1a592f0d572eeff7f90c9095b0d8f770_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1a592f0d572eeff7f90c9095b0d8f770_NeikiAnalytics.exe
Size

7.1MB
MD5

1a592f0d572eeff7f90c9095b0d8f770
SHA1

49614c03397c9df4541b9bc9aa291fd62c048194
SHA256

14d5dcee79485673247fd1044d1de1978700ca59e96899b89d6e87685a513af8
SHA512

6ca1c937a3927b0cbaa1480d977bfafa225671c860adaa92a1c4d8e2bf9451699c7dc3713e77dbb5d8fbb23c1d93a8ac9da6df2e1fa6b45d9fc34d2e4093675a
SSDEEP

12288:l/v8oxrV8QJY9xzom48Y0RV+CVA4fKs9Hm8:l/vGcszRFP+v0t1

Score

1^/10

Malware Config

Signatures

Files

1a592f0d572eeff7f90c9095b0d8f770_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

7c8968872b9115941d9ae33bff61178a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:26:99:0b:04:c4:e4:83:cd:cb:cb:52:af:26:51:69:2c:6d:2f:d0
Signer

Actual PE Digest

25:26:99:0b:04:c4:e4:83:cd:cb:cb:52:af:26:51:69:2c:6d:2f:d0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
OpenProcess
SizeofResource
LoadResource
FindResourceW
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
ResumeThread
GlobalAlloc
FreeResource
LockResource
ResetEvent
ReadProcessMemory
VirtualFreeEx
GetVolumeInformationW
DeviceIoControl
GetCurrentProcess
CreateFileW
GetLastError
ReadFile
lstrcpynW
InterlockedDecrement
InterlockedIncrement
OutputDebugStringW
DeleteFileW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
lstrlenA
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenW
VirtualAlloc
VirtualFree
GetStartupInfoW
GetModuleHandleW
LoadLibraryA
RaiseException
InterlockedExchange
GetTempPathW
lstrcmpA
SearchPathW
TlsAlloc
TlsFree
SetFileTime
SetFilePointer
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
TlsSetValue
SetEndOfFile
ExpandEnvironmentStringsW
GetExitCodeProcess
WaitForMultipleObjects
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GetProcessTimes
GetSystemInfo
DuplicateHandle
GetProcessHeap
HeapAlloc
HeapFree
SetErrorMode
LoadLibraryExW
GetFileTime
FileTimeToLocalFileTime
RemoveDirectoryW
GetWindowsDirectoryW
GetShortPathNameW
VirtualQuery
ExitProcess
TerminateProcess
SetProcessWorkingSetSize
GetTempFileNameW
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
SetFileAttributesW
WritePrivateProfileSectionW
GetLocalTime
CreateDirectoryW
GetModuleFileNameW
CopyFileW
MoveFileExW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
Sleep
CreateProcessW
CloseHandle
GetTickCount
GetDiskFreeSpaceExW
FlushInstructionCache
SetEvent
CreateEventW
CreateThread
DebugBreak
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
CreateMutexW
WaitForSingleObject
GetVersionExW
WriteFile
GetFileSize
lstrcmpiA
GetPrivateProfileIntW
FreeLibrary

user32

wvsprintfW
CharNextW
PostQuitMessage
SendMessageW
DestroyWindow
MapVirtualKeyW
GetKeyNameTextW
SubtractRect
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfW
LoadCursorW
GetClassInfoExW
SetWindowLongW
WaitForInputIdle
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
IsIconic
PostMessageW
GetWindowLongW
CallWindowProcW
CreateWindowExW
IsDialogMessageW
GetFocus
SetFocus
SetWindowPos
GetDlgItem
BringWindowToTop
MessageBoxW
ShowWindow
LoadStringW
DefWindowProcW
SetForegroundWindow
GetUpdateRect
GetDC
SetRect
EqualRect
IntersectRect
CopyRect
GetWindowThreadProcessId
FindWindowExW
CharLowerW
ReleaseDC
GetWindowDC
LoadImageW
FindWindowW
RegisterClassExW
GetWindowTextLengthW
ClientToScreen
PtInRect
GetDlgCtrlID
ReleaseCapture
SetCapture
GetCapture
IsWindowEnabled
FillRect
DrawEdge
GetSystemMetrics
InflateRect
DrawFocusRect
OffsetRect
CreateDialogParamW
UpdateWindow
SetCursor
GetSysColor
EndPaint
BeginPaint
DrawTextW
KillTimer
SetTimer
GetSystemMenu
EnableMenuItem
GetWindow
SystemParametersInfoW
InvalidateRect
GetWindowTextW
RedrawWindow
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetParent
GetClientRect
GetMenu
AdjustWindowRectEx
IsWindow
SetWindowTextW

