56a1c01646f4e1ef23997f45dd294d3f0a11cd51bad93e459af5bb6625c3febc_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

56a1c01646f4e1ef23997f45dd294d3f0a11cd51bad93e459af5bb6625c3febc_NeikiAnalytics
Size

4.3MB
MD5

c6a37a264ea922618c1718f8b15e3b80
SHA1

347d54e936de40e6423b9699b2c3c624e6198db4
SHA256

56a1c01646f4e1ef23997f45dd294d3f0a11cd51bad93e459af5bb6625c3febc
SHA512

67d2a487e0212bb51d341d2b9ce8765579114348626e30a64797f141a7aeb8001572739858960547c39564d3bd68a9823c8e2f3e37827ae3211e7b1bb4c89a07
SSDEEP

49152:w2wTBl8iSBOfHfhc9p4HV8pnKVZzJL2P3CUKuW4:wHTBl8bBOf6p4HV8wV/y3CUKa

Score

1^/10

Malware Config

Signatures

Files

56a1c01646f4e1ef23997f45dd294d3f0a11cd51bad93e459af5bb6625c3febc_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

43e6eb129a2fb171d07fbab7adf1558c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:72:f6:d5:e5:59:56:34:97:f3:53:31:5b:4e:81:47
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/10/2018, 00:00

Not After

25/03/2019, 12:00

Subject

SERIALNUMBER=126 018 657,CN=NCH Software Pty Ltd,O=NCH Software Pty Ltd,L=Canberra,ST=Australian Capital Territory,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:91:a2:fc:02:74:51:63:ea:42:9b:65:fd:1d:8a:ff
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/03/2016, 00:00

Not After

25/03/2019, 12:00

Subject

SERIALNUMBER=126 018 657,CN=NCH Software Pty Ltd,O=NCH Software Pty Ltd,POSTALCODE=2601,STREET=19 Barry Drive,L=Canberra,ST=Australian Capital Territory,C=AU,1.3.6.1.4.1.311.60.2.1.3=#13024155,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:70:e6:69:a8:59:23:11:00:00:00:00:55:91:da:dd
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

01/06/2018, 15:43

Not After

01/09/2029, 16:13

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:4a:4a:8c:d8:9b:d5:62:27:a5:1f:ee:4f:60:69:46:32:31:b8:91:f3:e5:97:5e:da:bb:65:72:71:28:3d:b5
Signer

Actual PE Digest

d2:4a:4a:8c:d8:9b:d5:62:27:a5:1f:ee:4f:60:69:46:32:31:b8:91:f3:e5:97:5e:da:bb:65:72:71:28:3d:b5

Digest Algorithm

sha256

PE Digest Matches

false

ca:f3:e1:b1:c3:df:4a:b2:c5:58:46:95:a4:1c:6c:c5:c6:82:4d:d5
Signer

Actual PE Digest

ca:f3:e1:b1:c3:df:4a:b2:c5:58:46:95:a4:1c:6c:c5:c6:82:4d:d5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sourcecode\photopad\release\PhotoPad.pdb

