3840887629aab934be12f0b06fd5aec0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3840887629aab934be12f0b06fd5aec0_NeikiAnalytics.exe
Size

1.4MB
MD5

3840887629aab934be12f0b06fd5aec0
SHA1

c36494bf874b49afcd8dfd2d2281ae8b655a2cfd
SHA256

bff4cfdc54082c2f315f32708d16db65a1805682552e3fbf5ff6213c31a0b98c
SHA512

b931943365facdf0560e1fdf2ac21880b2d5c4e3fadf3ac90d95ec0bafd5e7534cf53c82fa0ea5fea3547e7a0fbb1341c62d435d97227801bef83292891bbdba
SSDEEP

24576:hS2XrAMyGeeHMohJdKZY94n9V9Zqp7Ke8a4sG88OuPEvsgFYNLajTYEz4r89TY99:wFVOsoQZY94n9V9Zqp7B4sGnOujgW1SG

Score

1^/10

Malware Config

Signatures

Files

3840887629aab934be12f0b06fd5aec0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

3dd74317003c244caaac694bf5ebd32c

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:c9:f5:f3:bb:5d:6e
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

21/08/2011, 15:34

Not After

22/08/2012, 17:26

Subject

CN=东晨网络科技有限公司,O=东晨网络科技有限公司,L=长沙市,ST=湖南省,C=CN,1.2.840.113549.1.9.1=#0c11647261676f6e657472724071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

cd:11:22:a6:f0:6d:b5:2f:a5:00:2a:bc:e6:3b:61:9d:d6:28:40:3d
Signer

Actual PE Digest

cd:11:22:a6:f0:6d:b5:2f:a5:00:2a:bc:e6:3b:61:9d:d6:28:40:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\project\RemoteAny\RC_CLI_SoftUI_1108\Release\RCDesktopService.pdb

Imports

streamencoder

ord1
ord4
ord6
ord5
ord7
ord8
ord3

wsock32

inet_addr
accept
setsockopt
listen
connect
bind
getpeername
WSAGetLastError
select
inet_ntoa
sendto
getsockname
__WSAFDIsSet
shutdown
closesocket
socket
gethostbyname
WSACleanup
WSAStartup
ioctlsocket
htons
gethostname
ntohs
htonl
recv
getsockopt
send

winmm

waveInGetNumDevs
waveInUnprepareHeader
waveInClose
waveInReset
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutOpen
waveOutPrepareHeader
waveOutWrite
waveOutClose
mixerOpen
mixerClose
waveInGetDevCapsA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

userenv

DestroyEnvironmentBlock
GetUserProfileDirectoryA
CreateEnvironmentBlock

psapi

GetProcessMemoryInfo
GetModuleFileNameExA
GetModuleFileNameExW

netapi32

NetApiBufferFree
NetLocalGroupGetMembers

udpstream

ord22
ord9
ord20
ord19
ord18
ord8
ord7
ord4
ord3
ord5
ord2
ord1
ord24
ord25
ord16
ord10
ord26
ord6
ord27

kernel32

FlushFileBuffers
GetStdHandle
CopyFileA
WriteConsoleA
MultiByteToWideChar
GlobalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileStructA
UnmapViewOfFile
MapViewOfFile
GlobalLock
lstrcmpiA
QueryPerformanceCounter
GetSystemDefaultLangID
GetVersion
FormatMessageA
IsDBCSLeadByteEx
SystemTimeToFileTime
GetCurrentDirectoryA
FileTimeToSystemTime
GetFileInformationByHandle
GetLocalTime
ResetEvent
ResumeThread
VirtualAlloc
CreateThread
VirtualFree
GetExitCodeProcess
GetFileSize
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameA
CreateSemaphoreA
FileTimeToLocalFileTime
CompareStringA
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalGetAtomNameA
SetThreadPriority
GetFileTime
GlobalAddAtomA
GlobalFlags
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
FreeResource
GetLocaleInfoA
GetCurrentThread
GetCPInfo
GetOEMCP
GlobalUnlock
GetModuleFileNameA
ReleaseMutex
SetProcessShutdownParameters
MulDiv
GlobalAlloc
ProcessIdToSessionId
GetPrivateProfileIntA
WinExec
SetErrorMode
GetProcessHeap
HeapAlloc
HeapFree
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
LocalAlloc
Process32First
GetProcessIoCounters
GetProcessTimes
Process32Next
LocalFree
GetSystemInfo
SetFilePointer
SetEndOfFile
lstrcmpA
CreateMutexA
LoadLibraryA
GetCurrentProcess
FreeLibrary
OpenProcess
GetCurrentProcessId
GetVersionExA
lstrlenA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
MoveFileA
RemoveDirectoryA
GetPrivateProfileStringA
GetFileAttributesExA
DeleteFileA
GetFileSizeEx
SetFilePointerEx
FindFirstFileA
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetFileAttributesA
CreateDirectoryA
SetFileAttributesA
CreateFileA
TerminateProcess
ReadFile
WriteFile
SetLastError
CreatePipe
GetWindowsDirectoryA
CreateProcessA
TerminateThread
GetModuleHandleA
GetProcAddress
Sleep
IsBadReadPtr
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
GetTickCount
GetLastError
GetCurrentThreadId
RtlUnwind
ExitThread
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapSize
HeapCreate
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleOutputCP
WriteConsoleW
CompareStringW
CreateFileMappingA
SetEnvironmentVariableA

