9f6d8dc3f9c6014511eadfb34251cc40_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9f6d8dc3f9c6014511eadfb34251cc40_NeikiAnalytics.exe
Size

237KB
MD5

9f6d8dc3f9c6014511eadfb34251cc40
SHA1

f81baa2aaf3c1048bc1cea143bceefd54273dc00
SHA256

984351a8a7ce1e1f48b64ad23a4dc22bab8d73957d0b9fcf7cbed52aa3c96a90
SHA512

26e1c659ead2870d8e50bd8b2a695a43c67c151c785b7cf0f29d6393f5daaa987b156db909cee96742fe3b5f23f5f6928d4d773deea40d13fcee7a6fff3f3689
SSDEEP

6144:0D8okEvTyoZVOgd2QZiw5NLclL5orfQH:msjCF2QZiOU+4

Score

1^/10

Malware Config

Signatures

Files

9f6d8dc3f9c6014511eadfb34251cc40_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
lstrcmp
LocalFree
GetTempPathW
FileTimeToDosDateTime
GetCalendarInfoA
EnumDateFormatsW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAlloc
LocalAlloc
CreateFiber
CreatePipe
CompareStringA
VirtualAlloc
GetVolumeInformationA
LoadLibraryA
GetSystemDirectoryW
EnumDateFormatsA
GetLogicalDrives
DisconnectNamedPipe
CopyFileA
SetLocaleInfoW
FreeResource
SystemTimeToFileTime
SetThreadPriority

user32

GetMenuItemRect
CheckMenuRadioItem
GetWindowRect
GetCaretPos
ActivateKeyboardLayout
GetParent
CallWindowProcW
WinHelpW
LoadCursorW
AdjustWindowRect
CopyImage
CreateDialogIndirectParamW
GetCursorPos
GetMenuItemID
LoadMenuIndirectA
CharUpperW
CreateMenu
ArrangeIconicWindows
RegisterClassExW
LoadIconA
SetWindowPos
DestroyWindow
DialogBoxIndirectParamW
GetDlgItemInt
GetSysColor
DialogBoxParamW
ShowCaret
WaitMessage
DestroyCursor
UnregisterClassW
SendMessageW
MonitorFromRect
GetClassNameA
GetClassInfoExA
GetIconInfo
DrawTextW
DrawTextA
CallWindowProcA
CreateWindowExW
UpdateWindow

gdi32

SetICMProfileW
ExtEscape
SetRectRgn
RemoveFontResourceExW
GetPolyFillMode
ColorMatchToTarget
GetCharABCWidthsI
SetWorldTransform
PlayMetaFile
GetLogColorSpaceW
CreateRoundRectRgn
SetWindowOrgEx
GetCharacterPlacementW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegEnumValueA
RegCreateKeyExA

shell32

SHFreeNameMappings

opengl32

glTexGendv
glTexCoord2iv
glRecti
glDebugEntry
glEvalCoord1fv
glMaterialfv
glRasterPos2fv
glPixelMapuiv
glEvalCoord2d

inetcomm

MimeOleGetContentTypeExt
MimeOleGetBodyPropA
CreateSMTPTransport
MimeOleConvertEnrichedToHTML

Sections

.X2"*
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d>ir
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T:O
Size: 1024B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.b9"g9Y
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LJn
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

inetcomm

Sections

.X2"* Size: 10KB - Virtual size: 11KB

.d>ir Size: 512B - Virtual size: 20KB

.1 Size: 4KB - Virtual size: 3KB

.T:O Size: 1024B - Virtual size: 25KB

.b9"g9Y Size: 3KB - Virtual size: 10KB

.LJn Size: 2KB - Virtual size: 10KB

.' Size: 512B - Virtual size: 39KB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 1024B - Virtual size: 68KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.X2"*
Size: 10KB - Virtual size: 11KB

.d>ir
Size: 512B - Virtual size: 20KB

.1
Size: 4KB - Virtual size: 3KB

.T:O
Size: 1024B - Virtual size: 25KB

.b9"g9Y
Size: 3KB - Virtual size: 10KB

.LJn
Size: 2KB - Virtual size: 10KB

.'
Size: 512B - Virtual size: 39KB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 1024B - Virtual size: 68KB