9419c25edf429ac2ed50c65861320180_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9419c25edf429ac2ed50c65861320180_NeikiAnalytics.exe
Size

347KB
MD5

9419c25edf429ac2ed50c65861320180
SHA1

6a272051c2e473771b12ce03dd90d44d90a9ff5a
SHA256

53fff849200b506fe76de4d531c4af8bf03d4502e2d8c1f560557aa2addf30cb
SHA512

dc657ffe86d7ad5722670136abba24209b040add522d8f078f1c194744a7a94e66fd4e36a276f52d52d8dddc4c77a36d53c25d5c4f6f0c0d0f34f0fc13606e12
SSDEEP

6144:vE5f+HQhUQ6JcikUSvnM5SF9jL7zt8HencN3UwQgJPLJGLckybqZ:vE5F6WpvnM5Sn7zt8HecN3Uw7JtGsqZ

Score

1^/10

Malware Config

Signatures

Files

9419c25edf429ac2ed50c65861320180_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

9b3b9429bf6d7885d39887bb6a0a7318

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:85:e6:b4:33:5a:a8:51:6e:f8:34:b8:2d:3e:90:cc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/11/2011, 00:00

Not After

05/01/2013, 23:59

Subject

CN=NHN corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NHN corp.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:0f:a8:5c:b8:bb:0c:c3:81:97:cf:52:30:17:cf:3b:b6:91:b2:ac
Signer

Actual PE Digest

1d:0f:a8:5c:b8:bb:0c:c3:81:97:cf:52:30:17:cf:3b:b6:91:b2:ac

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Project\VC++\Vaccine\ToolsInstAgent\bin\NVCInstAgent.pdb

Imports

wininet

InternetAttemptConnect
InternetSetCookieW
InternetWriteFile
InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestExW
InternetConnectW
HttpEndRequestW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW

naveradminapi

NaverUpdateInitializeW
NaverRegSetValueW
NaverUpdateFinalize

kernel32

GetLocaleInfoW
LoadLibraryA
CreateFileA
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
GetLocalTime
lstrcpyW
OutputDebugStringW
lstrcatW
LocalFree
LocalAlloc
lstrlenW
FormatMessageW
GetLastError
WideCharToMultiByte
lstrcmpW
GetExitCodeThread
WaitForSingleObject
CloseHandle
CreateThread
GetDriveTypeA
GetFileSize
CreateFileW
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryW
lstrlenA
MultiByteToWideChar
GetCurrentProcess
GetModuleHandleW
CreateMutexW
GetExitCodeProcess
Sleep
GetModuleFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
MoveFileW
DeleteFileW
GetTempFileNameW
GetTempPathW
WriteFile
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CompareStringA
CompareStringW
ReadFile
HeapSize
FlushFileBuffers
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
SetEnvironmentVariableA
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA

user32

wvsprintfW
wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantInit

shlwapi

PathAppendW

Exports

Exports

Request

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b3b9429bf6d7885d39887bb6a0a7318

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

17:85:e6:b4:33:5a:a8:51:6e:f8:34:b8:2d:3e:90:ccCertificate

Extended Key Usages

Key Usages

1d:0f:a8:5c:b8:bb:0c:c3:81:97:cf:52:30:17:cf:3b:b6:91:b2:acSigner

Headers

File Characteristics

PDB Paths

Imports

wininet

naveradminapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 262KB - Virtual size: 261KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 13KB - Virtual size: 12KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

17:85:e6:b4:33:5a:a8:51:6e:f8:34:b8:2d:3e:90:cc
Certificate

1d:0f:a8:5c:b8:bb:0c:c3:81:97:cf:52:30:17:cf:3b:b6:91:b2:ac
Signer

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 13KB - Virtual size: 12KB