2c7ed6df3c298051058134012f5ea850_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2c7ed6df3c298051058134012f5ea850_NeikiAnalytics.exe
Size

1001KB
MD5

2c7ed6df3c298051058134012f5ea850
SHA1

47cc0eb98f2f557afbd1d5ffc838055cc48c174e
SHA256

be4d43d15c6b4ed26363668f108510b7ded4afd51cede1331bb92195e540d18e
SHA512

c23d7b83327d9b9037dcedf8f81e2f9d30a83b7fe024cd16eb76e1e4d4d4f22d8de8178865cbb7b284a107f8e755947600931bf9aba08ea4eb36ea5cb0e2a6a8
SSDEEP

12288:HSkc9N+AC7psl39el+AN0rlkhKFUIpTXKn7Rq1PjoEyQTHCL1wLsxz8XxftMMefm:y2AC7Oel+ANqlKn9JwnXxtcUBTm6efS

Score

1^/10

Malware Config

Signatures

Files

2c7ed6df3c298051058134012f5ea850_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

a77c37f9d706c52aea8bfd3164c71b41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:24:3d:90:c8:1c:d8:fe:c7:0e:99:81:31:54:fb:64:59
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

13/03/2013, 07:15

Not After

14/03/2014, 07:15

Subject

CN=Taiwan Shui Mu Chih Ching Technology Limited,O=Taiwan Shui Mu Chih Ching Technology Limited,L=新北,ST=台湾,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:3c:06:80:f9:f3:cd:ad:38:90:d5:f9:f5:7d:7a:12:d9:63:c9:cb
Signer

Actual PE Digest

19:3c:06:80:f9:f3:cd:ad:38:90:d5:f9:f5:7d:7a:12:d9:63:c9:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Build\ecyber\trunk\sc\bin.32\eUninstall.pdb

Imports

shlwapi

SHDeleteKeyW
PathFindFileNameW
PathRemoveExtensionW
PathRenameExtensionW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionW
PathCombineW
PathFileExistsW

kernel32

HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
VirtualAlloc
VirtualQuery
RtlUnwind
LCMapStringW
GetCommandLineW
GetStdHandle
GetFileType
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetSystemDefaultLCID
OutputDebugStringW
TlsFree
TlsAlloc
InterlockedExchange
InterlockedIncrement
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
WideCharToMultiByte
SetFilePointer
ReadFile
SetFileAttributesW
GetFileAttributesExW
GetFileSize
GetSystemInfo
WriteConsoleW
ExitProcess
DecodePointer
EncodePointer
GetProfileIntW
GlobalSize
GlobalUnlock
InterlockedDecrement
ResumeThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCPInfo
InitializeCriticalSection
SetEvent
GetCurrentThreadId
CreateEventW
CreateFileW
CopyFileW
CreateDirectoryW
lstrlenW
Process32NextW
Process32FirstW
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcess
WaitForSingleObject
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
lstrlenA
GetProcAddress
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MoveFileExW
DeleteFileW
FindNextFileW
FindClose
FindFirstFileW
GetSystemDirectoryW
LocalFree
CloseHandle
GetLastError
CreateMutexW
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
VirtualProtect
FormatMessageA
SetEndOfFile
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
MulDiv
DebugBreak
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
GlobalLock
FreeEnvironmentStringsW
IsValidCodePage
GlobalFree
GlobalAlloc
GetTickCount
GetOEMCP
GetACP
IsProcessorFeaturePresent
SetLastError
GetCurrentDirectoryW
SetCurrentDirectoryW
TlsSetValue
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetPrivateProfileSectionW
FreeLibrary

