595e6ce4e9e04537a4dd83e6ad80fe60_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

595e6ce4e9e04537a4dd83e6ad80fe60_NeikiAnalytics.exe
Size

1.8MB
MD5

595e6ce4e9e04537a4dd83e6ad80fe60
SHA1

13f2924980af87658c8413413ce555866348c6f2
SHA256

bb0e9fd1c2e5aeab504eb1d6678e4d818ab57a0625b771dc496c37038ae34cd2
SHA512

3d3aaa0c1a0e9a8b0258a48ee0660b88b83e7c2561b4441fb32f50395537d27c52f9715bcc2fe4041c8c4aa699151bee57afb691bfed8bfc93f7276673ddeef1
SSDEEP

24576:zXE5YYn5sPxA+gPTDl+aZIKM0Hxgm6tZdC3/XlqIXm4:zXtY0q7kw6UPlqW

Score

1^/10

Malware Config

Signatures

Files

595e6ce4e9e04537a4dd83e6ad80fe60_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

62213bfc3bd520fb39fccbeea67d4916

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:d9:b9:d3:87:80:93:2d:d1:cb:c5:8a:2a:d2:8b:1c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/07/2015, 00:00

Not After

06/08/2017, 23:59

Subject

CN=NCH Software,O=NCH Software,L=Canberra,ST=Australian Capital Territory,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:45:6a:2f:29:a1:f0:55:78:2f:95:c5:c3:d3:54:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

24/01/2016, 00:00

Not After

06/10/2017, 23:59

Subject

CN=NCH Software,O=NCH Software,L=Canberra,ST=Australian Capital Territory,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:ab:be:e8:aa:58:38:5b:00:00:00:00:55:91:7a:09
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

01/09/2015, 18:15

Not After

01/12/2026, 18:45

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:ca:bd:50:49:75:cf:5e:d3:90:a6:a1:b8:22:cb:d3:f6:8b:e0:1c:a5:bc:ae:50:4b:c9:5b:38:39:c6:86:fa
Signer

Actual PE Digest

5f:ca:bd:50:49:75:cf:5e:d3:90:a6:a1:b8:22:cb:d3:f6:8b:e0:1c:a5:bc:ae:50:4b:c9:5b:38:39:c6:86:fa

Digest Algorithm

sha256

PE Digest Matches

true

fc:8f:3d:80:a6:04:bb:2f:f5:98:67:fe:10:f2:cb:92:1f:ef:e8:1f
Signer

Actual PE Digest

fc:8f:3d:80:a6:04:bb:2f:f5:98:67:fe:10:f2:cb:92:1f:ef:e8:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sourcecode\burn\release\ExpressBurn.pdb

