062a50cef780ece2ece68e8fc3bc8e20_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

062a50cef780ece2ece68e8fc3bc8e20_NeikiAnalytics
Size

1.2MB
MD5

062a50cef780ece2ece68e8fc3bc8e20
SHA1

8ef63e715420b240946eb4841bfdd82f403b037c
SHA256

5d677c2bd8224cf0f835c5969754a50a75ebfb4001f62de16d4989e50c27247e
SHA512

3ff5eb12b043f363d203fbeca92f5fa7b5e609d71ad41de2d4ece36b8cedb2ddcfdf068d405694d9bd049a8d763cce7c70c2700f5ebe3b1eaaa60356de8877dc
SSDEEP

24576:QJ2FDOxlS0GvI8Vj9a+PGZ8aErlagQTzDV3lvhbdX5AiMuGsyGCvGUl/5bNy8ZT1:QdW76ssEaK

Score

1^/10

Malware Config

Signatures

Files

062a50cef780ece2ece68e8fc3bc8e20_NeikiAnalytics
.dll windows:6 windows x86 arch:x86

4b44983c4a2ceba54106544aa0444f50

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08-05-2015 00:00

Not After

06-06-2018 23:59

Subject

CN=Tenorshare Co.\,Ltd.,O=Tenorshare Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:82:91:86:92:c9:a1:78:ae:4a:cf:88:03:72:3c:ea:6c:cf:64:76
Signer

Actual PE Digest

84:82:91:86:92:c9:a1:78:ae:4a:cf:88:03:72:3c:ea:6c:cf:64:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\John\Documents\Visual Studio 2008\Projects\lib_ts_data_system\build\Debug\data_filesys_raw.pdb

Imports

data_logconfig

ord1

data_arch

ord18
ord100
ord12
ord20
ord21
ord4
ord1
ord27
ord22
ord19

kernel32

TlsSetValue
EncodePointer
SetEndOfFile
CreateFileW
SetStdHandle
FlushFileBuffers
GetStringTypeW
HeapQueryInformation
HeapSize
HeapReAlloc
CreateDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
CloseHandle
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
DecodePointer
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapValidate
GetSystemInfo
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
GetACP
GetStdHandle
GetFileType
ReadFile
GetConsoleMode
ReadConsoleW
SetFilePointerEx
MoveFileExW
GetTimeZoneInformation
WriteFile
GetConsoleCP
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
WaitForSingleObjectEx
SetConsoleCtrlHandler
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

raw_file_system_check
raw_recovery_scheme
ts_init_raw

Sections

.text
Size: 976KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b44983c4a2ceba54106544aa0444f50

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

84:82:91:86:92:c9:a1:78:ae:4a:cf:88:03:72:3c:ea:6c:cf:64:76Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

data_logconfig

data_arch

kernel32

Exports

Exports

Sections

.text Size: 976KB - Virtual size: 975KB

.rdata Size: 186KB - Virtual size: 185KB

.data Size: 15KB - Virtual size: 21KB

.idata Size: 4KB - Virtual size: 3KB

.gfids Size: 1024B - Virtual size: 992B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:fc:1e:4b:bb:cf:bb:b7:ae:84:4e:a4:50:ca:f1:f3
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

84:82:91:86:92:c9:a1:78:ae:4a:cf:88:03:72:3c:ea:6c:cf:64:76
Signer

.text
Size: 976KB - Virtual size: 975KB

.rdata
Size: 186KB - Virtual size: 185KB

.data
Size: 15KB - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 1024B - Virtual size: 992B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 34KB