410df8766999dd4461c916b6639246c0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

410df8766999dd4461c916b6639246c0_NeikiAnalytics.exe
Size

1.7MB
MD5

410df8766999dd4461c916b6639246c0
SHA1

2aad9e5db1b5de1f972847877c7b2e2ca446208c
SHA256

28e48022d866f5a7c28d35d4d4b0bd01b4c0abe404327318fda7ade4be101c37
SHA512

800c0256c7f74e0baba28c485e3852f20f11724f80ad909edac5e38d75f5bdafff07a0c559f2233dd4c530e226124d6315b8ac658a8d199a4b26efc8b46fbf65
SSDEEP

24576:xDfdn+q2cNv87rvQQMtC4PhTY6uVb1i9FGzNlbSpxv/gZCgis8542vZWjnjRWe:Nt+qbSLM09HeGzbCxv/gZCfs8sjnjRH

Score

1^/10

Malware Config

Signatures

Files

410df8766999dd4461c916b6639246c0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

67d67f9d59fa06f2b791397654cc4951

Code Sign

07
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:2e:36:ad:af:9e:e4:14
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

16/03/2015, 07:00

Not After

16/03/2020, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c4:27:da:88:91:a2:ef:29
Certificate

Issuer

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

17/02/2015, 14:55

Not After

18/11/2015, 15:32

Subject

CN=GreenTree Applications srl,O=GreenTree Applications srl,L=Bucuresti,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:d9:94:e5:64:99:0c:24:01:f2:02:8c:74:11:90:8a:33:80:8e:ce
Signer

Actual PE Digest

c9:d9:94:e5:64:99:0c:24:01:f2:02:8c:74:11:90:8a:33:80:8e:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Autobuild\CleanSVN\ytd\branches\Win\YTD_4.9.1\Application3.0\Release\YouTubeDownloader.pdb

Imports

wininet

InternetGetCookieExW
InternetSetCookieW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
InternetReadFileExW
InternetReadFileExA
InternetCrackUrlW
InternetCloseHandle
InternetGetConnectedState
InternetQueryOptionW
HttpQueryInfoW
HttpSendRequestW
InternetReadFile

uxtheme

DrawThemeText
GetThemeSysColor
CloseThemeData
OpenThemeData

ws2_32

WSAStartup
WSACleanup
WSAIoctl

iphlpapi

GetAdaptersInfo

gdiplus

GdipResetPath
GdipCreateLineBrushI
GdipDisposeImage
GdipDeleteFont
GdipCreateFontFromLogfontW
GdipClosePathFigure
GdipGetRegionHRgn
GdipCombineRegionPath
GdipSetEmpty
GdipDeleteRegion
GdipCreateRegion
GdipResetClip
GdipSetClipPath
GdipSetClipRectI
GdipSetClipRect
GdipAddPathRectangleI
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipFillRectangle
GdipDrawPath
GdipDrawLine
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipWidenPath
GdipAddPathArcI
ord1
GdipAddPathLineI
GdipAddPathLine
GdipClosePathFigures
GdipStartPathFigure
GdipClonePath
GdipDeletePath
GdipCreatePath
GdipSetPenMode
GdipSetPenLineJoin
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectWithAngle
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDrawImageRect
GdipCloneImage
GdipGetImageBounds
GdipCreateBitmapFromResource
GdipMeasureString
GdipCreateFontFromDC

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

libvlc

libvlc_audio_get_mute
libvlc_audio_get_volume
libvlc_audio_set_mute
libvlc_audio_set_volume
libvlc_event_attach
libvlc_media_get_duration
libvlc_media_new_path
libvlc_media_player_event_manager
libvlc_media_player_new_from_media
libvlc_media_player_play
libvlc_media_player_release
libvlc_media_player_set_hwnd
libvlc_media_player_set_pause
libvlc_media_player_set_position
libvlc_media_player_stop
libvlc_media_release
libvlc_new
libvlc_release
libvlc_set_fullscreen
libvlc_video_set_key_input
libvlc_video_set_mouse_input

kernel32

HeapSize
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
ExitThread
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
CompareStringA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
FatalAppExitA
HeapCreate
GetStdHandle
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeA
SetHandleCount
GetFileType
GetStartupInfoA
GetLastError
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedDecrement
FlushInstructionCache
GetConsoleCP
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
lstrlenW
GetProcAddress
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
SetLastError
FormatMessageW
LocalFree
OutputDebugStringW
LoadLibraryW
lstrcmpW
lstrcpynW
MulDiv
WaitForSingleObject
GlobalAlloc
GlobalLock
HeapReAlloc
CloseHandle
CreateThread
lstrlenA
WideCharToMultiByte
GlobalHandle
GlobalFree
lstrcpyW
CompareStringW
CreateProcessW
GetVersionExW
IsWow64Process
GetTickCount
CreateFileW
ReadFile
WriteFile
DeleteFileW
QueueUserWorkItem
SuspendThread
TerminateProcess
CreatePipe
SetHandleInformation
GetShortPathNameW
GetExitCodeProcess
ResumeThread
Sleep
ReleaseMutex
OpenMutexW
CreateMutexW
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
CreateEventW
ResetEvent
WaitForMultipleObjects
SetEvent
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
MoveFileW
CreateDirectoryW
MoveFileExW
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
RemoveDirectoryW
GetSystemTime
SystemTimeToFileTime
SetFileTime
GetEnvironmentVariableW
GetFileInformationByHandle
LocalAlloc
CreateNamedPipeW
ConnectNamedPipe
WaitForSingleObjectEx
DisconnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
HeapAlloc
GetProcessHeap
HeapFree
GetConsoleMode
InterlockedExchange
InterlockedCompareExchange
SetConsoleCtrlHandler
GlobalUnlock
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
GetCurrentThreadId
OpenProcess