Imports

kernel32

HeapFree
GetDriveTypeW
GetThreadPriority
PeekNamedPipe
ProcessIdToSessionId
GetCurrentProcessId
OpenFileMappingW
FreeResource
TerminateProcess
LocalFree
GlobalLock
GetPrivateProfileStringW
UnmapViewOfFile
DeviceIoControl
LoadResource
GetProcAddress
GetFileSize
LocalAlloc
MapViewOfFile
GlobalAlloc
ExitProcess
lstrcpyW
GetDiskFreeSpaceExW
SetEndOfFile
GetEnvironmentVariableW
GetPrivateProfileSectionNamesW
IsValidLocale
GetProcessHeap
GetSystemInfo
GlobalFree
VerifyVersionInfoW
QueryPerformanceCounter
SetEnvironmentVariableW
LoadLibraryExW
MultiByteToWideChar
SetUnhandledExceptionFilter
SetFilePointer
CreateToolhelp32Snapshot
lstrcmpW
FileTimeToSystemTime
WideCharToMultiByte
CancelIo
GetExitCodeProcess
WTSGetActiveConsoleSessionId
CopyFileW
CreateFileMappingW
GetPrivateProfileIntW
CreateMutexW
GetCurrentThread
SetEvent
ReleaseMutex
SetLastError
Process32FirstW
GetStartupInfoW
GetUserDefaultLCID
VirtualQuery
GetCurrentProcess
LocalFileTimeToFileTime
SetThreadPriority
GetSystemTime
LoadLibraryW
MoveFileExW
LockResource
GetTickCount
GlobalSize
QueryPerformanceFrequency
GetStdHandle
GetFileAttributesA
VerSetConditionMask
DuplicateHandle
LoadLibraryA
CreateThread
HeapAlloc
OpenProcess
GetCommandLineW
GetLocaleInfoA
GetComputerNameW
GetModuleHandleW
lstrlenA
InterlockedDecrement
CreatePipe
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleFileNameW
GetLogicalDriveStringsW
FindResourceW
GetCurrentThreadId
WaitForMultipleObjects
GlobalUnlock
GetShortPathNameW
Process32NextW
GetLastError
SizeofResource
FileTimeToLocalFileTime
SystemTimeToFileTime
MoveFileW
Sleep
DeleteFileW
ResetEvent
RemoveDirectoryW
FindNextFileW
GetVersionExW
GetFileTime
CreateDirectoryW
ReadFile
EnterCriticalSection
WriteFile
CreateEventW
GetLocaleInfoW
FindFirstFileW
GetFileSizeEx
GetVersionExA
GlobalMemoryStatusEx
CreateFileW
LeaveCriticalSection
SetFileAttributesW
GetFileAttributesW
FindClose
CreateProcessW
DeleteCriticalSection
InitializeCriticalSection
GetTempPathW
WaitForSingleObject
SetFilePointerEx
CloseHandle
FreeLibrary
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
InterlockedIncrement
UnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
GetModuleFileNameA
TlsGetValue
TlsAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
GetFileType
SetHandleCount
TlsSetValue
TlsFree
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
RaiseException
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
HeapSize
GetStringTypeW
GetStringTypeA

advapi32

FreeSid
RegEnumKeyW
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
RegEnumKeyExW
RegDeleteValueW
GetSidSubAuthority
GetAce
GetUserNameW
RegSetValueExW
InitializeAcl
RegEnumValueW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
RegCreateKeyExW
InitializeSecurityDescriptor
InitializeSid
DuplicateTokenEx
RegQueryInfoKeyW
GetSidLengthRequired
RegQueryValueExW
SetFileSecurityW

comctl32

ImageList_GetImageCount
ImageList_Destroy
_TrackMouseEvent
ImageList_DragEnter
ImageList_DrawEx
ImageList_Create
ord17
ImageList_BeginDrag
ImageList_GetIconSize
ImageList_EndDrag
PropertySheetW
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_Remove
ImageList_GetImageInfo
ImageList_DragMove
ImageList_Merge
ImageList_Add
InitCommonControlsEx
ImageList_AddMasked
ImageList_ReplaceIcon

comdlg32

GetOpenFileNameW
GetSaveFileNameW

gdi32

CreateCompatibleDC
CreateFontIndirectW
GetObjectW
SetBkMode
CreateSolidBrush
ExtTextOutW
CreateFontW
SetTextColor
SelectObject
GetTextExtentPoint32W
StretchBlt
DeleteObject
CreateDIBSection
SetDIBitsToDevice
Polygon
GetCurrentObject
CreatePen
LineTo
CreateDIBitmap
GetTextMetricsW
SetTextAlign
Rectangle
GetDIBits
SetViewportExtEx
AddFontResourceExW
CreateCompatibleBitmap
GetBkMode
MoveToEx
CreateBitmap
GetViewportExtEx
GetStockObject
PolyTextOutW
SetDIBits
PolyDraw
SetBrushOrgEx
GetTextFaceW
GetWindowExtEx
TextOutW
Polyline
GetDeviceCaps
SetBkColor
CreatePatternBrush
BitBlt
SetWindowExtEx
SetPixel
DeleteDC

msacm32

acmStreamUnprepareHeader
acmFormatDetailsW
acmStreamOpen
acmFormatTagEnumW
acmFormatEnumW
acmDriverOpen
acmDriverDetailsW
acmStreamSize
acmStreamClose
acmDriverClose
acmDriverEnum
acmStreamConvert
acmStreamPrepareHeader

