4e85b3192e7334d9882fc8103e34d8f0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4e85b3192e7334d9882fc8103e34d8f0_NeikiAnalytics.exe
Size

2.2MB
MD5

4e85b3192e7334d9882fc8103e34d8f0
SHA1

f86c19c93407e8e28cc64edef0e39284376a87c7
SHA256

de70cade3213685094a8aadc90051042783400a506964b8bbf5049dc35c78854
SHA512

7e80acf607dd078bb39790111efa52b014160e17c9b20311e8d9301336c89eb11e37fd9c93070649c7d1db6b9981a1e6ba6d6c8f92324b727360e72a55ed283f
SSDEEP

49152:ALpY/5ZJdlcb99ovsfrEUwlr2M7O/c3j6Q2VGT:ALi1q99ovXr2VGT

Score

1^/10

Malware Config

Signatures

Files

4e85b3192e7334d9882fc8103e34d8f0_NeikiAnalytics.exe
.exe windows:5 windows x64 arch:x64

ddc32bd88f4e88d9150e7f7b45f7c0c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:9b:64:35:af:df:e9:64:b0:49:98:1a:32:ea:74:f4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

07/09/2017, 00:00

Not After

07/09/2018, 23:59

Subject

CN=NETGATE Technologies s.r.o.,O=NETGATE Technologies s.r.o.,L=Prievidza,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:ee:14:29:ad:ef:9c:b9:59:0c:a0:61:6d:fe:0e:11:f1:2b:c0:57
Signer

Actual PE Digest

d9:ee:14:29:ad:ef:9c:b9:59:0c:a0:61:6d:fe:0e:11:f1:2b:c0:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17
InitCommonControlsEx
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

shlwapi

PathCompactPathA
SHDeleteValueA

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
WSACloseEvent
WSAGetLastError
select
WSACreateEvent
ioctlsocket
WSAStartup
gethostbyname
socket
send
recv
inet_addr
htons
connect
closesocket

winmm

PlaySoundA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

GetWindowsDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
SetPriorityClass
CreateEventA
MultiByteToWideChar
GetLogicalDrives
ExitProcess
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
WaitForMultipleObjects
CreateProcessA
GetFileTime
GlobalAlloc
SetEvent
GetFileAttributesA
GlobalDeleteAtom
DeleteAtom
AddAtomA
GlobalUnlock
GlobalLock
SetEndOfFile
LockFileEx
UnlockFile
LockFile
GetFullPathNameA
GetSystemTimeAsFileTime
IsValidCodePage
GetCommandLineA
LoadLibraryExW
ExitThread
CreateThread
HeapReAlloc
RaiseException
RtlPcToFileHeader
IsProcessorFeaturePresent
IsDebuggerPresent
AreFileApisANSI
GetModuleHandleExW
DecodePointer
EncodePointer
RtlUnwindEx
ExpandEnvironmentStringsA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetThreadPriority
GetCurrentThread
GetLongPathNameA
lstrcpynA
FormatMessageA
WaitForSingleObject
LocalFree
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
TerminateProcess
GetVersionExA
GetVersion
FindNextFileA
FlushInstructionCache
FindFirstFileA
CompareFileTime
GetSystemTime
FindClose
QueryPerformanceCounter
GetTempPathA
LoadLibraryA
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
GetProcAddress
WaitNamedPipeA
TransactNamedPipe
SetNamedPipeHandleState
Sleep
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateFileA
CloseHandle
SetFilePointer
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
GetFileType
SetEnvironmentVariableA
GetFileInformationByHandle
GetLastError
FreeLibrary
lstrlenA
GetModuleHandleA
GetModuleFileNameA
SetErrorMode
RtlLookupFunctionEntry
ResetEvent
GetACP
GetOEMCP
GetCPInfo
SetLastError
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
GetStringTypeW
HeapSize
FileTimeToLocalFileTime
FindFirstFileExW
GetDriveTypeW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
SetStdHandle
CreateFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
LoadLibraryW
CompareStringW
LCMapStringW
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
WriteConsoleW
GlobalFree

