9f78e8139affcbca515659bdeef45850_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9f78e8139affcbca515659bdeef45850_NeikiAnalytics.exe
Size

173KB
MD5

9f78e8139affcbca515659bdeef45850
SHA1

69e5fdfbb246d4e19f6f481a1c24bbb13b0f73bd
SHA256

468b64c119d1209c696bb535b525fc1669012de43874ececa0614e7faacd08b4
SHA512

5eed3b87ee05d5461a0c6d78d4af0de7c19f91167d997d434c5df3475afe8ec9c08cc8009fc570c10b0cc280fc4bb0279b1e75c6d0390e6ebd6ea9b9d30354de
SSDEEP

3072:1xAT3nHDrGkjUFhfQlipVpTB0gk8r/Tkk4FSZjtJ9dI92IFYX:23Af10gpr/R4I1dI92IFg

Score

1^/10

Malware Config

Signatures

Files

9f78e8139affcbca515659bdeef45850_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

804e8f5bf82142f487db4c2619e94579

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:1d:93:88:04:ff:90:27:00:cc:b9:e1:3a:30:40:01
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/02/2006, 00:00

Not After

28/03/2009, 23:59

Subject

CN=Juniper Networks\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ASG-Engineering,O=Juniper Networks\, Inc.,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetTickCount
WaitForSingleObject
CreateThread
WaitForMultipleObjects
CreateProcessA
OpenEventA
SetEvent
Sleep
CloseHandle
CreateMutexA
GetStartupInfoA
GetModuleHandleA
MultiByteToWideChar
SetLastError
ReleaseMutex
lstrlenA
lstrcpyA
GetTempPathA
GetTempFileNameA
ReadFile
GetProcessHeap
GetLastError
HeapFree
GlobalAlloc
GlobalFree
GetProcAddress
GetCurrentProcess
GetModuleFileNameA
LoadLibraryA
SetUnhandledExceptionFilter
CreateDirectoryA
GetSystemDirectoryA
TlsGetValue
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsFree
DeleteCriticalSection
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetFullPathNameA
GetShortPathNameA
GetLongPathNameA
OpenFileMappingA
GetSystemInfo
CreateFileA
GetFileSize
WriteFile
DeleteFileA
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
GetWindowsDirectoryA
GetEnvironmentVariableA
GetVersionExA
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32First
Process32Next
OpenProcess
TerminateProcess
FormatMessageA
LoadLibraryExA
FreeLibrary
SleepEx
GetCommandLineA
GetCurrentDirectoryA
HeapAlloc
CreateEventA
QueryPerformanceFrequency

user32

GetWindowTextA
SendMessageA
FindWindowA
PostMessageA
EndDialog
BeginPaint
EndPaint
DefWindowProcA
DestroyWindow
GetDlgItem
PostQuitMessage
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DialogBoxParamA
GetWindowLongA
DispatchMessageA
wsprintfA
GetDesktopWindow
SetWindowTextA
SetWindowLongA
GetTopWindow

msvcrt

atol
isalpha
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_purecall
strtoul
strncmp
strtok
_mbsicmp
calloc
strcat
fopen
strcpy
_splitpath
_makepath
localtime
strftime
strcmp
_filelength
remove
_errno
time
rename
fclose
strlen
strncat
strrchr
_iob
fprintf
memset
memcpy
fwrite
fflush
_assert
_open
_fstat
_close
sprintf
printf
_local_unwind2
_except_handler3
strncpy
strstr
memchr
realloc
memmove
_vsnprintf
malloc
strchr
_mbsstr
_mbschr
_mbsnbcpy
_strdup
free
_mbsnbcmp
_mbslen
__CxxFrameHandler
_mbsrchr
isspace
atoi
??3@YAXPAX@Z
_mbscmp
_strnicmp
_itoa
_stricmp
_snprintf
??2@YAPAXI@Z
_beginthreadex

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertFreeCertificateChain

advapi32

RegDeleteKeyA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
CryptReleaseContext
GetUserNameA
RegOpenKeyA
CryptAcquireContextA

shell32

SHEmptyRecycleBinA
SHFileOperationA

ws2_32

htonl
inet_ntoa
ioctlsocket
send
socket
bind
connect
recv
inet_addr
select
__WSAFDIsSet
closesocket
WSACleanup
WSAStartup
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
WSAGetLastError
gethostbyname
ntohl
WSASetLastError
gethostname
getsockopt

urlmon

URLDownloadToFileA

wininet

InternetSetCookieA
InternetGetCookieA
InternetReadFile
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetErrorDlg
HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetQueryOptionA
InternetInitializeAutoProxyDll
InternetGetConnectedState
InternetGetConnectedStateEx
FindFirstUrlCacheEntryA
FindFirstUrlCacheGroup
DeleteUrlCacheEntry
DeleteUrlCacheGroup
FindCloseUrlCache
FindNextUrlCacheEntryExA
FindFirstUrlCacheEntryExA
FindNextUrlCacheGroup
FindNextUrlCacheEntryA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

iphlpapi

GetIpAddrTable

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

804e8f5bf82142f487db4c2619e94579

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0f:1d:93:88:04:ff:90:27:00:cc:b9:e1:3a:30:40:01Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

crypt32

advapi32

shell32

ws2_32

urlmon

wininet

version

iphlpapi

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 32KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 3KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0f:1d:93:88:04:ff:90:27:00:cc:b9:e1:3a:30:40:01
Certificate

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 32KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 3KB