4bf44b4e0ee51681baedc4283a1f3aa0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4bf44b4e0ee51681baedc4283a1f3aa0_NeikiAnalytics.exe
Size

55KB
MD5

4bf44b4e0ee51681baedc4283a1f3aa0
SHA1

7fcdfc6745edec6864691422d7440e657e9d4e75
SHA256

fb84f6bac0de1d978048e57d74f914b1b7abd3ca27b4bfb6c3789ec3c2b6226e
SHA512

120228954751dfb3922a4183f79352d11eb3d22fe9bb88d50bf37a7df8f4396c0bfd0c09ade041951c2389c89c95f198eb7094492e5b704045e815590a236e0f
SSDEEP

1536:hbLOdfwMD/czL75YPmS9IujClrYlMv/Ah1:hnOdfqzL7OPmS9IuQrKH

Score

1^/10

Malware Config

Signatures

Files

4bf44b4e0ee51681baedc4283a1f3aa0_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

fcd0e19e56d745348106a87c837708f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/03/2015, 00:00

Not After

03/05/2018, 23:59

Subject

CN=CyberLink Corp.,O=CyberLink Corp.,L=New Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/03/2015, 00:00

Not After

03/05/2018, 23:59

Subject

CN=CyberLink Corp.,O=CyberLink Corp.,L=New Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ed:83:e9:5e:91:e7:f9:88:91:38:3f:82:72:bc:16:64:96:92:8e:a6:51:de:40:a5:f4:20:96:56:b6:4f:fa:4a
Signer

Actual PE Digest

ed:83:e9:5e:91:e7:f9:88:91:38:3f:82:72:bc:16:64:96:92:8e:a6:51:de:40:a5:f4:20:96:56:b6:4f:fa:4a

Digest Algorithm

sha256

PE Digest Matches

true

33:c8:c4:32:c7:12:11:ba:a7:76:19:50:bd:e3:75:c0:e8:b4:97:61
Signer

Actual PE Digest

33:c8:c4:32:c7:12:11:ba:a7:76:19:50:bd:e3:75:c0:e8:b4:97:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\KoanWorkSpace\BuildSource\trunk\Src\koan\img\_image.pdb

Imports

gdiplus

GdipSetInterpolationMode
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipAlloc
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree

python27

PyEval_RestoreThread
PyEval_SaveThread
PyList_SetItem
PyList_New
PyExc_ZeroDivisionError
PyExc_ValueError
_Py_NoneStruct
PyExc_SyntaxError
PyExc_NotImplementedError
PyExc_RuntimeError
PyExc_OverflowError
PyExc_MemoryError
PyExc_IndexError
PyExc_SystemError
PyExc_IOError
PyExc_AttributeError
_PyWeakref_CallableProxyType
_PyWeakref_ProxyType
PyInstance_Type
PyType_Type
PyObject_Size
PyObject_CallFunctionObjArgs
PyObject_Call
Py_InitModule4
PyModule_AddObject
Py_BuildValue
PyArg_UnpackTuple
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyCObject_Import
PyCObject_FromVoidPtr
_PyInstance_Lookup
PyInstance_NewRaw
PyModule_GetDict
PyDict_SetItemString
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyTuple_SetItem
PyTuple_New
PyString_AsStringAndSize
PyString_Format
PyString_ConcatAndDel
PyString_AsString
PyString_FromFormat
PyString_FromString
PyLong_FromVoidPtr
PyLong_AsLong
PyBool_FromLong
PyInt_AsLong
PyInt_FromLong
PyUnicodeUCS2_AsWideChar
PyUnicodeUCS2_FromObject
PyUnicodeUCS2_GetSize
PyUnicodeUCS2_AsUnicode
PyObject_Init
PyObject_Free
PyObject_Malloc
PyObject_IsTrue
PyObject_GenericGetAttr
_PyObject_GetDictPtr
PyObject_GetAttr
PyExc_TypeError

msvcp110

?_Winerror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z

kernel32

DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
FreeResource
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryExW
DecodePointer
EncodePointer
IsProcessorFeaturePresent

ole32

CreateStreamOnHGlobal

msvcr110

??_V@YAXPAX@Z
??3@YAXPAX@Z
_purecall
__clean_type_info_names_internal
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
??2@YAPAXI@Z
_unlock
_lock
memset
rewind
ftell
fseek
fread
fclose
_beginthread
_wfopen
memcpy
__CxxFrameHandler3
_CxxThrowException
_calloc_crt
malloc
free
strstr
strncpy
strncmp
memmove
printf
fputs

Exports

Exports

GetImageSize
LoadImageEx
LoadImageFromString
init_image

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcd0e19e56d745348106a87c837708f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

ed:83:e9:5e:91:e7:f9:88:91:38:3f:82:72:bc:16:64:96:92:8e:a6:51:de:40:a5:f4:20:96:56:b6:4f:fa:4aSigner

33:c8:c4:32:c7:12:11:ba:a7:76:19:50:bd:e3:75:c0:e8:b4:97:61Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

python27

msvcp110

kernel32

ole32

msvcr110

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

ed:83:e9:5e:91:e7:f9:88:91:38:3f:82:72:bc:16:64:96:92:8e:a6:51:de:40:a5:f4:20:96:56:b6:4f:fa:4a
Signer

33:c8:c4:32:c7:12:11:ba:a7:76:19:50:bd:e3:75:c0:e8:b4:97:61
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB