d8e291d836addb98e3e413ce6c664d20_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

d8e291d836addb98e3e413ce6c664d20_NeikiAnalytics
Size

2.5MB
MD5

d8e291d836addb98e3e413ce6c664d20
SHA1

4944674c404a96e00932bb05a3b08f697ab5a72b
SHA256

ba7ed5effdbb1902b769b16cf65a613f7a27b0c7e9a849d6799cdca246e910bd
SHA512

d5fc7c40e14c93a0a5d482f04ca13d199b2782b2f6f16a7296e0586d21f2d230a5af96fd96318bfa8dc3f5b1ec6d6fe36b4b31ef2fde1823146067b880cd82a8
SSDEEP

49152:yPjhnkby+iB9NgJCLbvbWKql/EPQq8hw3vuLkgLbmm+HRqsizXkjP0l:Yhnk/ilSKbvbWxqywmLv6nriWP0l

Score

1^/10

Malware Config

Signatures

Files

d8e291d836addb98e3e413ce6c664d20_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

b79a2e9b945e7165b2166fa98e7c2334

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:04:13:09:fb:49:17:a7:3c:47:40:51:5b:00:f1:4c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

08/09/2010, 00:00

Not After

08/09/2012, 23:59

Subject

CN=eSellerate,OU=SECURE APPLICATION DEVELOPMENT,O=eSellerate,L=Lincoln,ST=Nebraska,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:24:fa:92:65:eb:1b:74:c8:7d:eb:cc:27:c0:69:de:f9:4e:7b:7c
Signer

Actual PE Digest

b9:24:fa:92:65:eb:1b:74:c8:7d:eb:cc:27:c0:69:de:f9:4e:7b:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\ben\My Documents\Visual Studio Projects\Est\WrapperStub\Release\WrapperStub.pdb

Imports

wininet

InternetSetCookieA

kernel32

CompareFileTime
FreeLibrary
GetLastError
CloseHandle
GetExitCodeProcess
Sleep
OpenProcess
SetLastError
GetProcAddress
LoadLibraryA
GetVersion
GetFileAttributesA
FindFirstFileA
_lwrite
_lread
CreateProcessA
lstrlenA
lstrcatA
HeapFree
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceA
RemoveDirectoryA
_lclose
_lcreat
CreateDirectoryA
DeleteFileA
GetTempFileNameA
GetTempPathA
_llseek
_lopen
GetModuleFileNameA
SetStdHandle
GetSystemInfo
VirtualProtect
GetLocaleInfoA
VirtualQuery
GetProcessHeap
HeapAlloc
HeapReAlloc
FlushFileBuffers
FormatMessageA
HeapSize
lstrcpyA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
RtlUnwind
InterlockedExchange

user32

PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b79a2e9b945e7165b2166fa98e7c2334

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

46:04:13:09:fb:49:17:a7:3c:47:40:51:5b:00:f1:4cCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

b9:24:fa:92:65:eb:1b:74:c8:7d:eb:cc:27:c0:69:de:f9:4e:7b:7cSigner

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 16KB - Virtual size: 12KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

46:04:13:09:fb:49:17:a7:3c:47:40:51:5b:00:f1:4c
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

b9:24:fa:92:65:eb:1b:74:c8:7d:eb:cc:27:c0:69:de:f9:4e:7b:7c
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 16KB - Virtual size: 12KB