7dc094f060a7f41804ab34b8fd100df0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7dc094f060a7f41804ab34b8fd100df0_NeikiAnalytics.exe
Size

1.4MB
MD5

7dc094f060a7f41804ab34b8fd100df0
SHA1

35f8401532277d6c6447d9da0a88ec32bcabe07b
SHA256

ce7ca56eb8be0fdc08f771d571e3fa01c0f3cc4e7fcf894856a973cb775fb9c8
SHA512

341b4813ef4405b10a34b7615e959a36a9f56e4d0397bd7b8ca7283e541155d46efb3f727931c82ffda956ed4b1084b1c681b6afa3833b1d56e820c988380df7
SSDEEP

24576:b2K57rbd92QRA/cV+0lG8r0fqQtalSEGjANibsJ/DGLhRL+2kk:Brbd9zR+cV+0Uxal7GlF+2kk

Score

1^/10

Malware Config

Signatures

Files

7dc094f060a7f41804ab34b8fd100df0_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

327b9d0294ee3dc22e8085e5f509a5e9

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c5:8c:ce:37:9b:80:c2:c2:a7:0a:dd:10:24:80:3e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/09/2010, 00:00

Not After

19/10/2012, 23:59

Subject

CN=iMesh Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=iMesh Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Work\SearchSuite\G4.1\SearchSuite\G4.1\Kipod\RBin\DataMngr.pdb

Imports

ntdll

ZwClose
RtlCreateUserThread
NtQueryInformationProcess
NtAllocateVirtualMemory
NtFreeVirtualMemory

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

kernel32

IsBadWritePtr
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsAlloc
GetCurrentThread
GetCommandLineW
CreateEventW
CreateSemaphoreA
GetSystemTimeAsFileTime
ReleaseSemaphore
OpenMutexW
PulseEvent
GetCurrentProcessId
WaitForMultipleObjects
GetProcessHeap
HeapFree
LocalFree
HeapAlloc
LoadLibraryA
DuplicateHandle
GetCurrentProcess
lstrlenW
CopyFileW
DeleteFileW
FreeLibrary
VirtualQuery
SetLastError
GetModuleHandleA
VirtualAlloc
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
WideCharToMultiByte
OpenEventW
lstrlenA
GetModuleFileNameW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
AreFileApisANSI
SetFilePointer
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetSystemTime
LockFileEx
GetTempPathA
GetTempPathW
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
DeviceIoControl
WriteFile
ReadFile
GetLastError
GetFileSize
GetDateFormatA
CreateFileW
GetProcAddress
GetModuleHandleW
RemoveVectoredExceptionHandler
InterlockedExchange
VirtualProtect
IsBadReadPtr
AddVectoredExceptionHandler
SetEvent
CreateEventA
CloseHandle
WaitForSingleObject
GetTimeFormatA
MultiByteToWideChar
SetEnvironmentVariableA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
EncodePointer
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
TlsFree
OpenEventA
ResetEvent
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStdHandle
GetLocaleInfoW
IsProcessorFeaturePresent
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CompareStringW

user32

LoadStringA
GetWindowThreadProcessId
FindWindowExW

advapi32

RegSetValueExW
LookupAccountNameW
ConvertSidToStringSidW
RegCreateKeyExW
IsValidSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW

dbghelp

ImageNtHeader

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

327b9d0294ee3dc22e8085e5f509a5e9

Code Sign

01Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

47:c5:8c:ce:37:9b:80:c2:c2:a7:0a:dd:10:24:80:3eCertificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

version

wtsapi32

kernel32

user32

advapi32

dbghelp

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 166KB - Virtual size: 165KB

.data Size: 27KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 67KB - Virtual size: 66KB

01
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:c5:8c:ce:37:9b:80:c2:c2:a7:0a:dd:10:24:80:3e
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 166KB - Virtual size: 165KB

.data
Size: 27KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 67KB - Virtual size: 66KB