user32

CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
DestroyMenu
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetClientRect
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CallWindowProcA
GetMenu
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowPos
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
SetFocus
GetFocus
GetWindow
GetDlgCtrlID
SetWindowTextA
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
CharUpperA
GetSystemMetrics
RegisterClipboardFormatA
GetMenuState
LoadBitmapA
SendMessageA
IsWindow
DestroyWindow
GetWindowTextA
GetWindowThreadProcessId
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
PostThreadMessageA
GetUserObjectInformationA
GetProcessWindowStation
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
SetClipboardViewer
ChangeClipboardChain
PostQuitMessage
SetWindowLongA
IntersectRect
GetCursorPos
GetCursorInfo
GetIconInfo
EnumDesktopWindows
GetClassNameA
SetRect
PtInRect
WindowFromPoint
GetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
BlockInput
SystemParametersInfoA
GetAsyncKeyState
MapVirtualKeyA
SendInput
GetKeyboardState
keybd_event
EmptyClipboard
SetClipboardData
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
SetTimer
KillTimer
MessageBoxA
GetUserObjectSecurity
SetUserObjectSecurity
IsRectEmpty
CopyRect
EnumDisplaySettingsA
EnumDisplayDevicesA
ChangeDisplaySettingsExA
MessageBeep
PostMessageA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
SendMessageTimeoutA
FindWindowA
CloseDesktop
OpenInputDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopA

gdi32

SelectObject
ExtEscape
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetRegionData
DeleteObject
DeleteDC
CreateDCA
GetStockObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
GetBitmapBits
GetObjectA
BitBlt
GdiFlush
SaveDC
RestoreDC
SetBkColor
CreateBitmap
SetTextColor
SetMapMode
GetDIBits
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

CreateServiceA
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
RegCreateKeyExA
LogonUserA
SetTokenInformation
CreateProcessAsUserA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
DeleteService
QueryServiceStatus
ControlService
RegDeleteValueA
RegOpenKeyA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
LookupAccountSidA
CopySid
GetLengthSid
SetSecurityDescriptorDacl
AddAce
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
RegEnumValueA
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueA
DuplicateTokenEx
QueryServiceStatusEx
SetNamedSecurityInfoA
UnlockServiceDatabase
QueryServiceConfig2A
QueryServiceLockStatusA
LockServiceDatabase
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
DuplicateToken

shell32

SHGetFolderPathA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayPutElement
VariantChangeType
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
VarBstrCmp
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

crashcapture

ord4
ord3
ord6
ord1
ord2
ord5
ord7

shlwapi

PathFileExistsA
PathFindFileNameA
PathIsUNCA
PathStripToRootA

oledlg

ord8

urlmon

FindMimeFromData

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW

iphlpapi

GetAdaptersInfo
GetIpAddrTable
GetBestInterface
GetIfEntry

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetSetOptionA

oleacc

CreateStdAccessibleObject
LresultFromObject

msvcr90

fclose
fprintf
fopen_s
tolower
strchr
ftell
fseek
memmove
_vsnprintf_s
isalpha
isalnum
isspace
srand
strncmp
_time64
rand
sprintf
sscanf
_wcsicmp
fread

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dd74317003c244caaac694bf5ebd32c

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

19:9d:f8:79Certificate

Key Usages

10:c9:f5:f3:bb:5d:6eCertificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

cd:11:22:a6:f0:6d:b5:2f:a5:00:2a:bc:e6:3b:61:9d:d6:28:40:3dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

streamencoder

wsock32

winmm

version

userenv

psapi

netapi32

udpstream

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

crashcapture

shlwapi

oledlg

urlmon

rpcrt4

iphlpapi

wininet

oleacc

msvcr90

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 260KB - Virtual size: 260KB

.data Size: 18KB - Virtual size: 114KB

.rsrc Size: 1024B - Virtual size: 960B

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

19:9d:f8:79
Certificate

10:c9:f5:f3:bb:5d:6e
Certificate

39
Certificate

01
Certificate

cd:11:22:a6:f0:6d:b5:2f:a5:00:2a:bc:e6:3b:61:9d:d6:28:40:3d
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 18KB - Virtual size: 114KB

.rsrc
Size: 1024B - Virtual size: 960B