dc9b40568153c3c886d2bbbd2c93fc70_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

dc9b40568153c3c886d2bbbd2c93fc70_NeikiAnalytics
Size

665KB
MD5

dc9b40568153c3c886d2bbbd2c93fc70
SHA1

a5a68b6af8884d3c05edee8a72e8732dc94d0010
SHA256

6f7576f5faa20dd73e9fe49df6ca252c060f46dcd4a2252242f0893352a19bc0
SHA512

c9d23e6d055a8f53eb7b7cd431adab09bcc009184a4234f6bdab5abfee346a8a395340ca6ed8fb0cbcb04a6c69ae8167e0c89e4cc9411fa344d2607d02e90beb
SSDEEP

12288:DySqm9HBJye0iJg+wbRiI6bouwyeV+Q5TCkTfZ9gPTlh:Ddz0j+wdaUEeV+gTfZOTlh

Score

1^/10

Malware Config

Signatures

Files

dc9b40568153c3c886d2bbbd2c93fc70_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

431af110646351de93fe8e83d146774b

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:15:de:9a:b2:0f:9c:29:6a:62:42:71:51:eb:3c:f9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11-08-2014 00:00

Not After

10-08-2016 23:59

Subject

CN=RHUB Communications\, Inc.,O=RHUB Communications\, Inc.,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\RHUB2\PCSetup\Release.V2012\PCSetup.pdb

Imports

kernel32

SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetTickCount
GetCommandLineW
IsProcessorFeaturePresent
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
CreateThread
ExitThread
HeapFree
FindFirstFileExW
GetDriveTypeW
GetSystemTimeAsFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
VirtualAlloc
ReadFile
GetStdHandle
GetProcessHeap
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
SetStdHandle
GetStringTypeW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableA
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
InterlockedIncrement
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToSystemTime
MulDiv
LocalFree
GlobalUnlock
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GlobalLock
InterlockedExchange
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
GetSystemDirectoryW
GetVersion
SetLastError
DecodePointer
EncodePointer
OutputDebugStringA
InterlockedDecrement
GetACP
OutputDebugStringW
lstrlenW
lstrcpyW
lstrcmpiW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileTime
SetFilePointer
WriteFile
GetFileSize
IsDebuggerPresent
GetCurrentThreadId
RaiseException
GetCurrentProcessId
VirtualQuery
FreeLibrary
CreateMutexW
ReleaseMutex
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryPerformanceFrequency
QueryPerformanceCounter
FindNextFileW
FindFirstFileW
CreateFileW
GetTempPathA
GetTempFileNameA
DeleteFileA
RemoveDirectoryW
CreateProcessW
FindClose
GetCurrentThread
TerminateProcess
GetLongPathNameW
GlobalFree
GlobalAlloc
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateEventW
CloseHandle
SetEvent
SetThreadPriority
GetFileAttributesW
CreateDirectoryW
GetTempPathW
WideCharToMultiByte
FormatMessageW
GetVersionExW
CopyFileW
DeleteFileW
SetFileAttributesW
GetModuleHandleW
LoadLibraryW
GetSystemInfo
Sleep
WaitForSingleObject
GetLastError
GetCurrentProcess
OpenProcess
GetProcAddress
FindResourceW
GetModuleFileNameW
SizeofResource
LoadResource
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
VirtualProtect
LockResource

user32

MessageBeep
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
SetCapture
CharUpperW
KillTimer
SetTimer
DestroyMenu
LoadCursorW
GetSysColorBrush
GetSystemMetrics
RealChildWindowFromPoint
UnregisterClassW
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
MoveWindow
ShowWindow
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SetWindowContextHelpId
SetCursor
GetCursorPos
TranslateMessage
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextW
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
SetWindowPos
DestroyWindow
IsChild
IsWindow
PostThreadMessageW
RegisterClipboardFormatW
CreateWindowExW
GetClassInfoExW
MapDialogRect
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
UnhookWindowsHookEx
GetParent
SendDlgItemMessageA
wsprintfW
wvsprintfW
FindWindowW
MessageBoxW
GetActiveWindow
GetWindowThreadProcessId
GetClassNameW
LoadIconW
LoadBitmapW
OffsetRect
GetWindowRect
GetClientRect
InvalidateRect
EnableWindow
ReleaseCapture
GetCapture
PostQuitMessage
SendMessageW
PeekMessageW
DispatchMessageW
GetMessageW
GetClassInfoW
PostMessageW
CallNextHookEx

gdi32

GetBkColor
GetTextColor
GetRgnBox
GetMapMode
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
CreateRoundRectRgn
SetMapMode
SetBkMode
SelectObject
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
GetDeviceCaps
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
FrameRgn
CreateSolidBrush

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

GetTokenInformation
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
FreeSid
AllocateAndInitializeSid
EqualSid
OpenThreadToken
ImpersonateSelf
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW

comctl32

ord17

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripPathW
PathStripToRootW

ole32

CoInitialize
CoCreateInstance
OleInitialize
OleUninitialize
CoUninitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

ws2_32

gethostname
WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSAAddressToStringW
gethostbyname
socket
shutdown
setsockopt
send
recv
inet_ntoa
inet_addr
htons
connect
WSAStartup
WSAGetLastError
closesocket

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

HttpSendRequestW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
InternetOpenW
HttpQueryInfoA
HttpSendRequestA
InternetOpenA
InternetErrorDlg
DetectAutoProxyUrl
InternetConnectA
InternetReadFileExA
InternetQueryOptionA
InternetSetOptionA
InternetConnectW
HttpOpenRequestA

urlmon

URLDownloadToFileA

Sections

.text
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

431af110646351de93fe8e83d146774b

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

6f:15:de:9a:b2:0f:9c:29:6a:62:42:71:51:eb:3c:f9Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

oleacc

wininet

urlmon

Sections

.text Size: 406KB - Virtual size: 405KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 35KB - Virtual size: 82KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 63KB - Virtual size: 63KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

6f:15:de:9a:b2:0f:9c:29:6a:62:42:71:51:eb:3c:f9
Certificate

.text
Size: 406KB - Virtual size: 405KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 35KB - Virtual size: 82KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 63KB - Virtual size: 63KB