Imports

kernel32

GetSystemTime
GlobalLock
HeapFree
GetPrivateProfileStringW
GetModuleFileNameA
SizeofResource
SetEndOfFile
GlobalHandle
SetCurrentDirectoryW
GetFileTime
LoadResource
SetFilePointer
GetCommandLineW
TerminateProcess
CreateMutexW
CreateToolhelp32Snapshot
SetLastError
GetModuleFileNameW
DuplicateHandle
ProcessIdToSessionId
QueryPerformanceCounter
FileTimeToLocalFileTime
GetProcessHeap
SetEnvironmentVariableW
LoadLibraryExW
SetUnhandledExceptionFilter
QueryPerformanceFrequency
GetPrivateProfileIntW
GetLocaleInfoW
GetPrivateProfileSectionNamesW
VirtualQuery
GetEnvironmentVariableW
LocalFree
GetShortPathNameW
GetStdHandle
lstrcpyW
CancelIo
LocalAlloc
ResumeThread
FindClose
GetCurrentProcessId
GetUserDefaultLCID
MoveFileExW
GlobalSize
CreateNamedPipeW
GetDiskFreeSpaceExW
GetDriveTypeW
Process32NextW
CreatePipe
FormatMessageW
GetCurrentProcess
HeapAlloc
FindResourceW
GetCPInfo
CopyFileW
UnmapViewOfFile
GetVersionExA
GetStartupInfoW
FileTimeToSystemTime
ExitProcess
SetThreadPriority
PeekNamedPipe
Process32FirstW
GetExitCodeProcess
WaitNamedPipeW
FreeResource
GlobalAlloc
LockResource
lstrlenA
SetEnvironmentVariableA
CompareStringW
CreateThread
MapViewOfFile
ConnectNamedPipe
InterlockedDecrement
OpenFileMappingW
RemoveDirectoryW
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetComputerNameW
GetTimeZoneInformation
GetOverlappedResult
GlobalUnlock
GetFileAttributesW
WaitForMultipleObjects
CreateEventW
OpenProcess
GetCurrentDirectoryW
EnterCriticalSection
Sleep
FindNextFileW
GetLastError
WideCharToMultiByte
GetCurrentThread
GetVersionExW
SetEvent
WriteFile
WaitForSingleObject
CreateFileW
InitializeCriticalSection
ResetEvent
ReadFile
LeaveCriticalSection
CloseHandle
MultiByteToWideChar
GetCurrentThreadId
GetSystemInfo
CreateDirectoryW
GlobalMemoryStatusEx
DisconnectNamedPipe
FreeLibrary
GetFileSizeEx
VerSetConditionMask
GetTickCount
GetLogicalDriveStringsW
FindFirstFileW
GetThreadPriority
SetFileAttributesW
GetProcAddress
LoadLibraryW
DeleteFileW
LoadLibraryA
GetTempPathW
FlushFileBuffers
MulDiv
SetFilePointerEx
VerifyVersionInfoW
CreateProcessW
DeleteCriticalSection
GlobalFree
ReleaseMutex
GetSystemTimeAsFileTime
InterlockedIncrement
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
HeapSize
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
GetConsoleMode
GetConsoleCP
RtlUnwind
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
HeapReAlloc
LCMapStringA
LCMapStringW
RaiseException
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetLocaleInfoA

advapi32

DuplicateTokenEx
GetAce
AddAccessAllowedAce
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegOpenKeyW
RegEnumValueW
RegSetKeySecurity
SetFileSecurityW
RegQueryInfoKeyW
CryptDeriveKey
CryptDuplicateKey
CryptDestroyKey
RegQueryValueExW
CryptDestroyHash
InitializeSecurityDescriptor
CryptAcquireContextW
SetSecurityDescriptorDacl
RegEnumKeyExW
OpenProcessToken
CryptHashData
GetUserNameW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
GetSidSubAuthority
CryptEncrypt
CryptDecrypt
InitializeAcl
CryptCreateHash
GetSidLengthRequired
InitializeSid
RegEnumKeyW

comctl32

CreatePropertySheetPageW
InitCommonControlsEx
PropertySheetW
_TrackMouseEvent
ImageList_GetIcon
ImageList_Replace
ImageList_Destroy
ImageList_BeginDrag
ImageList_Create
ImageList_GetImageCount
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_DragEnter
ord17
ImageList_Merge
ImageList_EndDrag
ImageList_GetIconSize
ImageList_AddMasked
ImageList_Add
ImageList_GetImageInfo