user32

LoadMenuW
GetSubMenu
DestroyMenu
MonitorFromPoint
IsRectEmpty
SetRectEmpty
GetCursorPos
OpenClipboard
GetClipboardData
CloseClipboard
BringWindowToTop
ShowCursor
SetWindowsHookExW
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
IsMenu
ModifyMenuW
IsCharAlphaNumericW
CreateDialogIndirectParamW
SetParent
EnableWindow
MessageBoxW
FrameRect
FillRect
GetSysColorBrush
DrawTextW
GetFocus
GetSysColor
ReleaseDC
GetDC
GetDesktopWindow
GetKeyState
GetWindowTextLengthW
GetWindowTextW
SetFocus
ShowWindow
LoadImageW
SetCursor
DrawEdge
DrawFocusRect
CreateDialogParamW
IsWindowEnabled
KillTimer
PtInRect
ClientToScreen
ReleaseCapture
GetParent
GetDlgCtrlID
SendMessageW
SetTimer
SystemParametersInfoW
GetCapture
SetCapture
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
IsWindow
EndDialog
GetClientRect
AdjustWindowRectEx
GetMenu
SetWindowPos
LoadBitmapW
MoveWindow
ScreenToClient
GetDlgItem
SetDlgItemTextW
SetWindowTextW
CallWindowProcW
GetWindowLongW
InflateRect
GetWindowRect
GetSystemMetrics
DialogBoxParamW
GetClassInfoExW
RegisterClassExW
GetActiveWindow
CharNextW
DestroyWindow
LoadCursorW
DefWindowProcW
SetWindowLongW
DialogBoxIndirectParamW
InsertMenuItemW
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuW
TrackPopupMenu
PostQuitMessage
CreateMenu
PostMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsWindowVisible
GetWindowDC
GetUpdateRect
CopyRect
TrackMouseEvent
OffsetRect
RegisterWindowMessageW
IsChild
GetClassNameW
RedrawWindow
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
MessageBeep
MapDialogRect
SetWindowContextHelpId
CreateWindowExW
UnregisterClassA
GetWindow

gdi32

CreateRectRgnIndirect
LineTo
RoundRect
GetTextMetricsW
CreateRoundRectRgn
SelectClipRgn
FrameRgn
DPtoLP
GetDeviceCaps
ExtTextOutW
SetBkColor
CreatePen
SetTextColor
CombineRgn
GetCurrentObject
GetTextExtentPoint32W
CreateSolidBrush
BitBlt
Polygon
CreateCompatibleBitmap
SetViewportOrgEx
CreateCompatibleDC
GetRgnBox
CreateRectRgn
CreateFontIndirectW
SelectObject
GetTextColor
SetBkMode
DeleteObject
MoveToEx
GetStockObject
GetObjectW
DeleteDC
FillRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
CryptDestroyHash
CryptHashData
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetHashParam

shell32

SHBrowseForFolderW
DragQueryFileW
DragAcceptFiles
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoCreateGuid
CoWaitForMultipleHandles
OleRun

oleaut32

SafeArrayUnlock
SafeArrayPutElement
SafeArrayGetElement
VarBstrCat
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantChangeType
SafeArrayAccessData
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
DispCallFunc
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
SysFreeString
SafeArrayUnaccessData
SafeArrayCreateVector
VarUI4FromStr
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VarDateFromStr

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionW
PathIsDirectoryW
PathCombineW
PathAddExtensionW
PathRenameExtensionW
PathFindExtensionW
PathIsSystemFolderW
PathAddBackslashW
PathGetDriveNumberW
PathRemoveBackslashW
PathCompactPathW
PathIsRootW
PathStripPathW
PathFileExistsW
PathAppendW

comctl32

ImageList_GetIconSize
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Remove
ImageList_Create
ImageList_Destroy
InitCommonControlsEx
ImageList_SetBkColor
ImageList_Draw
ImageList_AddMasked

msimg32

GradientFill

Sections

.text
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67d67f9d59fa06f2b791397654cc4951

Code Sign

07Certificate

Key Usages

6c:2e:36:ad:af:9e:e4:14Certificate

Extended Key Usages

Key Usages

c4:27:da:88:91:a2:ef:29Certificate

Extended Key Usages

Key Usages

c9:d9:94:e5:64:99:0c:24:01:f2:02:8c:74:11:90:8a:33:80:8e:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

uxtheme

ws2_32

iphlpapi

gdiplus

psapi

libvlc

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

Sections

.text Size: 925KB - Virtual size: 925KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 21KB - Virtual size: 30KB

.rsrc Size: 481KB - Virtual size: 480KB

.reloc Size: 55KB - Virtual size: 55KB

07
Certificate

6c:2e:36:ad:af:9e:e4:14
Certificate

c4:27:da:88:91:a2:ef:29
Certificate

c9:d9:94:e5:64:99:0c:24:01:f2:02:8c:74:11:90:8a:33:80:8e:ce
Signer

.text
Size: 925KB - Virtual size: 925KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 21KB - Virtual size: 30KB

.rsrc
Size: 481KB - Virtual size: 480KB

.reloc
Size: 55KB - Virtual size: 55KB