3861fca0d9a18bca0b0c81686a8aa790_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3861fca0d9a18bca0b0c81686a8aa790_NeikiAnalytics.exe
Size

904KB
MD5

3861fca0d9a18bca0b0c81686a8aa790
SHA1

76938cab5926c14abcd1273f8613f3d38c1a4892
SHA256

3ffbe210a3bf9f6b28b4118e4e632850e6add30774ce949155d35d8f3a29ad4f
SHA512

4a4c10c663f58690036bf59606bb49c646e8d6de0e00515d323c6735354f17865cbc03a7a0485683c8025480a6e93b496bd6e4f0daea79001e378432b498ba78
SSDEEP

12288:IXoyHQ9IWwMclTEFDJBc2q1ith2weU93e9yx7:UA8ENJBM1qhHH3e6

Score

1^/10

Malware Config

Signatures

Files

3861fca0d9a18bca0b0c81686a8aa790_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

3833865dfb71db114f521966d14efe5f

Code Sign

33:00:00:00:2f:68:b2:be:77:b6:b3:5e:cc:00:00:00:00:00:2f
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:54

Not After

12/05/2017, 00:54

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:fa:cb:9a:44:b4:89:44:f3:a6:7e:b5:e9:84:f7:90:4a:b4:76:b4:60:5c:1d:5f:0b:ec:7a:79:88:08:8c:13
Signer

Actual PE Digest

e0:fa:cb:9a:44:b4:89:44:f3:a6:7e:b5:e9:84:f7:90:4a:b4:76:b4:60:5c:1d:5f:0b:ec:7a:79:88:08:8c:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

unidrvui.pdb

Imports

msvcrt

iswctype
??3@YAXPEAX@Z
wcsrchr
isspace
_wcsicmp
_itow
_stricmp
_wcsnicmp
_vsnwprintf
wcsncmp
??2@YAPEAX_K@Z
_errno
atoi
_wtoi
towupper
wcschr
_wtol
_strnicmp
wcsstr
iswspace
fprintf
vfprintf
memmove
memset
memcpy
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler
strncmp
qsort
_purecall
_vsnprintf

kernel32

GetFileTime
GetLocaleInfoW
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
LoadLibraryW
GetPrivateProfileStringW
GetPrivateProfileSectionW
FindResourceW
LoadResource
SizeofResource
LockResource
CopyFileW
lstrlenW
GetSystemDefaultLCID
GetFileAttributesExW
CompareFileTime
GetFileSize
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetFileAttributesW
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
SetErrorMode
MultiByteToWideChar
GetVersionExW
GetModuleHandleW
LoadLibraryExW
HeapFree
HeapCreate
lstrcmpW
HeapDestroy
HeapAlloc
CloseHandle
Sleep
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
ReadFile
GetTempFileNameW
CreateDirectoryW
CreateFileW
MulDiv
WideCharToMultiByte
FreeLibrary
GetProcAddress
SetLastError
GetLastError
MoveFileExW
LocalFree
DeleteFileW
LocalAlloc

user32

GetWindowLongPtrW
EndDialog
DialogBoxParamW
MessageBoxW
MessageBeep
SetDlgItemTextA
WinHelpW
CheckRadioButton
EnableWindow
GetDlgItemTextW
SetCursor
LoadCursorW
SendMessageW
InvalidateRect
LoadStringW
LoadIconW
GetDlgItem
ShowWindow
SetDlgItemTextW
SetWindowLongPtrW
SendDlgItemMessageW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winspool.drv

DeviceCapabilitiesW
SetPrinterDataW
DeletePrinterDataW
GetPrinterW
GetPrinterDataW
SetPrinterW
GetPrinterDriverDirectoryW
AddFormW
DeleteFormW
ClosePrinter
OpenPrinterW
EnumFormsW
GetFormW
GetPrinterDriverW

gdi32

CreateICW
SetGraphicsMode
DeleteDC
GetDeviceCaps
EnumFontFamiliesW
CreateDCW

oleaut32

VariantInit
SysFreeString
VariantChangeType
SysAllocString
SysAllocStringLen
VariantClear
SysStringLen

ole32

CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx
CreateStreamOnHGlobal

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
TraceEvent

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Exports

Exports

DevQueryPrintEx
DllCanUnloadNow
DllGetClassObject
DllMain
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPopulateFilterServices
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvResetConfigCache
DrvSplDeviceCaps
DrvUpgradePrinter
MxdcGetPDEVAdjustment

Sections

.text
Size: 603KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3833865dfb71db114f521966d14efe5f

Code Sign

33:00:00:00:2f:68:b2:be:77:b6:b3:5e:cc:00:00:00:00:00:2fCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

e0:fa:cb:9a:44:b4:89:44:f3:a6:7e:b5:e9:84:f7:90:4a:b4:76:b4:60:5c:1d:5f:0b:ec:7a:79:88:08:8c:13Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

version

winspool.drv

gdi32

oleaut32

ole32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 603KB - Virtual size: 603KB

.data Size: 12KB - Virtual size: 14KB

.pdata Size: 13KB - Virtual size: 12KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 255KB - Virtual size: 256KB

.reloc Size: 5KB - Virtual size: 5KB

33:00:00:00:2f:68:b2:be:77:b6:b3:5e:cc:00:00:00:00:00:2f
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

e0:fa:cb:9a:44:b4:89:44:f3:a6:7e:b5:e9:84:f7:90:4a:b4:76:b4:60:5c:1d:5f:0b:ec:7a:79:88:08:8c:13
Signer

.text
Size: 603KB - Virtual size: 603KB

.data
Size: 12KB - Virtual size: 14KB

.pdata
Size: 13KB - Virtual size: 12KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 255KB - Virtual size: 256KB

.reloc
Size: 5KB - Virtual size: 5KB