9a62efae2856b3303d4595a1f2c902b0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

9a62efae2856b3303d4595a1f2c902b0_NeikiAnalytics
Size

4.7MB
MD5

9a62efae2856b3303d4595a1f2c902b0
SHA1

9b81588cd8065578fa3f5ac8037908edff82b16b
SHA256

ba9e55994165dc91924f058d53877106b4fe5bdd886f1e1eb347bafeffeaf3a5
SHA512

1d28531d811d4e4d60c306e64e50c0005e13515cc65373c8a1f367f29fdbf7dea679188883a83d1f71ee2f5daa0cba0b48f838c59349000bcfee87cf963ff88c
SSDEEP

98304:teCECAnpRGowHPmVgtYXwj56dSXXahK9aZQ+3QuNR6RbXx7vI9PHq:teiUIPA+sdSXXahKMZQ+3QuNR6h9KPHq

Score

1^/10

Malware Config

Signatures

Files

9a62efae2856b3303d4595a1f2c902b0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

e33185d99fa9e383da36dbfece6e4d89

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:33:f2:87:09:e2:63:de:83:af:fd:88:3e:39:b9:12
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/06/2011, 00:00

Not After

20/06/2013, 23:59

Subject

CN=Google Inc.,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc.,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb

Imports

shlwapi

StrRetToBufW
SHDeleteKeyA
SHDeleteValueA
AssocQueryStringW

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetSetStatusCallback
InternetCrackUrlA
DeleteUrlCacheEntry
InternetGoOnline
InternetGetConnectedStateEx
InternetQueryOptionA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetErrorDlg
HttpQueryInfoA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetGetConnectedState
InternetSetOptionA

kernel32

CreateDirectoryA
FindNextFileA
GetFileAttributesExW
CreateDirectoryExA
CopyFileW
GetDateFormatW
MoveFileW
GetTimeFormatW
MoveFileExW
RemoveDirectoryW
CopyFileA
QueryPerformanceFrequency
LockFileEx
UnlockFileEx
GetFileSize
SetFilePointerEx
GetFileSizeEx
SetFileAttributesW
FindFirstFileExA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
MulDiv
lstrcmpW
GetThreadLocale
FindFirstFileExW
FindFirstFileA
IsProcessorFeaturePresent
ExitThread
FormatMessageA
GlobalMemoryStatusEx
QueryPerformanceCounter
GetCommandLineW
ExitProcess
GetLastError
GetLongPathNameA
GetLongPathNameW
CreateMutexA
FindClose
ResetEvent
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
OpenProcess
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
Sleep
OpenMutexA
SetEvent
CloseHandle
CreateEventA
GetShortPathNameA
InterlockedCompareExchange
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
VirtualProtect
GlobalAlloc
GlobalLock
GlobalUnlock
FindNextFileW
lstrcmpA
lstrlenW
IsDBCSLeadByte
FlushInstructionCache
lstrcmpiA
DisableThreadLibraryCalls
lstrlenA
GetProcessTimes
Module32Next
Module32First
CreateToolhelp32Snapshot
GlobalFree
GetSystemDefaultLCID
GetSystemInfo
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
RtlUnwind
SetHandleCount
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
MultiByteToWideChar
ReadFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
TerminateThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
VirtualQuery
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DebugBreak
GetSystemDirectoryA
SearchPathA
GetVersion
OutputDebugStringA
LoadLibraryExA
SetErrorMode
LocalFree
GetModuleFileNameW
GetWindowsDirectoryA
GetDriveTypeA
SetFileTime
FindResourceA
SizeofResource
LoadResource
LockResource
GetShortPathNameW
CreateFileW
GetTempPathW
GetTempPathA
MoveFileA
CreateProcessW
MoveFileExA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
CopyFileExW
MoveFileWithProgressW
CopyFileExA
MoveFileWithProgressA
GetModuleHandleW
LoadLibraryW
LoadLibraryExW
GetFileAttributesW
GetFileAttributesA
RemoveDirectoryA
CreateDirectoryW
SetFileAttributesA
DeleteFileW
CreateDirectoryExW
DeleteFileA
GetFileAttributesExA
FindFirstFileW
CreateProcessA
CreateThread

