447c47e570154074b477f49a076dba70_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

447c47e570154074b477f49a076dba70_NeikiAnalytics.exe
Size

679KB
MD5

447c47e570154074b477f49a076dba70
SHA1

e630212637f7c2eae5336dab7db40537dbb58cc7
SHA256

9f4f4bcece7e9144266fa17bda4a6b3d37f66ed218284112e8f05831b4dd84c3
SHA512

d099a127771ccc48ae6436c18825a2fa3a2dc4ea9d53c7761d83b3138ffe9642fca98208584535989fd988b253486bed3678462aad7f0118d4783f825b9beb3d
SSDEEP

12288:7SULYD8JLTx2c4ShJ74QRR0IA+Emk3usesnYaU7fsVDjJaN3S:7OD8J3xESX0IA+EBvesnTBjJg3S

Score

1^/10

Malware Config

Signatures

Files

447c47e570154074b477f49a076dba70_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

672c7b0d40ab65168eeb96dfebf432b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03-06-2015 00:00

Not After

02-07-2017 23:59

Subject

CN=Conexant Systems\, Inc.,O=Conexant Systems\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:5e:38:4e:6e:04:90:e2:3d:c9:89:db:52:7d:1a:b4:b3:48:7c:55
Signer

Actual PE Digest

9b:5e:38:4e:6e:04:90:e2:3d:c9:89:db:52:7d:1a:b4:b3:48:7c:55

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ControlService
QueryServiceStatus
DeleteService
GetUserNameW
RegOpenKeyW
RegSetValueExW
RegisterServiceCtrlHandlerW
RegOpenKeyExW
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
SetServiceStatus
RegCloseKey
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
RegCreateKeyExW
RegDeleteKeyW
RegCreateKeyW
RegEnumKeyExW

kernel32

GetSystemDirectoryW
FindResourceW
InitializeCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
ResetEvent
OutputDebugStringW
DeleteCriticalSection
Sleep
FreeLibrary
GetVersionExW
WaitForSingleObject
MultiByteToWideChar
GetCommandLineW
OutputDebugStringA
SetEvent
GetModuleFileNameW
SizeofResource
CloseHandle
RaiseException
LockResource
CreateFileW
LoadResource
DeviceIoControl
LoadLibraryW
CreateThread
GetLastError
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
CreateProcessW
GetExitCodeProcess
GetModuleHandleW
lstrlenA
FindResourceExW
GetProcAddress
CreateEventW
WriteConsoleW
SetStdHandle
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
FlushFileBuffers
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
DecodePointer
EncodePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlPcToFileHeader
VirtualQuery
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetStartupInfoW
ExitThread
FlsSetValue
FlsGetValue
RtlUnwindEx
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo

gdi32

DeleteDC
CreateDCW

user32

UnregisterClassA
EnumDisplayDevicesW
GetClassNameW
GetWindowTextLengthW
SetWindowsHookExW
CallNextHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
IsWindow
RegisterWindowMessageW
FindWindowW
EnumDisplaySettingsW
RegisterClassExW
LoadCursorW
LoadIconW
DefWindowProcW
UnhookWindowsHookEx
PostQuitMessage
DispatchMessageW
TranslateMessage
KillTimer
PeekMessageW
EndPaint
BeginPaint
MsgWaitForMultipleObjects
PostMessageW
ShowWindow
SetTimer
CreateWindowExW
SendMessageW
GetWindowTextW

ole32

CoInitialize
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList

shlwapi

StrCmpNW
SHStrDupW

Exports

Exports

?HDMI_GetCnxtPlaybackAudioDeviceInfo@@YAJPEAK@Z
?HDMI_GetDefaultAudioDevice@@YAJPEAKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_GetDefaultAudioDeviceFromRegistry@@YAJPEAK@Z
?HDMI_SetDefaultAudioDevice@@YAJKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_SetDefaultAudioDeviceToRegistry@@YAJK@Z
?HDMI_SetThirdPartyDefaultAudioDevice@@YAJPEAGKW4__MIDL___MIDL_itf_mmdeviceapi_0000_0000_0001@@@Z
?HDMI_SetThirdPartySingleHDMIDefaultAudioDevice@@YAJXZ

Sections

.text
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

672c7b0d40ab65168eeb96dfebf432b4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

9b:5e:38:4e:6e:04:90:e2:3d:c9:89:db:52:7d:1a:b4:b3:48:7c:55Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

ole32

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 621KB - Virtual size: 621KB

.data Size: 15KB - Virtual size: 60KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 27KB - Virtual size: 26KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

9b:5e:38:4e:6e:04:90:e2:3d:c9:89:db:52:7d:1a:b4:b3:48:7c:55
Signer

.text
Size: 621KB - Virtual size: 621KB

.data
Size: 15KB - Virtual size: 60KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 27KB - Virtual size: 26KB