529788ad5e16a4ba45e5a59a62feecc0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

529788ad5e16a4ba45e5a59a62feecc0_NeikiAnalytics.exe
Size

237KB
MD5

529788ad5e16a4ba45e5a59a62feecc0
SHA1

09e6bc808d4fbfd78a39a878325f4dc49fe89bcb
SHA256

dac699fc680c5f9ab08e82cde1093b4e9fc3c85fa564811c96e9ea78591c81fe
SHA512

2906f223a0daa49eba847d14ce7b179f868ed9c5d88079b8c01d98fe6d963a2e427910a7c1b17e7f65c9134c69aee297089a032941f5fc35bc15089eefc30d99
SSDEEP

6144:sD8okEvTyoZVOgd2QZiw5NLclL5orfQH:usjCF2QZiOU+4

Score

1^/10

Malware Config

Signatures

Files

529788ad5e16a4ba45e5a59a62feecc0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
lstrcmp
LocalFree
GetTempPathW
FileTimeToDosDateTime
GetCalendarInfoA
EnumDateFormatsW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAlloc
LocalAlloc
CreateFiber
CreatePipe
CompareStringA
VirtualAlloc
GetVolumeInformationA
LoadLibraryA
GetSystemDirectoryW
EnumDateFormatsA
GetLogicalDrives
DisconnectNamedPipe
CopyFileA
SetLocaleInfoW
FreeResource
SystemTimeToFileTime
SetThreadPriority

user32

GetMenuItemRect
CheckMenuRadioItem
GetWindowRect
GetCaretPos
ActivateKeyboardLayout
GetParent
CallWindowProcW
WinHelpW
LoadCursorW
AdjustWindowRect
CopyImage
CreateDialogIndirectParamW
GetCursorPos
GetMenuItemID
LoadMenuIndirectA
CharUpperW
CreateMenu
ArrangeIconicWindows
RegisterClassExW
LoadIconA
SetWindowPos
DestroyWindow
DialogBoxIndirectParamW
GetDlgItemInt
GetSysColor
DialogBoxParamW
ShowCaret
WaitMessage
DestroyCursor
UnregisterClassW
SendMessageW
MonitorFromRect
GetClassNameA
GetClassInfoExA
GetIconInfo
DrawTextW
DrawTextA
CallWindowProcA
CreateWindowExW
UpdateWindow

gdi32

SetICMProfileW
ExtEscape
SetRectRgn
RemoveFontResourceExW
GetPolyFillMode
ColorMatchToTarget
GetCharABCWidthsI
SetWorldTransform
PlayMetaFile
GetLogColorSpaceW
CreateRoundRectRgn
SetWindowOrgEx
GetCharacterPlacementW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegEnumValueA
RegCreateKeyExA

shell32

SHFreeNameMappings

opengl32

glTexGendv
glTexCoord2iv
glRecti
glDebugEntry
glEvalCoord1fv
glMaterialfv
glRasterPos2fv
glPixelMapuiv
glEvalCoord2d

inetcomm

MimeOleGetContentTypeExt
MimeOleGetBodyPropA
CreateSMTPTransport
MimeOleConvertEnrichedToHTML

Sections

.X2"*
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d>ir
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T:O
Size: 1024B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.b9"g9Y
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LJn
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77eb68348ee30e01ec09fce3582c5f76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

inetcomm

Sections

.X2"* Size: 10KB - Virtual size: 11KB

.d>ir Size: 512B - Virtual size: 20KB

.1 Size: 4KB - Virtual size: 3KB

.T:O Size: 1024B - Virtual size: 25KB

.b9"g9Y Size: 3KB - Virtual size: 10KB

.LJn Size: 2KB - Virtual size: 10KB

.' Size: 512B - Virtual size: 39KB

.rsrc Size: 206KB - Virtual size: 205KB

.reloc Size: 1024B - Virtual size: 68KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.X2"*
Size: 10KB - Virtual size: 11KB

.d>ir
Size: 512B - Virtual size: 20KB

.1
Size: 4KB - Virtual size: 3KB

.T:O
Size: 1024B - Virtual size: 25KB

.b9"g9Y
Size: 3KB - Virtual size: 10KB

.LJn
Size: 2KB - Virtual size: 10KB

.'
Size: 512B - Virtual size: 39KB

.rsrc
Size: 206KB - Virtual size: 205KB

.reloc
Size: 1024B - Virtual size: 68KB