user32

GetMenuItemInfoA
GetMenuItemCount
DeleteMenu
CreateMenu
CreatePopupMenu
DrawMenuBar
CallWindowProcA
DefFrameProcA
GetMessageA
TranslateMessage
DispatchMessageA
IsMenu
GetDCEx
SetWindowTextA
GetWindowLongPtrA
SetMenu
IsDialogMessageA
IsChild
SetWindowLongPtrA
wvsprintfA
CreateCursor
CreateIcon
GetSysColorBrush
DestroyCursor
DestroyAcceleratorTable
UnregisterClassA
GetWindowTextLengthA
EnumWindows
ExitWindowsEx
MessageBeep
EnableWindow
GetDlgItem
IsWindowVisible
LoadStringA
LoadIconA
GetClassNameA
FindWindowA
SetParent
SetWindowLongA
SetActiveWindow
GetMenuItemID
GetSubMenu
SetMenuItemInfoA
LoadMenuA
RegisterClassExA
DefWindowProcA
DrawAnimatedRects
RegisterWindowMessageA
GetMenuBarInfo
UnionRect
IntersectRect
FrameRect
GetMenu
GetAsyncKeyState
GetWindow
GetFocus
DrawEdge
IsWindowEnabled
GetIconInfo
CallNextHookEx
UnhookWindowsHookEx
OffsetRect
InflateRect
SetRectEmpty
GetWindowRect
RedrawWindow
SetWindowRgn
GetWindowDC
DrawTextA
MoveWindow
ShowWindow
DrawFrameControl
MessageBoxA
SystemParametersInfoA
DrawIconEx
GetWindowTextA
DestroyWindow
CreateWindowExA
GetWindowLongA
GetSysColor
GetSystemMetrics
ReleaseDC
GetDC
LoadImageA
DestroyIcon
LoadCursorA
GetParent
PtInRect
IsRectEmpty
FillRect
ScreenToClient
ClientToScreen
GetCursorPos
InsertMenuItemA
GetMenuItemRect
RemovePropA
GetPropA
SetPropA
SetWindowsHookExA
CreateDialogParamA
CreateDialogIndirectParamA
PostQuitMessage
DefMDIChildProcA
DestroyMenu
SetCursor
GetClientRect
InvalidateRect
EndPaint
BeginPaint
SetForegroundWindow
UpdateWindow
DrawStateA
TrackPopupMenu
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetFocus
SetWindowPos
IsWindow
PostMessageA
SendMessageA
EnumChildWindows

gdi32

Rectangle
CreateDCA
CreateCompatibleDC
GetCurrentObject
SetPixelV
CreateRectRgn
CreateRectRgnIndirect
GetPixel
CreateRoundRectRgn
CreatePen
CombineRgn
EqualRgn
Ellipse
CreateDIBSection
SetDIBitsToDevice
ExtSelectClipRgn
CreateDIBitmap
OffsetRgn
CreateSolidBrush
CreateBitmap
CreatePatternBrush
RoundRect
DeleteDC
SetStretchBltMode
StretchBlt
FrameRgn
TextOutA
SetBkColor
GetObjectA
CreateCompatibleBitmap
MoveToEx
SetTextColor
SetBkMode
SelectObject
SaveDC
RestoreDC
LineTo
GetTextExtentExPointA
GetTextExtentPoint32A
GetStockObject
GetClipBox
GetBkMode
GetBkColor
DeleteObject
CreateFontIndirectA
CreatePolygonRgn
BitBlt

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameA
GetUserNameA
OpenProcessToken
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegQueryInfoKeyA
IsValidSid
RegEnumValueA
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHAppBarMessage
SHGetSpecialFolderPathA
SHGetMalloc
SHEmptyRecycleBinA
SHFileOperationA
SHGetDesktopFolder
Shell_NotifyIconA
SHGetFileInfoA
SHQueryRecycleBinA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddc32bd88f4e88d9150e7f7b45f7c0c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

34:9b:64:35:af:df:e9:64:b0:49:98:1a:32:ea:74:f4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d9:ee:14:29:ad:ef:9c:b9:59:0c:a0:61:6d:fe:0e:11:f1:2b:c0:57Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

ws2_32

winmm

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 362KB - Virtual size: 361KB

.data Size: 40KB - Virtual size: 51KB

.pdata Size: 42KB - Virtual size: 42KB

.rsrc Size: 668KB - Virtual size: 667KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

34:9b:64:35:af:df:e9:64:b0:49:98:1a:32:ea:74:f4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d9:ee:14:29:ad:ef:9c:b9:59:0c:a0:61:6d:fe:0e:11:f1:2b:c0:57
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 362KB - Virtual size: 361KB

.data
Size: 40KB - Virtual size: 51KB

.pdata
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 668KB - Virtual size: 667KB