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoGetMalloc
CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeSecurity

oleaut32

OleLoadPicturePath
VariantInit
OleLoadPicture
SysAllocString
OleCreatePropertyFrame
VariantClear
SysAllocStringLen
SysFreeString

shell32

SHGetFileInfoW
SHGetFolderPathW
DragQueryFileW
ShellExecuteW
SHParseDisplayName
SHBrowseForFolderW
DragAcceptFiles
Shell_NotifyIconW
ShellExecuteExW
SHGetPathFromIDListW
SHCreateShellItem
DragFinish
SHGetMalloc
ord155
SHChangeNotify
CommandLineToArgvW
ord680
DragQueryPoint

shlwapi

SHDeleteKeyW
SHDeleteEmptyKeyW

user32

MessageBoxW
GetDlgItem
GetClientRect
PostMessageW
MonitorFromRect
GetMenu
GetWindowPlacement
RemovePropW
BeginPaint
DestroyMenu
SetDlgItemInt
IsWindowVisible
SetWindowPlacement
MonitorFromWindow
GetKeyState
SetTimer
GetDesktopWindow
GetScrollInfo
IsIconic
IsWindowEnabled
LoadCursorW
RegisterWindowMessageW
InflateRect
CallWindowProcW
GetWindowTextLengthW
GetComboBoxInfo
FrameRect
PostQuitMessage
EnableWindow
DrawIconEx
UpdateWindow
AllowSetForegroundWindow
GetKeyboardState
GetCapture
SetMenuItemInfoW
SetForegroundWindow
SetWindowsHookExW
GetAncestor
wsprintfW
MapWindowPoints
CloseClipboard
GetKeyNameTextW
WindowFromDC
CharUpperW
SetCapture
GetSubMenu
SetWindowPos
FlashWindowEx
InsertMenuW
MonitorFromPoint
MapVirtualKeyW
PeekMessageW
GetSystemMetrics
IsDialogMessageW
IsClipboardFormatAvailable
GetWindowDC
GetDlgItemInt
IsWindow
MsgWaitForMultipleObjects
RegisterClassW
CheckRadioButton
GetMessageW
GetMenuInfo
GetDlgItemTextW
CreateDialogParamW
GetDlgCtrlID
GetSysColor
DialogBoxIndirectParamW
GetSysColorBrush
IsCharAlphaW
ModifyMenuW
InsertMenuItemW
CreateWindowExW
SetActiveWindow
GetClipboardData
keybd_event
ScrollWindowEx
GetAsyncKeyState
DispatchMessageW
GetWindow
UnhookWindowsHookEx
CreateDialogIndirectParamW
GetFocus
GetForegroundWindow
RemoveMenu
GetClassNameW
TranslateMessage
CopyImage
FindWindowW
SystemParametersInfoW
SetMenuInfo
EndDialog
CheckMenuItem
DrawFocusRect
SetMenuDefaultItem
GetMenuBarInfo
EndMenu
SetDlgItemTextW
SetMenu
OpenClipboard
DrawEdge
GetClassNameA
GetMessagePos
ReleaseCapture
WaitForInputIdle
SendMessageW
DestroyWindow
DeleteMenu
IsDlgButtonChecked
DrawTextW
InvalidateRect
KillTimer
GetMonitorInfoW
ScreenToClient
EndPaint
SetCursor
GetWindowRect
GetWindowLongW
DefWindowProcW
SetPropW
AppendMenuW
GetWindowTextW
GetMenuItemCount
DialogBoxParamW
MapDialogRect
DrawTextExW
GetIconInfo
SetWindowLongW
GetCursor
FillRect
IsZoomed
GetDC
GetCursorInfo
DrawStateW
SetFocus
CheckDlgButton
MoveWindow
GetMenuItemInfoW
CreatePopupMenu
SetWindowTextW
ClientToScreen
GetParent
RedrawWindow
LoadImageW
GetPropW
EnableMenuItem
SetScrollInfo
TrackPopupMenu
CallNextHookEx
DestroyIcon
SendDlgItemMessageW
ShowWindow
ReleaseDC

