47703dddcfa53693179787302e167a80_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

47703dddcfa53693179787302e167a80_NeikiAnalytics.exe
Size

237KB
MD5

47703dddcfa53693179787302e167a80
SHA1

676c4e527a423036df2bc7e81c400d233b2a46eb
SHA256

340ec0a790dfe2f891c306989c019bcab3b98f9c14eff62cfaf4fc3ab7a4e994
SHA512

3110b5b88ecf847b0045de4f60d608d31e1196e089989127b41a43db4fda3f25db20bae9b67e5e4b9b4c62d244be8f461e3379c6744e2198957eb22974a8ab02
SSDEEP

6144:dD8okEvTyoZVOgd2QZiw5NLclL5orfQH:VsjCF2QZiOU+4

Score

1^/10

Malware Config

Signatures

Files

47703dddcfa53693179787302e167a80_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
lstrcmp
LocalFree
GetTempPathW
FileTimeToDosDateTime
GetCalendarInfoA
EnumDateFormatsW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAlloc
LocalAlloc
CreateFiber
CreatePipe
CompareStringA
VirtualAlloc
GetVolumeInformationA
LoadLibraryA
GetSystemDirectoryW
EnumDateFormatsA
GetLogicalDrives
DisconnectNamedPipe
CopyFileA
SetLocaleInfoW
FreeResource
SystemTimeToFileTime
SetThreadPriority

user32

GetMenuItemRect
CheckMenuRadioItem
GetWindowRect
GetCaretPos
ActivateKeyboardLayout
GetParent
CallWindowProcW
WinHelpW
LoadCursorW
AdjustWindowRect
CopyImage
CreateDialogIndirectParamW
GetCursorPos
GetMenuItemID
LoadMenuIndirectA
CharUpperW
CreateMenu
ArrangeIconicWindows
RegisterClassExW
LoadIconA
SetWindowPos
DestroyWindow
DialogBoxIndirectParamW
GetDlgItemInt
GetSysColor
DialogBoxParamW
ShowCaret
WaitMessage
DestroyCursor
UnregisterClassW
SendMessageW
MonitorFromRect
GetClassNameA
GetClassInfoExA
GetIconInfo
DrawTextW
DrawTextA
CallWindowProcA
CreateWindowExW
UpdateWindow

gdi32

SetICMProfileW
ExtEscape
SetRectRgn
RemoveFontResourceExW
GetPolyFillMode
ColorMatchToTarget
GetCharABCWidthsI
SetWorldTransform
PlayMetaFile
GetLogColorSpaceW
CreateRoundRectRgn
SetWindowOrgEx
GetCharacterPlacementW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegEnumValueA
RegCreateKeyExA

shell32

SHFreeNameMappings

opengl32

glTexGendv
glTexCoord2iv
glRecti
glDebugEntry
glEvalCoord1fv
glMaterialfv
glRasterPos2fv
glPixelMapuiv
glEvalCoord2d

inetcomm

MimeOleGetContentTypeExt
MimeOleGetBodyPropA
CreateSMTPTransport
MimeOleConvertEnrichedToHTML

Sections

.X2"*
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d>ir
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T:O
Size: 1024B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.b9"g9Y
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LJn
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

inetcomm

Sections

.X2"* Size: 10KB - Virtual size: 11KB

.d>ir Size: 512B - Virtual size: 20KB

.1 Size: 4KB - Virtual size: 3KB

.T:O Size: 1024B - Virtual size: 25KB

.b9"g9Y Size: 3KB - Virtual size: 10KB

.LJn Size: 2KB - Virtual size: 10KB

.' Size: 512B - Virtual size: 39KB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 1024B - Virtual size: 68KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.X2"*
Size: 10KB - Virtual size: 11KB

.d>ir
Size: 512B - Virtual size: 20KB

.1
Size: 4KB - Virtual size: 3KB

.T:O
Size: 1024B - Virtual size: 25KB

.b9"g9Y
Size: 3KB - Virtual size: 10KB

.LJn
Size: 2KB - Virtual size: 10KB

.'
Size: 512B - Virtual size: 39KB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 1024B - Virtual size: 68KB