13001155f7ad6eb557e9a5d30c8b9560_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

13001155f7ad6eb557e9a5d30c8b9560_NeikiAnalytics.exe
Size

1.7MB
MD5

13001155f7ad6eb557e9a5d30c8b9560
SHA1

98d07296e25f6fe6c6876641c517ff2cdcf25f27
SHA256

0b6ccb118eb706184263bb06c4101726b48a150b1e73d9e242672e503ae7c9de
SHA512

287c88057dbbfb29b7f8a297043be802a9836ad87f36d6c199d50ebc576bcea2a5ff835f1ff316cb164807cf5458fd9461b7dded1d189e7bafa1efc873e07bbd
SSDEEP

24576:/UcL71sqLUnTcdsa/v6EktxaEj29iuSI6Je1S/BPFLt/TyB++BiSnsBM:/UK71BLUnikfg36JV9R/TyB++BiSnse

Score

1^/10

Malware Config

Signatures

Files

13001155f7ad6eb557e9a5d30c8b9560_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

caa6efbb9e70bf0031413b513fa22b54

Code Sign

0f:39:9a:74:ae:7d:47:5c:06:1e:9d:0a:12:00:9c:ca
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2020, 00:00

Not After

13/01/2021, 12:00

Subject

CN=Cisco WebEx LLC,O=Cisco WebEx LLC,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:79:df:48:0b:91:81:c8:c7:1b:f2:c2:2d:8e:8a:2b:b1:ce:ff:af:34:df:15:1c:31:98:12:ce:59:2f:fe:61
Signer

Actual PE Digest

10:79:df:48:0b:91:81:c8:c7:1b:f2:c2:2d:8e:8a:2b:b1:ce:ff:af:34:df:15:1c:31:98:12:ce:59:2f:fe:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-windows-plugin\output\maps\Release\CiscoWebExStart.pdb

Imports

wininet

HttpSendRequestA
HttpSendRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpOpenRequestA
InternetConnectW
InternetConnectA
InternetOpenA
InternetCrackUrlW
InternetCrackUrlA
HttpOpenRequestW
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
InternetReadFileExW
InternetReadFileExA
InternetErrorDlg
InternetSetOptionW
InternetCloseHandle
InternetReadFile
InternetOpenW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CryptVerifyMessageSignature
CertGetNameStringW
CertComparePublicKeyInfo
CertFreeCertificateContext
CertVerifyCertificateChainPolicy

wintrust

WinVerifyTrust

imagehlp

ImageGetCertificateHeader
ImageEnumerateCertificates
ImageGetCertificateData

kernel32

GetFileAttributesExW
GetTempFileNameW
RemoveDirectoryW
SetLastError
CopyFileW
MoveFileExW
GetCommandLineA
CreateDirectoryA
CreateFileA
DeleteFileA
FindFirstFileA
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
GetTempPathA
GetTempFileNameA
CreateEventA
CreateEventW
OpenEventA
GetVersionExA
GetModuleHandleA
LoadLibraryA
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStringA
CopyFileA
MoveFileExA
EnumSystemGeoID
GetUserGeoID
lstrcmpiA
GlobalFree
lstrcmpW
MulDiv
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
FindNextFileA
WritePrivateProfileSectionW
CompareFileTime
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetCurrentDirectoryW
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetModuleHandleExW
ExitProcess
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetTimeZoneInformation
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetWindowsDirectoryW
WritePrivateProfileStructW
GetTimeFormatW
GetDateFormatW
GetSystemTime
TerminateThread
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CloseHandle
CreateThread
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
IsProcessInJob
ReadProcessMemory
OpenProcess
GetProcessId
TerminateProcess
GetLongPathNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetOEMCP
WritePrivateProfileStringW
OpenFile
lstrlenW
lstrlenA
lstrcmpiW
LoadLibraryW
GetProcAddress
GetDriveTypeW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
VirtualQuery
GetSystemDirectoryW
GetLocalTime
CreateProcessW
GetCurrentThread
GetCurrentProcess
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
GetTempPathW
SetEndOfFile
QueryDosDeviceW
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCommandLineW
GetSystemDefaultLangID
SetFilePointer
GetFileSize
CreateFileW
OpenEventW
SetEvent
Sleep
GetModuleFileNameW
IsBadReadPtr
GetVersionExW
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
MultiByteToWideChar
CreateMutexW
LocalFree
GetTickCount
GetCurrentProcessId
WriteFile
GetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
ReadFile
WaitForSingleObject