user32

PeekMessageA
GetCursorPos
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
GetAsyncKeyState
SetActiveWindow
LoadCursorA
SetCursor
GetWindow
GetCursor
UnregisterClassW
SetClassLongA
InsertMenuItemA
GetClassInfoA
GetMenuItemInfoA
SetClassLongW
SetWindowTextA
AppendMenuA
SetWindowTextW
DialogBoxParamW
MessageBoxA
DialogBoxParamA
SendMessageW
SetDlgItemTextW
SetDlgItemTextA
DefWindowProcW
CreateDialogParamW
DefWindowProcA
LoadStringA
CreateDialogParamA
CreateWindowExW
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
CreateWindowExA
MessageBoxW
RegisterClassA
SetWindowLongW
GetWindowLongW
UnregisterClassA
SetMenuItemInfoA
CallWindowProcW
RegisterClassW
SetMenu
ReleaseCapture
GetActiveWindow
PostQuitMessage
BeginPaint
EndPaint
IsWindowVisible
SetCapture
GetTopWindow
InvalidateRect
GetMenu
ScreenToClient
RedrawWindow
FindWindowExA
SetMenuInfo
TrackPopupMenu
CreatePopupMenu
EmptyClipboard
SetClipboardData
OpenClipboard
CloseClipboard
DialogBoxIndirectParamW
RemovePropA
InvalidateRgn
RegisterWindowMessageA
GetClassInfoExA
IsChild
DestroyAcceleratorTable
RegisterClassExA
CharNextA
CreateAcceleratorTableA
GetSysColor
SetPropA
DialogBoxIndirectParamA
SetTimer
KillTimer
GetPropA
LoadIconA
EndDialog
EnumThreadWindows
SetWindowsHookExA
IsWindow
FlashWindowEx
CallNextHookEx
UnhookWindowsHookEx
ShowCursor
GetWindowRect
GetWindowTextW
GetWindowTextLengthW
GetWindowTextA
SystemParametersInfoA
SetWindowPos
LoadImageA
GetDlgItem
IsIconic
ClientToScreen
GetDesktopWindow
GetDC
GetForegroundWindow
ReleaseDC
GetWindowPlacement
AdjustWindowRect
EnableMenuItem
CheckMenuItem
GetSystemMetrics
DrawIcon
DestroyIcon
GetClientRect
DestroyWindow
GetFocus
EnableWindow
GetClassLongA
SetFocus
GetWindowTextLengthA
SendMessageA
MessageBeep
CreateDialogIndirectParamA
GetParent
FindWindowA
EnumWindows
GetClassNameA
GetWindowLongA
DrawTextW
GetScrollBarInfo
IsWindowEnabled
ShowWindow
SetForegroundWindow
FillRect
UpdateWindow
AdjustWindowRectEx
CallWindowProcA
MoveWindow
EnumChildWindows
SetParent
GetKeyState
PostMessageA
SetWindowLongA
DestroyMenu

gdi32

GetTextExtentPoint32A
CreateCompatibleBitmap
GetICMProfileA
ExtTextOutA
TextOutA
GetTextExtentPoint32W
ExtTextOutW
TextOutW
GetObjectA
GetKerningPairsA
GetGlyphOutlineA
DeleteDC
SelectObject
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
BitBlt
Rectangle
CreatePen
GetStockObject
SetStretchBltMode
DeleteObject
GetOutlineTextMetricsA
GetTextMetricsA
CreateFontIndirectA
GetGlyphOutlineW
SetBkMode
CreateSolidBrush

shell32

ExtractIconExA
SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
DragAcceptFiles
SHChangeNotify
SHFileOperationW
DragQueryFileA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExW
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderW
SHGetSpecialFolderPathA
DragQueryFileW
ShellExecuteA
ShellExecuteExA

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemRealloc
OleInitialize
CoTaskMemAlloc
OleUninitialize
CoResumeClassObjects
CoRegisterClassObject

oleaut32

SysFreeString
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicturePath
SysStringByteLen
SysAllocStringLen
VariantInit
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
LoadTypeLi
VarBstrCat
VariantClear

comctl32

PropertySheetW
CreatePropertySheetPageW
PropertySheetA
CreatePropertySheetPageA
ord6
InitCommonControlsEx

mscms

GetColorDirectoryA

urlmon

CoInternetGetSession
URLDownloadToFileW
URLDownloadToFileA
FindMimeFromData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wintrust

WinVerifyTrust

ws2_32

htons
ntohl
ntohs
gethostbyname
htonl

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueA
CryptGenRandom
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextA
RegCreateKeyExW
RegCloseKey
CryptReleaseContext

Exports

Exports

JSON_parser_char
JSON_parser_done
JSON_parser_is_legal_white_space_string
delete_JSON_parser
init_JSON_config
new_JSON_parser

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 496KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e33185d99fa9e383da36dbfece6e4d89

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0d:33:f2:87:09:e2:63:de:83:af:fd:88:3e:39:b9:12Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

mscms

urlmon

version

wintrust

ws2_32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 496KB - Virtual size: 493KB

.data Size: 104KB - Virtual size: 423KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0d:33:f2:87:09:e2:63:de:83:af:fd:88:3e:39:b9:12
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 496KB - Virtual size: 493KB

.data
Size: 104KB - Virtual size: 423KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB