5bc39607d64e9203c22f2406dee52450_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5bc39607d64e9203c22f2406dee52450_NeikiAnalytics.exe
Size

996KB
MD5

5bc39607d64e9203c22f2406dee52450
SHA1

e5b7d2fe573f0373ce55c73f56864d1fb193ecef
SHA256

d0af0f9ea42deee611473e337eabcd3a3f3b22a66e36c180736c970a41820db7
SHA512

770e9dd40a41a51428c38ac3e513f4344a22aad46d41a791d0ac86f8bb7f4b41e023b5a63d119759f22727ef317a6091fc260cff50d4654fcbd14a11a5098bd2
SSDEEP

12288:KHoXRZ6J9gOUh69d63x3u7uMmKMJYc1KJsEFIF:KHohQrUhbeCKMmk4sEFIF

Score

1^/10

Malware Config

Signatures

Files

5bc39607d64e9203c22f2406dee52450_NeikiAnalytics.exe
.dll windows:4 windows x64 arch:x64

9b14b7fa019c28e47846cb285d611b05

Code Sign

03:c6:ab:dd:e7:aa:44:0b:c1:99:0a:06:d5:34:89:db
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/03/2017, 00:00

Not After

20/03/2019, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Photoshop\, Bridge,O=Adobe Systems Incorporated,POSTALCODE=95110,STREET=345 Park Avenue,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9d:40:b3:bc:74:bd:b6:38:68:0c:b3:16:95:d2:2e:d8:e2:9b:a6:a9:7a:80:e2:5b:34:9c:b8:33:dc:7c:21:2c
Signer

Actual PE Digest

9d:40:b3:bc:74:bd:b6:38:68:0c:b3:16:95:d2:2e:d8:e2:9b:a6:a9:7a:80:e2:5b:34:9c:b8:33:dc:7c:21:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\USERS\nbtester\efi2winx86_nightly\branch-10_0\20070810_000000\dev\build_objs\efi2winx86_lib_build_d0p0flexlm\lib\libifcoremd.pdb

Imports

libmmd

tanhf
tanf
asinhf
sinhf
sinf
powf
fmodf
logf
log10f
expf
erfcf
erff
cotdf
cotf
acoshf
coshf
cosdf
cosf
ynf
y1f
y0f
jnf
j1f
j0f
atan2f
atanhf
atanf
asinf
acosdf
acosf
__truncq
__nintq
__ldexpq
__ctanhq
__ctanq
__csinhq
__csinq
__csqrtq
__clog10q
__clogq
__cexp10q
__cexpq
__ccoshq
__ccosq
__cabsq
__tandq
asindf
__cosdq
__atand2q
__asindq
__acosdq
__cotq
__tanq
__tanhq
__sqrtq
__sinq
__sinhq
__cpowq
__powiq
__powq
__fmodq
__erfq
__erfcq
__logq
__log2q
__log10q
__ynq
__y1q
__y0q
__jnq
__j1q
__j0q
__gammaq
__frexpq
__floorq
__ceilq
__expq
__exp2q
__exp10q
__cotdq
__cosq
__coshq
__cbrtq
__atan2q
__atandq
__atanq
__atanhq
__asinq
__asinhq
__acosq
__acoshq
__fabsq
atandf
tandf
sindf
exp10f
cbrtf
cabsf
ccosf
cexpf
cexp10f
clogf
clog10f
csinf
csqrtf
ctanf
acos
acosd
asin
atan
atanh
atan2
j0
j1
jn
y0
y1
yn
cos
cosd
cosh
acosh
cot
cotd
erf
erfc
exp
log10
log
fmod
pow
sin
sinh
asinh
tan
tanh
asind
atand
tand
sind
exp10
cbrt
cabs
creal
ccos
cexp
cexp10
clog
clog10
csin
csqrt
ctan
ldexp
truncf
trunc
llroundf
lroundf
lround
llround
frexpf
__sindq
frexp

msvcrt

__dllonexit
calloc
_initterm
printf
strcmp
__C_specific_handler
memcmp
strcat
_splitpath
strcpy
strlen
_snprintf
memcpy
memset
_get_osfhandle
_open_osfhandle
_getch
_kbhit
rand
_getpid
isspace
strtok
_errno
raise
memmove
time
localtime
strftime
gmtime
atol
strcspn
realloc
_aligned_malloc
_aligned_free
clock
isalnum
strncat
system
strncmp
strchr
strstr
toupper
tolower
isdigit
sscanf
_stricmp
_clearfp
__argc
__argv
_controlfp
__pxcptinfoptrs
signal
freopen
fopen
fclose
strerror
_iob
fprintf
abort
exit
vsprintf
strncpy
sprintf
getenv
malloc
free
_onexit

kernel32

ReadFile
GetLastError
SetFilePointer
DeleteFileA
WaitForSingleObject
GetVersionExA
SetThreadPriority
CreateProcessA
CloseHandle
GetStdHandle
GetLocalTime
WriteFile
FreeLibrary
FormatMessageA
LoadLibraryA
GetThreadLocale
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
SetEndOfFile
SetLastError
Sleep
GetFileType
GetCommandLineA
GetACP
SetErrorMode
SetConsoleCtrlHandler
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesA
GetCurrentThreadId
ReleaseMutex
CreateMutexA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetProcessTimes
GetCurrentProcess
VirtualFree
VirtualAlloc
SystemTimeToFileTime
FileTimeToLocalFileTime
FlushFileBuffers
DeleteCriticalSection
TerminateThread
SetEvent
ExitThread
CreateEventA
InitializeCriticalSection
CreateThread
UnmapViewOfFile
GetHandleInformation
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetFileInformationByHandle
CreateFileA
GetTempFileNameA
GetTempPathA
GetFullPathNameA
VirtualQuery
GetModuleFileNameA
GetCurrentThread

imagehlp

StackWalk64
SymCleanup
SymInitialize

Exports

Exports

COMMITQQ
FLUSHQQ
FOCUSQQ
GETCHARQQ
GETEXCEPTIONPTRSQQ
GETHANDLEQQ
GETHWNDQQ
GETSTRQQ
GETUNITQQ
GETWSIZEQQ
INQFOCUSQQ
MCLOCK
PEEKCHARQQ
RANDOM
SEED
SETWSIZEQQ
TRACEBACKQQ
_FQclearscreen
_FQdisplaycursor
_FQscrolltextwindow
_FTN_ALLOC
__FFdrand
__FFfrand
__FFgetseed
__FFirand
__FFresetseed
__FFsetseed
__msportlib_d_curpos
__msportlib_d_curpos_i8
__msportlib_d_fseek
__msportlib_d_fseek_i8
__msportlib_d_get_POSIX_fd
__msportlib_d_gethandle
__msportlib_d_readchar
__msportlib_d_writechar
__msportlib_set_posix_io_flag
_f90_alloc_private
_f90_dope_vector_init
_f90_firstprivate_copy
_f90_free_private
_f90_lastprivate_copy
_f90_reduction_final
_f90_reduction_init
_fq_gettextposition
_fq_outtext
_fq_settextposition
a_intq
a_nintq
b_abs
b_btest
b_dim
b_dnnt
b_iand
b_ibclr
b_ibits
b_ibset
b_ieor
b_ior
b_ishft
b_ishftc
b_mod
b_nint
b_not
b_sign
c_f_pointer_set_desc1
c_f_pointer_set_desc2
c_f_pointer_set_desc4
c_f_pointer_set_desc8
cvt_boolean64_to_text
cvt_boolean_to_text
cvt_boolean_to_text_ex
cvt_cray_to_ieee_double
cvt_cray_to_ieee_double_
cvt_cray_to_ieee_single
cvt_cray_to_ieee_single_
cvt_data64_to_text
cvt_data_to_text
cvt_ibm_long_to_ieee_double
cvt_ibm_long_to_ieee_double_
cvt_ibm_short_to_ieee_single
cvt_ibm_short_to_ieee_single_
cvt_ieee_double_to_cray
cvt_ieee_double_to_cray_
cvt_ieee_double_to_ibm_long
cvt_ieee_double_to_ibm_long_
cvt_ieee_double_to_vax_d
cvt_ieee_double_to_vax_d_
cvt_ieee_double_to_vax_g
cvt_ieee_double_to_vax_g_
cvt_ieee_double_to_vax_h
cvt_ieee_double_to_vax_h_
cvt_ieee_s_to_text
cvt_ieee_s_to_text_ex
cvt_ieee_single_to_cray
cvt_ieee_single_to_cray_
cvt_ieee_single_to_ibm_short
cvt_ieee_single_to_ibm_short_
cvt_ieee_single_to_vax_f
cvt_ieee_single_to_vax_f_
cvt_ieee_t_to_text
cvt_ieee_t_to_text_ex
cvt_integer64_to_text
cvt_integer_to_text
cvt_text_to_boolean
cvt_text_to_boolean64
cvt_text_to_data
cvt_text_to_data64
cvt_text_to_ieee_s
cvt_text_to_ieee_t
cvt_text_to_integer
cvt_text_to_integer64
cvt_text_to_unsigned
cvt_text_to_unsigned64
cvt_unsigned64_to_text
cvt_unsigned_to_text
cvt_vax_d_to_ieee_double
cvt_vax_d_to_ieee_double_
cvt_vax_f_to_ieee_single
cvt_vax_f_to_ieee_single_
cvt_vax_g_to_ieee_double
cvt_vax_g_to_ieee_double_
cvt_vax_h_to_ieee_double
cvt_vax_h_to_ieee_double_
d_int
d_int_val
d_nint
f90_dyncom
f_ibits1
f_ibits2
f_lanint_val
f_ldnint_val
f_lqint
f_lqnint
f_qnint
for__nt_signal_handler
for__raise
for__rtc_uninit_use
for__signal
for_abort
for_active_processes
for_adjustl
for_adjustr
for_alloc_allocatable
for_allocate
for_asynchronous
for_backspace
for_bitest
for_bitest_msf
for_bjtest
for_bjtest_msf
for_bktest
for_bktest_msf
for_bmvbits
for_c_conjg_a
for_c_cos_a
for_c_cos_v
for_c_exp10_a
for_c_exp_a
for_c_exp_v
for_c_log10_a
for_c_log_a
for_c_sin_a
for_c_sqrt_a
for_c_tan_a
for_cd_conjg_a
for_cd_cos_a
for_cd_cos_v
for_cd_exp10_a
for_cd_exp_a
for_cd_exp_v
for_cd_log10_a
for_cd_log_a
for_cd_sin_a
for_cd_sqrt_a
for_cd_tan_a
for_ceil4_v
for_ceil8_v
for_ceilh4_v
for_ceilh8_v
for_ceilk4_v
for_ceilk8_v
for_char
for_check_env_name
for_check_mult_overflow
for_check_mult_overflow64
for_close
for_concat
for_contig_array
for_cpstr
for_cpstr_eq
for_cpstr_ge
for_cpstr_gt
for_cpstr_le
for_cpstr_lt
for_cpstr_ne
for_cpusec
for_cpusec_t
for_cpystr
for_cq_abs_a
for_cq_conjg_a
for_cq_conjg_v
for_cq_cos_a
for_cq_cosh_a
for_cq_exp10_a
for_cq_exp_a
for_cq_ipow_av
for_cq_kpow_av
for_cq_log10_a
for_cq_log_a
for_cq_pow_a
for_cq_sin_a
for_cq_sinh_a
for_cq_sqrt_a
for_cq_tan_a
for_cq_tanh_a
for_d_abs_a
for_d_acos_a
for_d_acosd_a
for_d_acosh_a
for_d_asin_a
for_d_asind_a
for_d_asinh_a
for_d_atan2_a
for_d_atan2d_a
for_d_atan2d_v
for_d_atan_a
for_d_atand_a
for_d_atanh_a
for_d_besj0_a
for_d_besj1_a
for_d_besjn_a
for_d_besy0_a
for_d_besy1_a
for_d_besyn_a
for_d_cabs_a
for_d_cbrt_a
for_d_cdabs_a
for_d_cdimag_a
for_d_cos_a
for_d_cosd_a
for_d_cosh_a
for_d_cotan_a
for_d_cotand_a
for_d_creal_a
for_d_creal_v
for_d_dim_a
for_d_erf_a
for_d_erfc_a
for_d_exp10_a
for_d_exp_a
for_d_fabs_a
for_d_int_a
for_d_int_v
for_d_ipow_a
for_d_ipow_v
for_d_log10_a
for_d_log_a
for_d_mod_a
for_d_nint_a
for_d_nint_v
for_d_pow_a
for_d_pow_v
for_d_prod_a
for_d_sign_a
for_d_sin_a
for_d_sind_a
for_d_sinh_a
for_d_sqrt_a
for_d_tan_a
for_d_tand_a
for_d_tanh_a
for_date
for_date_and_time
for_date_numeric
for_dealloc_allocatable
for_deallocate
for_define_file
for_delete
for_dnum
for_emit_diagnostic
for_enable_underflow
for_endfile
for_eof
for_errsns
for_errsns_load
for_errsns_w
for_exit
for_exponent16_a
for_exponent16_v
for_exponent4_v
for_exponent8_v
for_f90_index
for_f90_scan
for_f90_verify
for_fdopen
for_find
for_floor4_v
for_floor8_v
for_floorh4_v
for_floorh8_v
for_floork4_v
for_floork8_v
for_flush
for_fp_class_s_
for_fp_class_t_
for_fp_class_x_
for_fraction16_a
for_fraction16_v
for_fraction4_v
for_fraction8_v
for_gerror_
for_get_command
for_get_fpe_
for_get_fpe_counts_
for_getarg
for_getarg_i2
for_getcmd_arg
for_getenv
for_h_qint_a
for_i1ilen
for_i1leadz
for_i1popcnt
for_i1poppar
for_i1shftc
for_i1trailz
for_i_qint_a
for_iargc
for_ichar
for_idate
for_iibclr
for_iibits
for_iibset
for_iiilen
for_iileadz
for_iipopcnt
for_iipoppar
for_iishft
for_iishftc
for_iitrailz
for_imvbits
for_index
for_index_back
for_index_ssll
