47e11ce82d377ee194581f97bd721ac0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

47e11ce82d377ee194581f97bd721ac0_NeikiAnalytics.exe
Size

802KB
MD5

47e11ce82d377ee194581f97bd721ac0
SHA1

cdc0fcc43f2ff6aa276dc1a016d19fa7289baa33
SHA256

53f5c59a585f5b1cb856fdbc84b939ecdf8a18d1cbc6904e5c326b127a86c5c5
SHA512

e8c759ba5d2569ca8ddf96639c6fceade293ae06eca69fcd68a244daf9f03a01a24634697b9e06e7b7bef06c276702cdc7643ccede45a6af16781c5287ce57a8
SSDEEP

24576:TDs6xpxYy3/3A0ARiAiryrFTWlYZexuM9rEH7+l:lpj3/3AiryHZexuk

Score

1^/10

Malware Config

Signatures

Files

47e11ce82d377ee194581f97bd721ac0_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

1ccb58c346cfdbea2a72089746034496

Code Sign

44:82:06:ac:63:f0:b2:b4:be:d6:75:fa:ce:06:89:47
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/10/2018, 00:00

Not After

28/12/2021, 23:59

Subject

CN=Famatech Corp.,O=Famatech Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

94:21:ff:f9:77:29:02:d9:0b:e0:58:29:8a:bc:91:61:77:25:08:f9:f1:e9:28:6e:68:b7:7b:5a:a7:f0:6d:d2
Signer

Actual PE Digest

94:21:ff:f9:77:29:02:d9:0b:e0:58:29:8a:bc:91:61:77:25:08:f9:f1:e9:28:6e:68:b7:7b:5a:a7:f0:6d:d2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\MyUtil\Release\Shelper.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetVersion
GetCurrentThreadId
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetFullPathNameW
WriteConsoleW
HeapSize
SetEnvironmentVariableA
LCMapStringW
GetStringTypeW
OutputDebugStringW
RaiseException
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
ReadConsoleW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetCPInfo
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
CreateFileW
GetDriveTypeW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryA
CloseHandle
FindClose
SetEndOfFile
ReadFile
WriteFile
GetFileSize
SetLastError
GetLastError
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
GetCurrentDirectoryW
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetTimeZoneInformation
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
FileTimeToSystemTime
CreateThread
ExitThread
ResumeThread
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptSignHashA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptExportKey
CryptGetUserKey
CryptAcquireContextA

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext

Exports

Exports

SHelper_AllocBuffer
SHelper_CChannel_CreateClient
SHelper_CChannel_CreateServer
SHelper_CChannel_DecryptBuffer
SHelper_CChannel_Delete
SHelper_CChannel_EncryptBuffer
SHelper_CChannel_SetKeyDec
SHelper_CChannel_SetKeyEnc
SHelper_CheckAPIVersion
SHelper_CheckExeFileSignature
SHelper_CheckNetworkProtocolVersion
SHelper_CreateClient
SHelper_CreateInvalidBuffer
SHelper_CreateServer
SHelper_Delete
SHelper_FreeBuffer
SHelper_GenerateUserParams
SHelper_GetKey
SHelper_GetMaxPacketSize
SHelper_GetName
SHelper_GetNetworkProtocolVersion
SHelper_GetNextBuffer
SHelper_Init
SHelper_RSAHelper_CreateWithPrivateKey
SHelper_RSAHelper_CreateWithPublicKey
SHelper_RSAHelper_DecryptBuffer_Private
SHelper_RSAHelper_DecryptBuffer_Public
SHelper_RSAHelper_Delete
SHelper_RSAHelper_EncryptBuffer_Private
SHelper_RSAHelper_EncryptBuffer_Public
SHelper_RSession_CreateClient
SHelper_RSession_CreateServer
SHelper_RSession_Delete
SHelper_RSession_GetClientDataOnServer
SHelper_RSession_GetKey
SHelper_RSession_GetNextBuffer
SHelper_RSession_GetServerDataOnClient
SHelper_SetUserParams

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ccb58c346cfdbea2a72089746034496

Code Sign

44:82:06:ac:63:f0:b2:b4:be:d6:75:fa:ce:06:89:47Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

94:21:ff:f9:77:29:02:d9:0b:e0:58:29:8a:bc:91:61:77:25:08:f9:f1:e9:28:6e:68:b7:7b:5a:a7:f0:6d:d2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

crypt32

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 516KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 24KB

44:82:06:ac:63:f0:b2:b4:be:d6:75:fa:ce:06:89:47
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

94:21:ff:f9:77:29:02:d9:0b:e0:58:29:8a:bc:91:61:77:25:08:f9:f1:e9:28:6e:68:b7:7b:5a:a7:f0:6d:d2
Signer

.text
Size: 516KB - Virtual size: 516KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 24KB