328eac9e70e2adccfcc6107a39457740_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

328eac9e70e2adccfcc6107a39457740_NeikiAnalytics.exe
Size

934KB
MD5

328eac9e70e2adccfcc6107a39457740
SHA1

a1af4860f2901be723118ead7015d2bb33c38ffa
SHA256

c667137373dbe7582e2650602815e77eaa30ea04a65d985f938d744f96a6068d
SHA512

dcee46facd0524b1c8d46fc8b92fb0129c09412f56a25f2cbd0cd88a2dd32389c29e2e25b709132144bf3aa8b0fd9ff3925eb9a2ad0c6987960acb10e730208e
SSDEEP

6144:QU84FZWNEtUtXo56bk0atwxhiKEWLT5Czf+Jtq9MBV+UdvrEFp7hK6xNT:QXEtUtXo5Ekza7z8SK9MBjvrEH7RNT

Score

1^/10

Malware Config

Signatures

Files

328eac9e70e2adccfcc6107a39457740_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

27ecf3805567bfa9767ab5f088176a85

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18-10-2012 14:38

Not After

20-05-2022 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

19-05-2022 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:c8:35:1a:ec:e7:1c:73:11:58:98:0f:57:5f:41:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27-01-2010 00:00

Not After

28-01-2013 23:59

Subject

CN=Opera Software ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Opera Software ASA,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\output\1355487939\work\VS_Output\PGO\desktop_starter.pdb

Imports

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptQueryObject

kernel32

GetProcAddress
FreeLibrary
CreateEventA
GetLastError
CloseHandle
GetCurrentThreadId
InterlockedCompareExchange
GetFileAttributesA
GetCurrentProcessId
GetModuleFileNameA
WaitForSingleObject
SuspendThread
LoadLibraryA
FormatMessageA
LocalFree
WriteFile
IsBadReadPtr
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReadProcessMemory
GetLocalTime
GetTempPathA
CreateDirectoryA
CreateFileA
DebugActiveProcess
SetEvent
WaitForDebugEvent
GetThreadContext
ContinueDebugEvent
InitializeCriticalSection
GetCurrentThread
VirtualProtect
DeleteCriticalSection
VirtualFree
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetModuleFileNameW
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcess
WideCharToMultiByte
OpenProcess
MultiByteToWideChar
LocalAlloc
lstrcmpiA
GetCommandLineW
ExitProcess
DeleteFileW
RemoveDirectoryW
SetUnhandledExceptionFilter
FindFirstFileW
CreateFileW
ReadFile
FindNextFileW
FindClose
GetTempPathW
CreateEventW
WaitForMultipleObjects
GlobalAlloc
GlobalFree
CreateMutexW
OpenMutexW
Sleep
GetFileSize
LoadLibraryExW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
VirtualAlloc
GetVersionExA

user32

LoadIconA
SendMessageA
EndDialog
MessageBoxA
wsprintfA
EnumWindows
MessageBeep
SetForegroundWindow
SetActiveWindow
FlashWindow
GetWindowInfo
GetClassNameA
GetWindowThreadProcessId
FindWindowA
DialogBoxIndirectParamA
wvsprintfA

advapi32

OpenProcessToken
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid
GetTokenInformation

shell32

ShellExecuteA
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 808KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27ecf3805567bfa9767ab5f088176a85

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

13:c8:35:1a:ec:e7:1c:73:11:58:98:0f:57:5f:41:33Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

wintrust

crypt32

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 808KB - Virtual size: 808KB

.reloc Size: 4KB - Virtual size: 4KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

13:c8:35:1a:ec:e7:1c:73:11:58:98:0f:57:5f:41:33
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 808KB - Virtual size: 808KB

.reloc
Size: 4KB - Virtual size: 4KB