user32

GetWindowThreadProcessId
ShowWindow
IsIconic
SendMessageW
GetParent
RegisterClassW
DestroyWindow
PostMessageW
CreateWindowExW
DefWindowProcW
GetWindowRect
ScreenToClient
CreateAcceleratorTableW
SetCaretPos
HideCaret
ShowCaret
CreateCaret
PeekMessageW
GetCapture
RegisterClipboardFormatW
SetWindowTextW
TrackMouseEvent
MapWindowPoints
SetWindowRgn
GetUpdateRect
SetCursor
LoadCursorW
IsWindow
GetDesktopWindow
SetWindowPos
GetWindow
GetKeyState
ClientToScreen
GetWindowTextW
PostThreadMessageW
GetWindowLongW
SetWindowLongW
GetDC
UpdateLayeredWindow
ReleaseDC
IntersectRect
SystemParametersInfoW
GetSystemMetrics
GetFocus
IsChild
CopyImage
DrawTextW
wvsprintfW
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
UnionRect
CharLowerW
CharNextW
InvalidateRgn
GetCursorPos
GetSysColor
GetClientRect
BeginPaint
EndPaint
FillRect
DrawFocusRect
FrameRect
SetTimer
InvalidateRect
KillTimer
GetClassInfoExW
RegisterClassExW
EnableWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
PostQuitMessage
GetLastActivePopup
SetPropW
GetPropW
SetCapture
ReleaseCapture
CallWindowProcW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW
SHChangeNotify
ShellExecuteExW

ole32

OleDuplicateData
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
DoDragDrop
OleLockRunning
CoTaskMemAlloc
IIDFromString
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
VariantCopy
VariantChangeType
LoadTypeLi
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
GetErrorInfo

gdiplus

GdipDeleteFontFamily
GdipDrawImageRectRectI
GdipDrawImageI
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipGraphicsClear
GdipDrawRectangleI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdiplusShutdown
GdipCreateFontFromDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipLoadImageFromStream
GdipSaveImageToStream
GdiplusStartup
GdipImageGetFrameDimensionsCount
GdipCloneBrush
GdipGetImageFlags

msimg32

TransparentBlt
AlphaBlend

riched20

ord4

winmm

timeSetEvent
timeKillEvent

ws2_32

WSAStartup
WSACleanup

urlmon

UrlMkGetSessionOption

comctl32

ord17

gdi32

OffsetClipRgn
MoveToEx
LineTo
ArcTo
GetStockObject
Rectangle
Ellipse
Polygon
Polyline
SetTextColor
OffsetRgn
FillRgn
FrameRgn
SetStretchBltMode
SetWindowOrgEx
CopyMetaFileW
GetDeviceCaps
GetBkMode
SetBkMode
CreateRectRgn
CreateFontW
AddFontResourceW
EnumFontFamiliesW
CreatePen
CreatePatternBrush
SetDIBits
GetDIBits
DeleteDC
SetPixel
GetPixel
BitBlt
SetWorldTransform
SetGraphicsMode
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
GetObjectA
RestoreDC
SaveDC
GetClipBox
CreateRoundRectRgn
GetCharABCWidthsW
GetTextExtentPoint32W
SelectObject
DeleteObject
CombineRgn
SelectClipRgn
StretchBlt
CreateRectRgnIndirect
GetRgnBox

Sections

.text
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a77c37f9d706c52aea8bfd3164c71b41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:24:3d:90:c8:1c:d8:fe:c7:0e:99:81:31:54:fb:64:59Certificate

Extended Key Usages

Key Usages

19:3c:06:80:f9:f3:cd:ad:38:90:d5:f9:f5:7d:7a:12:d9:63:c9:cbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

gdiplus

msimg32

riched20

winmm

ws2_32

urlmon

comctl32

gdi32

Sections

.text Size: 662KB - Virtual size: 661KB

.rdata Size: 207KB - Virtual size: 207KB

.data Size: 23KB - Virtual size: 40KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 76KB - Virtual size: 75KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:24:3d:90:c8:1c:d8:fe:c7:0e:99:81:31:54:fb:64:59
Certificate

19:3c:06:80:f9:f3:cd:ad:38:90:d5:f9:f5:7d:7a:12:d9:63:c9:cb
Signer

.text
Size: 662KB - Virtual size: 661KB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 23KB - Virtual size: 40KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 76KB - Virtual size: 75KB