for_inquire
for_inum
for_iran2_
for_is_nan_s_
for_is_nan_t_
for_is_nan_x_
for_jdate
for_jibclr
for_jibits
for_jibset
for_jiilen
for_jileadz
for_jipopcnt
for_jipoppar
for_jishft
for_jishftc
for_jitrailz
for_jmvbits
for_jnum
for_jran2_
for_k_qint_a
for_kdate
for_kibclr
for_kibits
for_kibset
for_kiilen
for_kileadz
for_kipopcnt
for_kipoppar
for_kishft
for_kishftc
for_kitrailz
for_kmvbits
for_knum
for_len_trim
for_length
for_lge
for_lge_msf_slsl
for_lge_msf_ssll
for_lge_ssll
for_lgt
for_lgt_msf_slsl
for_lgt_msf_ssll
for_lgt_ssll
for_lle
for_lle_msf_slsl
for_lle_msf_ssll
for_lle_ssll
for_llt
for_llt_msf_slsl
for_llt_msf_ssll
for_llt_ssll
for_nargs
for_nearest16_a
for_nearest16_v
for_nearest4_v
for_nearest8_v
for_open
for_pause
for_perror_
for_q_abs_a
for_q_acos_a
for_q_acosd_a
for_q_acosh_a
for_q_asin_a
for_q_asind_a
for_q_asinh_a
for_q_atan2_a
for_q_atan2d_a
for_q_atan_a
for_q_atand_a
for_q_atanh_a
for_q_besj0_a
for_q_besj1_a
for_q_besjn_a
for_q_besjn_av
for_q_besy0_a
for_q_besy1_a
for_q_besyn_a
for_q_besyn_av
for_q_cbrt_a
for_q_ceil_a
for_q_cos_a
for_q_cosd_a
for_q_cosh_a
for_q_cotan_a
for_q_cotand_a
for_q_cqabs_a
for_q_cqimag_a
for_q_cqimag_v
for_q_cqreal_a
for_q_cqreal_v
for_q_dim_a
for_q_erf_a
for_q_erfc_a
for_q_exp10_a
for_q_exp2_a
for_q_exp_a
for_q_fabs_a
for_q_floor_a
for_q_fmod_a
for_q_frexp_a
for_q_gamma_a
for_q_ipow_a
for_q_ipow_av
for_q_kpow_a
for_q_kpow_av
for_q_ldexp_a
for_q_ldexp_av
for_q_log10_a
for_q_log2_a
for_q_log_a
for_q_mod_a
for_q_pow_a
for_q_prod_a
for_q_sign_a
for_q_sin_a
for_q_sind_a
for_q_sinh_a
for_q_sqrt_a
for_q_tan_a
for_q_tand_a
for_q_tanh_a
for_qnum
for_r_abs_a
for_r_acos_a
for_r_acosd_a
for_r_acosh_a
for_r_asin_a
for_r_asind_a
for_r_asinh_a
for_r_atan2_a
for_r_atan2d_a
for_r_atan2d_v
for_r_atan_a
for_r_atand_a
for_r_atanh_a
for_r_besj0_a
for_r_besj1_a
for_r_besjn_a
for_r_besy0_a
for_r_besy1_a
for_r_besyn_a
for_r_cabs_a
for_r_cbrt_a
for_r_cimag_a
for_r_cos_a
for_r_cosd_a
for_r_cosh_a
for_r_cotan_a
for_r_cotand_a
for_r_creal_a
for_r_creal_v
for_r_dim_a
for_r_dint_a
for_r_dnint_a
for_r_dsqrt_a

Sections

.text
Size: 818KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b14b7fa019c28e47846cb285d611b05

Code Sign

03:c6:ab:dd:e7:aa:44:0b:c1:99:0a:06:d5:34:89:dbCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

9d:40:b3:bc:74:bd:b6:38:68:0c:b3:16:95:d2:2e:d8:e2:9b:a6:a9:7a:80:e2:5b:34:9c:b8:33:dc:7c:21:2cSigner

Headers

File Characteristics

PDB Paths

Imports

libmmd

msvcrt

kernel32

imagehlp

Exports

Exports

Sections

.text Size: 818KB - Virtual size: 817KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 10KB - Virtual size: 104KB

.pdata Size: 12KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 17KB - Virtual size: 17KB

03:c6:ab:dd:e7:aa:44:0b:c1:99:0a:06:d5:34:89:db
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9d:40:b3:bc:74:bd:b6:38:68:0c:b3:16:95:d2:2e:d8:e2:9b:a6:a9:7a:80:e2:5b:34:9c:b8:33:dc:7c:21:2c
Signer

.text
Size: 818KB - Virtual size: 817KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 10KB - Virtual size: 104KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 17KB - Virtual size: 17KB