comdlg32

CommDlgExtendedError
PrintDlgW
GetOpenFileNameW
GetSaveFileNameW

gdi32

CreateDIBitmap
EndPage
GetObjectW
GetTextExtentPoint32W
CreateSolidBrush
CreateFontW
CreateFontIndirectW
StretchDIBits
StartDocW
SetBkMode
SetBkColor
BitBlt
Polygon
CreatePatternBrush
GetStockObject
SetTextColor
StartPage
DeleteObject
CreateCompatibleBitmap
GetDeviceCaps
MoveToEx
SetBrushOrgEx
GetDIBColorTable
EndDoc
CreatePen
TextOutW
GetCurrentObject
DeleteDC
ExtTextOutW
CreateCompatibleDC
SelectObject
GetTextMetricsW
CreateRectRgnIndirect
SetWindowExtEx
GetDIBits
GetTextCharset
GetBkMode
CreateDCW
SetPixel
CreateRectRgn
GetObjectA
EnumFontFamiliesExW
SetStretchBltMode
GetTextMetricsA
CombineRgn
SetViewportExtEx
StretchBlt
SetDIBitsToDevice
CreateBrushIndirect
CreateBitmap
SetBitmapBits
SetTextAlign
Polyline
GetWindowExtEx
CreateDIBSection
SetDIBits
SetDCBrushColor
GetViewportExtEx
GetBitmapBits
LineTo

ole32

CoCreateInstance
CoInitializeSecurity
OleSetContainedObject
StgCreateDocfile
CoGetMalloc
CoSetProxyBlanket
CLSIDFromString
CoUninitialize
CoTaskMemAlloc
OleCreate
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit
OleLoadPicture
OleCreatePropertyFrame
SysAllocStringLen
OleLoadPicturePath

shell32

ord155
ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconW
SHEmptyRecycleBinW
CommandLineToArgvW
SHBrowseForFolderW
SHChangeNotify
SHParseDisplayName
SHCreateShellItem
DragAcceptFiles
DragQueryFileW
SHGetPathFromIDListW
ShellExecuteA
ord680
SHGetMalloc
ShellExecuteExW
DragFinish

shlwapi

SHDeleteKeyW
StrCmpLogicalW
PathCompactPathExW
SHDeleteEmptyKeyW

user32

WaitForInputIdle
VkKeyScanW
CheckDlgButton
GetSysColor
GetAsyncKeyState
TrackPopupMenu
IsWindowVisible
SetLayeredWindowAttributes
DestroyCursor
EndPaint
FillRect
SendMessageW
GetSystemMetrics
ReleaseCapture
GetWindowPlacement
SetPropW
GetScrollInfo
EnableWindow
SetWindowsHookExW
CreateWindowExW
LoadIconW
SetWindowLongW
GetCursorInfo
UpdateWindow
UnhookWindowsHookEx
SetClassLongW
GetDC
LoadImageW
IsWindow
IsDlgButtonChecked
SystemParametersInfoW
RegisterClassW
IsZoomed
GetDesktopWindow
PtInRect
DestroyWindow
MapWindowPoints
GetWindowTextLengthW
GetCursor
CreateDialogIndirectParamW
ClientToScreen
DestroyIcon
IsIconic
FrameRect
CreatePopupMenu
EnableMenuItem
InvalidateRect
SetScrollInfo
BeginPaint
SetMenu
DialogBoxParamW
RemovePropW
GetForegroundWindow
SetWindowTextW
RedrawWindow
OpenClipboard
SetMenuInfo
SetForegroundWindow
GetComboBoxInfo
SetMenuDefaultItem
PeekMessageW
EmptyClipboard
FlashWindowEx
CheckMenuItem
EndDialog
ShowScrollBar
GetAncestor
IsDialogMessageW
SetDlgItemTextW
GetMenuItemInfoW
DrawIconEx
CreateIconIndirect
IsClipboardFormatAvailable
FindWindowExW
GetParent
SetClipboardData
IsWindowEnabled
FindWindowW
MapDialogRect
EqualRect
CallNextHookEx
RegisterClipboardFormatW
DispatchMessageW
GetMonitorInfoW
AllowSetForegroundWindow
WindowFromPoint
PostQuitMessage
GetClipboardData
GetPriorityClipboardFormat
GetKeyNameTextW
keybd_event
EndMenu
GetSubMenu
WindowFromDC
MonitorFromWindow
OffsetRect
GetIconInfo
wsprintfW
InsertMenuW
IsCharAlphaW
SetWindowPlacement
GetWindowTextW
DrawEdge
GetActiveWindow
UnregisterClassW
SetMenuItemInfoW
GetMenuInfo
MonitorFromRect
GetMenuItemCount
GetClassNameA
GetSysColorBrush
MsgWaitForMultipleObjects
DialogBoxIndirectParamW
DrawStateW
ChildWindowFromPoint
GetWindow
ValidateRect
GetDlgItemTextW
EnumChildWindows
CountClipboardFormats
TranslateMessage
GetMessageW
DrawTextExW
InflateRect
DrawFocusRect
GetWindowThreadProcessId
InsertMenuItemW
CloseClipboard
AdjustWindowRectEx
MapVirtualKeyW
EnumDisplayMonitors
GetClassInfoW
InvalidateRgn
GetMenuBarInfo
GetKeyboardState
GetDlgCtrlID
PostMessageW
GetDialogBaseUnits
GetScrollBarInfo
SetActiveWindow
ScreenToClient
DeleteMenu
GetCapture
SetTimer
GetWindowRect
GetPropW
GetMenu
CallWindowProcW
GetWindowDC
RemoveMenu
ScrollWindowEx
SetFocus
MoveWindow
SetWindowPos
ShowWindow
CopyImage
GetFocus
GetDlgItem
DrawTextW
CreateDialogParamW
SetCursor
KillTimer
GetWindowLongW
SendDlgItemMessageW
DefWindowProcW
GetNextDlgGroupItem
MessageBoxW
DestroyMenu
ModifyMenuW
GetClassNameW
ReleaseDC
GetClientRect
SetCapture
GetKeyState
LoadCursorW
AppendMenuW

ws2_32

ntohs
WSAGetLastError
__WSAFDIsSet
htons
connect
send
inet_addr
select
gethostname
closesocket
setsockopt
gethostbyaddr
WSAStartup
recv
ioctlsocket
socket
gethostbyname

winspool.drv

OpenPrinterW

netapi32

NetUserGetInfo
NetApiBufferFree

msimg32

AlphaBlend
GradientFill

iphlpapi

GetAdaptersAddresses
GetIpAddrTable

wininet

InternetAutodial
InternetGetConnectedState
InternetQueryOptionA
InternetAutodialHangup

dnsapi

DnsRecordListFree
DnsQuery_W

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43e6eb129a2fb171d07fbab7adf1558c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

05:72:f6:d5:e5:59:56:34:97:f3:53:31:5b:4e:81:47Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0a:91:a2:fc:02:74:51:63:ea:42:9b:65:fd:1d:8a:ffCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

cd:70:e6:69:a8:59:23:11:00:00:00:00:55:91:da:ddCertificate

Extended Key Usages

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

d2:4a:4a:8c:d8:9b:d5:62:27:a5:1f:ee:4f:60:69:46:32:31:b8:91:f3:e5:97:5e:da:bb:65:72:71:28:3d:b5Signer

ca:f3:e1:b1:c3:df:4a:b2:c5:58:46:95:a4:1c:6c:c5:c6:82:4d:d5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

ole32

oleaut32

shell32

shlwapi

user32

ws2_32

winspool.drv

netapi32

msimg32

iphlpapi

wininet

dnsapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 319KB - Virtual size: 318KB

.data Size: 22KB - Virtual size: 226KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 121KB - Virtual size: 121KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

05:72:f6:d5:e5:59:56:34:97:f3:53:31:5b:4e:81:47
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0a:91:a2:fc:02:74:51:63:ea:42:9b:65:fd:1d:8a:ff
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

cd:70:e6:69:a8:59:23:11:00:00:00:00:55:91:da:dd
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

d2:4a:4a:8c:d8:9b:d5:62:27:a5:1f:ee:4f:60:69:46:32:31:b8:91:f3:e5:97:5e:da:bb:65:72:71:28:3d:b5
Signer

ca:f3:e1:b1:c3:df:4a:b2:c5:58:46:95:a4:1c:6c:c5:c6:82:4d:d5
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 319KB - Virtual size: 318KB

.data
Size: 22KB - Virtual size: 226KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 121KB - Virtual size: 121KB