winmm

waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutPause
waveOutOpen
waveOutGetPosition
waveOutGetNumDevs
waveOutReset
waveOutWrite

ws2_32

ntohs
recv
ioctlsocket
__WSAFDIsSet
WSAStartup
WSAGetLastError
gethostbyname
closesocket
setsockopt
select
htons
inet_addr
socket
send
connect

netapi32

NetUserGetInfo
NetApiBufferFree

gdiplus

GdipSetImagePalette
GdipSetInterpolationMode
GdipDisposeImage
GdipSetPixelOffsetMode
GdipGetImagePixelFormat
GdipCreateImageAttributes
GdipSetImageAttributesWrapMode
GdipImageGetFrameDimensionsCount
GdipGetPropertyCount
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipGetImageEncodersSize
GdipGetImageWidth
GdipSaveImageToStream
GdipGetImageVerticalResolution
GdipDisposeImageAttributes
GdipBitmapSetResolution
GdipCloneImage
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipSetCompositingMode
GdipBitmapUnlockBits
GdipGetPropertyIdList
GdipBitmapLockBits
GdipGetPropertyItemSize
GdipGetImageEncoders
GdipGetImageHorizontalResolution
GdipGetImageGraphicsContext
GdipImageSelectActiveFrame

msimg32

GradientFill
AlphaBlend

iphlpapi

GetAdaptersAddresses

wininet

InternetQueryOptionA
InternetGetConnectedState

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62213bfc3bd520fb39fccbeea67d4916

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

58:d9:b9:d3:87:80:93:2d:d1:cb:c5:8a:2a:d2:8b:1cCertificate

Extended Key Usages

Key Usages

75:45:6a:2f:29:a1:f0:55:78:2f:95:c5:c3:d3:54:98Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d2:ab:be:e8:aa:58:38:5b:00:00:00:00:55:91:7a:09Certificate

Extended Key Usages

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

5f:ca:bd:50:49:75:cf:5e:d3:90:a6:a1:b8:22:cb:d3:f6:8b:e0:1c:a5:bc:ae:50:4b:c9:5b:38:39:c6:86:faSigner

fc:8f:3d:80:a6:04:bb:2f:f5:98:67:fe:10:f2:cb:92:1f:ef:e8:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

netapi32

gdiplus

msimg32

iphlpapi

wininet

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 298KB - Virtual size: 298KB

.data Size: 64KB - Virtual size: 79KB

.rsrc Size: 354KB - Virtual size: 353KB

.reloc Size: 62KB - Virtual size: 62KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

58:d9:b9:d3:87:80:93:2d:d1:cb:c5:8a:2a:d2:8b:1c
Certificate

75:45:6a:2f:29:a1:f0:55:78:2f:95:c5:c3:d3:54:98
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d2:ab:be:e8:aa:58:38:5b:00:00:00:00:55:91:7a:09
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

5f:ca:bd:50:49:75:cf:5e:d3:90:a6:a1:b8:22:cb:d3:f6:8b:e0:1c:a5:bc:ae:50:4b:c9:5b:38:39:c6:86:fa
Signer

fc:8f:3d:80:a6:04:bb:2f:f5:98:67:fe:10:f2:cb:92:1f:ef:e8:1f
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 298KB - Virtual size: 298KB

.data
Size: 64KB - Virtual size: 79KB

.rsrc
Size: 354KB - Virtual size: 353KB

.reloc
Size: 62KB - Virtual size: 62KB