gdi32

DeleteObject
CreateFontIndirectW
SetTextColor
GetObjectW
GetStockObject
SelectObject
CreateSolidBrush
GetCurrentObject
DeleteDC
CreateCompatibleDC
CreateFontW
CreateDIBPatternBrushPt
GetBitmapBits
CreateDIBSection
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
SetBkMode

advapi32

RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
RegOpenKeyW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
CopySid
GetTokenInformation
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHFreeNameMappings
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHAppBarMessage

ole32

OleInitialize
CoTaskMemFree
StringFromCLSID
OleUninitialize
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

olepro32

ord251

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

comctl32

ImageList_Draw
InitCommonControlsEx
_TrackMouseEvent
ImageList_SetImageCount
ImageList_Add
ImageList_Create
ImageList_Remove
ImageList_Duplicate
ImageList_GetIconSize

msimg32

AlphaBlend

wininet

FtpOpenFileW
HttpQueryInfoW
FtpGetFileSize
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
HttpOpenRequestW
HttpSendRequestExW
InternetConnectW
InternetWriteFile
InternetSetOptionA
HttpEndRequestW
InternetReadFile
InternetReadFileExA
InternetSetStatusCallbackW

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
EnumProcessModules
EnumProcesses
GetModuleBaseNameW

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW
StrCmpNIW
SHDeleteValueW
StrCatW
StrCmpW
SHGetValueW
PathIsDirectoryW
PathAppendW
PathFileExistsW
SHGetValueA
PathIsDirectoryEmptyW
StrStrIW
PathFindExtensionW
StrCmpNW
PathMatchSpecW
PathGetDriveNumberW
PathCombineW
PathIsRootW
PathIsURLW
SHSetValueW
StrToIntExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

urlmon

ObtainUserAgentString

msvcp60

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??1_Lockit@std@@QAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0_Lockit@std@@QAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z

msvcrt

fprintf
_strnicmp
fgets
rewind
swprintf
_ltow
isalnum
_wtol
_ui64tow
time
wcsncat
abs
_beginthreadex
_ftol
memcmp
pow
fseek
ftell
fread
_vsnprintf
_strlwr
_vsnwprintf
swscanf
_wcsnicmp
_wfopen
fwrite
fclose
_purecall
iswdigit
realloc
wcscpy
wcscat
strcpy
strncpy
sprintf
strcat
wcstok
wcsncmp
strtok
_snwprintf
_snprintf
gmtime
malloc
free
tolower
isspace
isprint
__CxxFrameHandler
wcschr
_wtoi
wcsstr
memmove
??2@YAPAXI@Z
_wcslwr
wcsncpy
wcsrchr
wcscmp
strlen
memcpy
memset
_wcsicmp
wcslen
_wtoi64
wcspbrk
strncat
_except_handler3
iswspace
towlower
towupper
_ismbslead
__dllonexit
_onexit
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_stricmp
clock

netapi32

Netbios

atl

ord42
ord47
ord39

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c8968872b9115941d9ae33bff61178a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

25:26:99:0b:04:c4:e4:83:cd:cb:cb:52:af:26:51:69:2c:6d:2f:d0Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

comctl32

msimg32

wininet

psapi

shlwapi

version

wintrust

urlmon

msvcp60

msvcrt

netapi32

atl

comdlg32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 40KB - Virtual size: 55KB

.rsrc Size: 6.8MB - Virtual size: 6.8MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

25:26:99:0b:04:c4:e4:83:cd:cb:cb:52:af:26:51:69:2c:6d:2f:d0
Signer

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 40KB - Virtual size: 55KB

.rsrc
Size: 6.8MB - Virtual size: 6.8MB