d48a43d2aec94d068d3f54c0b522bea0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d48a43d2aec94d068d3f54c0b522bea0_NeikiAnalytics
Size

84KB
MD5

d48a43d2aec94d068d3f54c0b522bea0
SHA1

fb88d187e2599048dd39362e2d7f8e2b1534853f
SHA256

47a707e373836a8989d84144db5e04130c5a224ce758e3f4cbba371cc7ce7c51
SHA512

83126c2000afb9035746afd1b0d652da9aa0ae6784d173c4790b47dc0be0618a58501f483f6df3e855f4ed2dce4d0ae3739b260d71d41254aa00e24f61c72692
SSDEEP

1536:bx2pOU3tiZKgVB2EXRs4qh8LaBmmp+eNfAJlw++hhhhhhhhhhhhhhhhhhPAPslbS:Mpz3tiZVBhXR9g/Bmmoel6l2APUDgv

Score

1^/10

Malware Config

Signatures

Files

d48a43d2aec94d068d3f54c0b522bea0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

78776b872aa9e08db63c6ee0aad7a8a6

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:80:32:06:47:30:c0:30:37:44:bf:fd:0e:6f:3b:90
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

13/11/2003, 00:00

Not After

21/11/2004, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:65:ca:14:ee:07:d2:8d:f9:58:23:22:a2:50:69:64:9a:d1:91:15
Signer

Actual PE Digest

4b:65:ca:14:ee:07:d2:8d:f9:58:23:22:a2:50:69:64:9a:d1:91:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

scanmgr

GetScanManager

shlwapi

PathCanonicalizeA
PathAppendA
PathAddBackslashA
PathCombineA
PathRemoveBackslashA
PathRemoveFileSpecA
PathGetDriveNumberA
PathIsUNCA

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
OutputDebugStringA
WriteFile
EnterCriticalSection
SetFilePointer
CreateFileA
GetCurrentProcessId
GetModuleFileNameA
InitializeCriticalSection
MultiByteToWideChar
LocalFree
ReleaseMutex
GetProcAddress
lstrlenA
lstrcmpA
LocalAlloc
InterlockedExchange
FreeLibrary
GetTickCount
WaitForMultipleObjects
GetModuleHandleA
GetVersion
OpenMutexA
CreateMutexA
LoadLibraryA
Sleep
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetCurrentDirectoryA
DeleteFileA
LoadLibraryExA
GetLogicalDrives
GetFileAttributesA
SetFileApisToANSI
SetFileApisToOEM
SetErrorMode
AreFileApisANSI
SetEndOfFile
ReadFile
GetFileSize
GetStartupInfoA
GetCurrentThreadId

user32

FindWindowA
RegisterWindowMessageA
PostMessageA
IsWindow
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
CharNextA
wsprintfA
wvsprintfA
LoadStringA
IsCharAlphaA
GetDesktopWindow
CharPrevA
CharToOemBuffA
SetWindowPos
GetKeyboardType

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CLSIDFromProgID
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen

msvcp70

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

msvcr70

_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
free
__p__fmode
_vsnprintf
__set_app_type
exit
?terminate@@YAXXZ
_controlfp
_except_handler3
malloc
strcpy
strcat
time
_snprintf
__p___argc
__p___argv
??0exception@@QAE@ABV0@@Z
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_mbsrchr
_strtime
_strdate
_mbsnbcpy
_mbscmp
_mbslen
_CxxThrowException
_purecall
??3@YAXPAX@Z
swprintf
__CxxFrameHandler
??_V@YAXPAX@Z
sprintf
_splitpath
_mbschr
_mbspbrk
_mbsicmp
_mbsnbicmp
??1exception@@UAE@XZ
??0exception@@QAE@XZ

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78776b872aa9e08db63c6ee0aad7a8a6

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

76:80:32:06:47:30:c0:30:37:44:bf:fd:0e:6f:3b:90Certificate

Extended Key Usages

Key Usages

4b:65:ca:14:ee:07:d2:8d:f9:58:23:22:a2:50:69:64:9a:d1:91:15Signer

Headers

File Characteristics

Imports

scanmgr

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp70

msvcr70

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 27KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

76:80:32:06:47:30:c0:30:37:44:bf:fd:0e:6f:3b:90
Certificate

4b:65:ca:14:ee:07:d2:8d:f9:58:23:22:a2:50:69:64:9a:d1:91:15
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 27KB