user32

GetMessageW
UnregisterClassW
GetPropA
IsWindowVisible
SetWindowTextW
MonitorFromWindow
GetMonitorInfoW
DispatchMessageW
SetWindowRgn
GetDlgItem
CreateDialogIndirectParamW
TranslateMessage
PostQuitMessage
GetWindowDC
GetWindowLongW
SetWindowLongW
ReleaseDC
SetRect
LoadBitmapW
SetWindowPos
DefWindowProcW
GetWindowRect
OffsetRect
GetClientRect
GetSystemMetrics
LoadIconW
DrawIconEx
GetWindowTextW
DrawTextW
PtInRect
SendMessageW
GetSystemMenu
TrackPopupMenu
InvalidateRect
SendMessageA
ShowWindow
BeginPaint
EndPaint
SetTimer
DestroyWindow
KillTimer
CopyRect
LoadCursorW
MoveWindow
RegisterClassExW
CreateWindowExW
UpdateWindow
PeekMessageW
PostMessageW
GetShellWindow
GetWindowThreadProcessId
GetPropW
FindWindowExA
FindWindowExW
GetForegroundWindow
PostThreadMessageW
MessageBoxW
RegisterWindowMessageW
RegisterClassW
LoadStringW
IsWindow

gdi32

SetBkColor
CreateBitmap
GetDeviceCaps
GetBitmapBits
CombineRgn
CreateRectRgn
SelectClipRgn
BitBlt
SetTextColor
SetBkMode
CreateCompatibleBitmap
SelectObject
ExcludeClipRect
GetObjectW
CreateFontIndirectW
CreateCompatibleDC
DeleteObject
DeleteDC

advapi32

StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
AccessCheck
GetFileSecurityW
GetSecurityDescriptorSacl
ImpersonateSelf
InitializeSecurityDescriptor
MapGenericMask
RevertToSelf
CloseServiceHandle
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetNamedSecurityInfoW
CreateProcessAsUserW
OpenProcessToken
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
GetNamedSecurityInfoW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegDeleteTreeW
RegDeleteTreeA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyA
RegFlushKey
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessWithTokenW
SetTokenInformation
SetFileSecurityW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
FreeSid
OpenThreadToken

shell32

CommandLineToArgvW
ShellExecuteExW
SHFileOperationW
ShellExecuteExA
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
CoCreateGuid

shlwapi

SHDeleteKeyW
PathFileExistsA
PathGetDriveNumberW
StrChrIW
PathBuildRootW
PathFileExistsW
SHDeleteKeyA
PathCanonicalizeA
PathAppendW

comctl32

InitCommonControlsEx

urlmon

ObtainUserAgentString
CoInternetParseUrl

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipDrawString
GdipFillRectangle
GdipDrawArcI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipFree
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipSetStringFormatLineAlign

authz

AuthzAccessCheck
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA

winspool.drv

GetPrinterDriverDirectoryW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caa6efbb9e70bf0031413b513fa22b54

Code Sign

0f:39:9a:74:ae:7d:47:5c:06:1e:9d:0a:12:00:9c:caCertificate

Extended Key Usages

Key Usages

10:79:df:48:0b:91:81:c8:c7:1b:f2:c2:2d:8e:8a:2b:b1:ce:ff:af:34:df:15:1c:31:98:12:ce:59:2f:fe:61Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

crypt32

wintrust

imagehlp

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

urlmon

gdiplus

authz

version

winspool.drv

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 362KB - Virtual size: 362KB

.data Size: 24KB - Virtual size: 67KB

.rsrc Size: 112KB - Virtual size: 112KB

.reloc Size: 71KB - Virtual size: 71KB

0f:39:9a:74:ae:7d:47:5c:06:1e:9d:0a:12:00:9c:ca
Certificate

10:79:df:48:0b:91:81:c8:c7:1b:f2:c2:2d:8e:8a:2b:b1:ce:ff:af:34:df:15:1c:31:98:12:ce:59:2f:fe:61
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 362KB - Virtual size: 362KB

.data
Size: 24KB - Virtual size: 67KB

.rsrc
Size: 112KB - Virtual size: 112KB

.reloc
Size: 71KB - Virtual size: 71KB