1f3c2228adf56d41c906aea81d64fa20_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1f3c2228adf56d41c906aea81d64fa20_NeikiAnalytics.exe
Size

237KB
MD5

1f3c2228adf56d41c906aea81d64fa20
SHA1

ad7e646b85ea296a9faea8c46367153b19236584
SHA256

ecba5378c63f6f26326d48d3586903abae460c5f43d8e24cc19ddae354511c94
SHA512

a759b0aeecc7654bb971e9f863ea7cc792168cc5c5a90ff4dff917da4e140d0823dd29472c77c2ae66c8dde8dc909ce510dff80283a2564263324b757f04f83e
SSDEEP

6144:uD8okEvTyoZVOgd2QZiw5NLclL5orfQH:UsjCF2QZiOU+4

Score

1^/10

Malware Config

Signatures

Files

1f3c2228adf56d41c906aea81d64fa20_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-02-2009 00:00

Not After

11-02-2012 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
lstrcmp
LocalFree
GetTempPathW
FileTimeToDosDateTime
GetCalendarInfoA
EnumDateFormatsW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAlloc
LocalAlloc
CreateFiber
CreatePipe
CompareStringA
VirtualAlloc
GetVolumeInformationA
LoadLibraryA
GetSystemDirectoryW
EnumDateFormatsA
GetLogicalDrives
DisconnectNamedPipe
CopyFileA
SetLocaleInfoW
FreeResource
SystemTimeToFileTime
SetThreadPriority

user32

GetMenuItemRect
CheckMenuRadioItem
GetWindowRect
GetCaretPos
ActivateKeyboardLayout
GetParent
CallWindowProcW
WinHelpW
LoadCursorW
AdjustWindowRect
CopyImage
CreateDialogIndirectParamW
GetCursorPos
GetMenuItemID
LoadMenuIndirectA
CharUpperW
CreateMenu
ArrangeIconicWindows
RegisterClassExW
LoadIconA
SetWindowPos
DestroyWindow
DialogBoxIndirectParamW
GetDlgItemInt
GetSysColor
DialogBoxParamW
ShowCaret
WaitMessage
DestroyCursor
UnregisterClassW
SendMessageW
MonitorFromRect
GetClassNameA
GetClassInfoExA
GetIconInfo
DrawTextW
DrawTextA
CallWindowProcA
CreateWindowExW
UpdateWindow

gdi32

SetICMProfileW
ExtEscape
SetRectRgn
RemoveFontResourceExW
GetPolyFillMode
ColorMatchToTarget
GetCharABCWidthsI
SetWorldTransform
PlayMetaFile
GetLogColorSpaceW
CreateRoundRectRgn
SetWindowOrgEx
GetCharacterPlacementW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegEnumValueA
RegCreateKeyExA

shell32

SHFreeNameMappings

opengl32

glTexGendv
glTexCoord2iv
glRecti
glDebugEntry
glEvalCoord1fv
glMaterialfv
glRasterPos2fv
glPixelMapuiv
glEvalCoord2d

inetcomm

MimeOleGetContentTypeExt
MimeOleGetBodyPropA
CreateSMTPTransport
MimeOleConvertEnrichedToHTML

Sections

.X2"*
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d>ir
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T:O
Size: 1024B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.b9"g9Y
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LJn
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

inetcomm

Sections

.X2"* Size: 10KB - Virtual size: 11KB

.d>ir Size: 512B - Virtual size: 20KB

.1 Size: 4KB - Virtual size: 3KB

.T:O Size: 1024B - Virtual size: 25KB

.b9"g9Y Size: 3KB - Virtual size: 10KB

.LJn Size: 2KB - Virtual size: 10KB

.' Size: 512B - Virtual size: 39KB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 1024B - Virtual size: 68KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.X2"*
Size: 10KB - Virtual size: 11KB

.d>ir
Size: 512B - Virtual size: 20KB

.1
Size: 4KB - Virtual size: 3KB

.T:O
Size: 1024B - Virtual size: 25KB

.b9"g9Y
Size: 3KB - Virtual size: 10KB

.LJn
Size: 2KB - Virtual size: 10KB

.'
Size: 512B - Virtual size: 39KB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 1024B - Virtual size: 68KB