ef5581c6af921c8b174559e2f0a7ec10_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ef5581c6af921c8b174559e2f0a7ec10_NeikiAnalytics.exe
Size

1.7MB
MD5

ef5581c6af921c8b174559e2f0a7ec10
SHA1

5c5da748db2fafa988f75d605062ed03b755dcc2
SHA256

f844ba2ce6fd79cb1f85fae56b742057741a9226ca6ca9749ae956d84c76313c
SHA512

921ebb1e05fe60e6dab81e52c1044b1e1134ff5525367e933e5f4591b959d710f0908588fb1acc83323e0efcfe0138d0cf36f05eda1ef3dfc1f120d1af1a1763
SSDEEP

49152:SsjOavChCqZ4AymaKo0itazqu+Uk26UmUdVrzl/yH7Wit5fYCEz:1OavChv4AoKo0aaz7+Uk26NUrd/W7Wi

Score

1^/10

Malware Config

Signatures

Files

ef5581c6af921c8b174559e2f0a7ec10_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

d22f5896c4a761d0e0076380f801e177

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:85:b8:b4:7c:28:b3:b2:13:a9:65:d2:42:87:a4:fd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10/05/2018, 00:00

Not After

09/06/2019, 23:59

Subject

CN=(주)호넷,OU=IT Team,O=(주)호넷,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\svn_local\웹하드\filehon_new_Multi\src\Client-Thread\Down\Release\ftras.pdb

Imports

urlmon

URLDownloadToFileA

user32

DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
GetNextDlgGroupItem
LoadImageA
GetIconInfo
IsClipboardFormatAvailable
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
TranslateMDISysAccel
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
UnregisterClassA
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
CopyIcon
GetWindowRgn
CharUpperBuffA
GetDoubleClickTime
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
MonitorFromPoint
UnionRect
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageA
WaitMessage
MessageBeep
SetMenuDefaultItem
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
FindWindowA
GetSysColor
SetCursor
UpdateWindow
InvalidateRect
RedrawWindow
LoadIconA
SetTimer
KillTimer
EnableWindow
GetClassInfoA
EnableScrollBar
CharUpperA
DestroyIcon
IsIconic
DeleteMenu
IntersectRect
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
RealChildWindowFromPoint
GetSystemMetrics
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ShowOwnedPopups
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendMessageA
ReplyMessage
GetKeyState
LoadIconW
RegisterWindowMessageA
PostMessageA
MessageBoxA
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
LoadCursorA
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetWindowPos
ExitWindowsEx
ShowScrollBar
IsWindowVisible
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
PtInRect
CopyRect
SetWindowLongA
GetWindowLongA
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetWindowRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoExA
CreateWindowExA
GetClientRect
ValidateRect

kernel32

DecodePointer
RaiseException
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapSetInformation
GetStartupInfoW
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitProcess
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
GetStdHandle
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeW
CompareStringW
WriteConsoleW
GetCurrentDirectoryW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
EncodePointer
FindFirstFileExA
RtlUnwind
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
SetErrorMode
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
GetFullPathNameA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpiA
GetCurrentDirectoryA
GetACP
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
ResumeThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
ActivateActCtx
DeactivateActCtx
lstrcmpW
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindResourceA
GetUserDefaultLangID
FreeResource
GetExitCodeThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
WriteFile
SetFilePointer
TerminateThread
SetEvent
CreateEventA
GetTickCount
DeleteCriticalSection
Sleep
InitializeCriticalSection
lstrlenA
GetCommandLineA
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
LoadResource
LockResource
SizeofResource
FindResourceW
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceA
lstrcmpA
lstrcpyA
WideCharToMultiByte
GetCurrentThreadId
GetVolumeInformationA
CreateDirectoryA
FindFirstFileA
FindClose
GetDiskFreeSpaceExA
CreateFileA
DeleteFileA
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
GetExitCodeProcess
GetVersionExA
FreeLibrary
GetProcAddress
CreateRemoteThread
GetLastError
LoadLibraryA
SetLastError
CloseHandle
WaitForSingleObject

gdi32

CreateSolidBrush
GetStockObject
OffsetRgn
DeleteObject
SetPixelV
GetTextFaceA
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExA
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
CreateFontIndirectA
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32A
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
CreateBitmap
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetObjectA

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegConnectRegistryA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueA
OpenProcessToken

shell32

SHBrowseForFolderA
SHAppBarMessage
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathA
ShellExecuteExA

comctl32

ImageList_GetIconSize

shlwapi

StrFormatByteSize64A
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathGetArgsA

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

SysAllocString
VarBstrFromDate
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString

ws2_32

WSAStartup
WSACleanup
closesocket
WSAGetLastError
select
connect
htons
inet_addr
socket
__WSAFDIsSet
recv
WSASocketA
WSAConnect
setsockopt
WSAWaitForMultipleEvents
WSASend
WSARecv

gdiplus

GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

nat

ord5
ord21
ord18
ord6
ord15
ord16
ord17
ord23
ord22

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

wininet

InternetConnectA
HttpSendRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
DeleteUrlCacheEntry

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d22f5896c4a761d0e0076380f801e177

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:85:b8:b4:7c:28:b3:b2:13:a9:65:d2:42:87:a4:fdCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

user32

kernel32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

gdiplus

version

nat

oleacc

wininet

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 24KB - Virtual size: 54KB

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 167KB - Virtual size: 166KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:85:b8:b4:7c:28:b3:b2:13:a9:65:d2:42:87:a4:fd
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 24KB - Virtual size: 54KB

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 167KB - Virtual size: 166KB