
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord6376
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord800
ord723
ord860
ord3946
ord540
ord423
ord3626
ord3663
ord641
ord609
ord795
ord690
ord2414
ord4299
ord5336
ord2764
ord1200
ord2541
ord2998
ord4949
ord2086
ord4459
ord861
ord2956
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord3148
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord5280
ord3597
ord2575
ord4396
ord4548
ord4594
ord3402
ord4627
ord3721
ord3619
ord3573
ord389
ord567
ord324
ord2302
ord4234
ord537
ord1641
ord4710
ord2860
ord5207
ord6453
ord2652
ord6215
ord1669
ord2379
ord668
ord858
ord3178
ord2781
ord2770
ord941
ord5710
ord356
ord3698
ord765
ord4275
ord755
ord5875
ord6172
ord2818
ord470
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord815
ord6194
ord5785
ord1640
ord323
ord4129
ord809
ord2614
ord556
ord1929
ord1088
ord2122
ord6199
ord3874
ord2864
ord5981
ord6358
ord535
ord3797
ord2859
ord5572
ord2915
ord926
ord6197
ord561
ord3670
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord3401
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4521
ord4768
ord4903
ord4650
ord4113
ord4660
ord4661
ord4707
ord5649
ord2876
ord3868
ord4705
ord5150
ord1963
ord2953
ord5213
ord4920
ord2137
ord6002
ord5674
ord4856
ord2156
ord4342
ord4639
ord4687
ord1693
ord994
ord5618
ord1226
ord2439
ord1210
ord446
ord1177
ord743
ord3278
ord3681
ord3353
ord6365
ord5498
ord4472
ord2687
ord3326
ord6364
ord1877
ord2486
ord4249
ord1243
ord823
ord1227
ord599
ord1168
ord1216
ord3952
ord6354
ord2724
ord3574
ord825
ord6374
ord2514
ord640
ord1577
ord1182
ord1570
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1131
ord1197
ord342
ord1575
ord6412
ord1176
ord1116
ord1132

msvcrt

gmtime
??1type_info@@UAE@XZ
fgets
_mbsinc
exit
_mbschr
_get_osfhandle
_mbsrchr
_onexit
localtime
mblen
tolower
calloc
mktime
__dllonexit
_initterm
_adjust_fdiv
memcmp
_beginthread
_strupr
_isatty
_chmod
putc
fflush
longjmp
realloc
strncmp
_isctype
__mb_cur_max
_pctype
malloc
_iob
free
_setjmp3
setlocale
strncpy
printf
sprintf
memcpy
_beginthreadex
strstr
abs
_ftol
_write
time
strcat
fopen
fclose
memset
fwrite
strlen
strcmp
wcslen
wcsncpy
_EH_prolog
__CxxFrameHandler
_unlink
_open
_strnicmp
_setmode
_mkdir
_stat
_tzset
_lseek
_read
_close
_putenv
_fileno

kernel32

SetVolumeLabelA
FindFirstFileA
GetFullPathNameA
FindNextFileA
FileTimeToLocalFileTime
CreateFileA
GetVolumeInformationA
GetLastError
SetFileTime
SetFileAttributesA
SetEndOfFile
GetVersion
SetFilePointer
ResetEvent
GlobalAlloc
SetEvent
GlobalLock
GlobalUnlock
ResumeThread
GlobalFree
CloseHandle
MulDiv
lstrcatA
lstrlenA
CreateEventA
lstrcpyA
GetWindowsDirectoryA
WinExec
FreeLibrary
DeleteFileA
LoadLibraryA
LoadResource
LockResource
FindResourceA
TerminateThread
WaitForSingleObject
SizeofResource
GetTempPathA
Sleep
ReleaseMutex
GetDriveTypeA
GetLocaleInfoA
CreateMutexA
GetFileTime
FileTimeToSystemTime
GetFileAttributesA
HeapFree
GetProcessHeap
LeaveCriticalSection
lstrcpynA
lstrcmpiA
EnterCriticalSection
InterlockedExchange
HeapAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetCurrentProcess
FindClose

user32

UpdateWindow
SetCursor
PtInRect
ReleaseCapture
InvalidateRect
SetCapture
GrayStringA
DrawTextA
TabbedTextOutA
SetRect
GetClientRect
FillRect
GetSysColor
ReleaseDC
InflateRect
GetDC
MessageBoxA
SetTimer
SendMessageA
PeekMessageA
PostQuitMessage
ScreenToClient
GetParent
GetWindowRect
CopyIcon
LoadCursorA
MessageBeep
wsprintfA
KillTimer
ShowCursor
CharToOemA
OemToCharA
EnableWindow
IsWindow

gdi32

GetTextExtentPointA
DeleteDC
DeleteObject
GetDeviceCaps
ExtTextOutA
GetStockObject
Escape
PtVisible
TextOutA
RectVisible
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
GetObjectA
SelectObject

advapi32

OpenProcessToken
LookupPrivilegeValueA
GetSecurityDescriptorControl
GetKernelObjectSecurity
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidAcl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
RegQueryValueA
RegCloseKey
IsValidSid
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
LoadRegTypeLi

msvcp50

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be7c9c56d4edaf8424066ca063eb6457

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

0a:42:ebCertificate

Extended Key Usages

01Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

da:c1:b2:8f:c3:eb:dd:e1:6c:3f:60:2a:95:9d:15:2d:95:bb:e3:9bSigner

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp50

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 9KB - Virtual size: 14KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 389KB - Virtual size: 389KB

.reloc Size: 8KB - Virtual size: 8KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

0a:42:eb
Certificate

01
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

da:c1:b2:8f:c3:eb:dd:e1:6c:3f:60:2a:95:9d:15:2d:95:bb:e3:9b
Signer

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 9KB - Virtual size: 14KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 389KB - Virtual size: 389KB

.reloc
Size: 8KB - Virtual size: 8KB