f01be8e026a8a6ba87424e42ea4f82b0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f01be8e026a8a6ba87424e42ea4f82b0_NeikiAnalytics.exe
Size

237KB
MD5

f01be8e026a8a6ba87424e42ea4f82b0
SHA1

2d992c71d9e913d44a38492f73fae48fea98d5f4
SHA256

4beab202dda47efdb672828e7adb57fc26cfa98feb3a34a98b3c81b596bb15b1
SHA512

9ca665b5373ddcdab42ffefc137bac9a1642f34ec41a7be5e2f1845c17a77d3d02a49c274eefcc376627381f740ba54cb393be9496248aacf700bf9a57b34e30
SSDEEP

6144:ZAxjJgu4RnjvJZmkBeZejA2aS+hni9bT3U:WxVguujvbmkU+Z+hEbTk

Score

1^/10

Malware Config

Signatures

Files

f01be8e026a8a6ba87424e42ea4f82b0_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

44f633dee5f92ed6f837a3cb8a461583

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:ca:e6
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/02/2009, 14:18

Not After

03/02/2012, 14:18

Subject

CN=Software Imaging Group Limited,O=Software Imaging Group Limited,L=Oxford,ST=N/A,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:51:6b:18:b0:58:d1:7a:a2:c8:3d:ef:32:b6:6f:1d:23:51:f6:5a
Signer

Actual PE Digest

bb:51:6b:18:b0:58:d1:7a:a2:c8:3d:ef:32:b6:6f:1d:23:51:f6:5a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\CDA\CDA_REL_050203\Sources\CDA\Src\Core\JobFinishing\JFPLAYER\x64\NT5 Release\JFPLAYNT.pdb

Imports

msimg32

GradientFill
TransparentBlt

gdi32

GetTextFaceW
SetTextAlign
SetTextJustification
SelectObject
ExtCreatePen
SetROP2
DeleteObject
LineTo
RestoreDC
MoveToEx
SaveDC
CombineRgn
CreateRectRgnIndirect
LPtoDP
GetClipRgn
CreateRectRgn
SelectClipPath
SetPolyFillMode
SelectClipRgn
CreateDIBSection
DeleteDC
PlgBlt
ScaleWindowExtEx
SetWindowOrgEx
GetWindowOrgEx
SetBrushOrgEx
SetStretchBltMode
CreateCompatibleDC
SetColorAdjustment
GetColorAdjustment
GetStretchBltMode
CreatePen
StretchBlt
StretchDIBits
BitBlt
SetBkColor
SetTextColor
SetDIBits
CreateBitmap
MaskBlt
ExtEscape
StartDocW
SetICMMode
SetAbortProc
CreateDCW
GetOutlineTextMetricsW
GetTextMetricsW
CreateFontIndirectW
RemoveFontResourceA
EnumFontsW
GetDeviceCaps
AddFontResourceA
CreateScalableFontResourceA
SetGraphicsMode
ModifyWorldTransform
SetWorldTransform
GetViewportExtEx
SetViewportExtEx
EndPage
EndDoc
ResetDCW
StartPage
CreateICW
GetWindowExtEx
SetViewportOrgEx
SetWindowExtEx
SetMapMode
CreateSolidBrush
GetStockObject
CreateHatchBrush
CreateDIBPatternBrushPt
GetDIBits
GetObjectW
CloseFigure
PolyBezierTo
PolylineTo
PatBlt
PolyDraw
GetBkMode
GetROP2
EndPath
BeginPath
FillPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SetBkMode
ExtTextOutW
SetTextCharacterExtra

user32

SendMessageW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
LoadIconW
LoadImageW
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
PostQuitMessage
GetFocus
MessageBoxW
LoadStringW
wsprintfW
PostMessageW
SetRect
UpdateWindow

kernel32

SetConsoleCtrlHandler
EnterCriticalSection
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
GetTimeZoneInformation
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
FatalAppExitA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
RaiseException
Sleep
LoadLibraryW
MulDiv
GetLastError
lstrcpynW
CreateFileA
ReadFile
WriteFile
SetFilePointer
DeleteFileA
CloseHandle
GetTempFileNameA
GetTempPathA
GlobalLock
GlobalAlloc
FreeLibrary
GlobalFree
GlobalUnlock
GlobalHandle
GetFileSize
CreateFileW
lstrlenW
lstrcmpW
WaitForSingleObject
LoadLibraryA
GetCommandLineA
GetVersionExW
GetStartupInfoW
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
FlsSetValue
FlsGetValue
CreateThread
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringA
GetCPInfo
GetACP
GetOEMCP
LCMapStringW
MultiByteToWideChar
RtlUnwindEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lictext
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44f633dee5f92ed6f837a3cb8a461583

Code Sign

03:01Certificate

Key Usages

e2:ca:e6Certificate

Extended Key Usages

Key Usages

bb:51:6b:18:b0:58:d1:7a:a2:c8:3d:ef:32:b6:6f:1d:23:51:f6:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

gdi32

user32

kernel32

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 7KB - Virtual size: 12KB

.pdata Size: 10KB - Virtual size: 9KB

.lictext Size: 512B - Virtual size: 64B

.rsrc Size: 2KB - Virtual size: 1KB

03:01
Certificate

e2:ca:e6
Certificate

bb:51:6b:18:b0:58:d1:7a:a2:c8:3d:ef:32:b6:6f:1d:23:51:f6:5a
Signer

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 12KB

.pdata
Size: 10KB - Virtual size: 9KB

.lictext
Size: 512B - Virtual size: 64B

.rsrc
Size: 2KB - Virtual size: 1KB