a656ef89eba696f321beb02118b3bb30_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a656ef89eba696f321beb02118b3bb30_NeikiAnalytics.exe
Size

470KB
MD5

a656ef89eba696f321beb02118b3bb30
SHA1

2bffbc028c222fdc53f93ae7d52cd9567d48f96c
SHA256

5a87e453153eaa706da60cc82292e77d455d318f51d486a85e2c8ef354ef2e2c
SHA512

96806d6377ac5faafafe65d2e9921b53520d5f116ba9bb89b62c2f472fe7ba28f156c65f7459282cc443c7a498e38b3708f376d0472f9d100c13654a295b9713
SSDEEP

1536:On7/OGTKlsWTEYYKiUyxR6J5GQJLYsWDcdtGRMZ3faJRaCAd1uhNRkJRaCAd1uhN:IvWTEtnxxR6J5GwLvtGRMZ3fW4lKn4

Score

1^/10

Malware Config

Signatures

Files

a656ef89eba696f321beb02118b3bb30_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

fb01fe164304064d155dd6e1e713b230

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:5e:f1:cc:a5:f1:59:9e:e0:f4:f0:60:9e:8f:ce:b2:2e:16:eb:7c
Signer

Actual PE Digest

52:5e:f1:cc:a5:f1:59:9e:e0:f4:f0:60:9e:8f:ce:b2:2e:16:eb:7c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\Target\x86\ship\click2run\x-none\dvdsetup.pdb

Imports

kernel32

FindFirstFileExW
GetLastError
FormatMessageW
FindClose
VirtualQuery
VirtualProtect
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
GetModuleFileNameW
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
LoadLibraryExA

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb01fe164304064d155dd6e1e713b230

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6fCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

52:5e:f1:cc:a5:f1:59:9e:e0:f4:f0:60:9e:8f:ce:b2:2e:16:eb:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 325KB - Virtual size: 325KB

.reloc Size: 72KB - Virtual size: 148KB

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

52:5e:f1:cc:a5:f1:59:9e:e0:f4:f0:60:9e:8f:ce:b2:2e:16:eb:7c
Signer

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 325KB - Virtual size: 325KB

.reloc
Size: 72KB - Virtual size: 148KB