8038c05f9ff14c1b2f0df91a4c6ec070_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8038c05f9ff14c1b2f0df91a4c6ec070_NeikiAnalytics.exe
Size

218KB
MD5

8038c05f9ff14c1b2f0df91a4c6ec070
SHA1

e7f0e08d50b43ca9c66f78e7045a08abf8091c28
SHA256

06f4bb371fe6c04372c39c5a93d4859c0bc006f0bdbfa19eacc4c9af0339751e
SHA512

10acc4dd04db63cc8d0a36fb09991d977fa507709a4cbd1cf041e7d975addcb58451e73bf3bb60a686955cdb34a8d64614c93a19ada33c4db378011277ef7e76
SSDEEP

3072:Nvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:B1SyAJp6rjn1gOObn4b6h9h

Score

1^/10

Malware Config

Signatures

Files

8038c05f9ff14c1b2f0df91a4c6ec070_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-09-2006 00:00

Not After

24-11-2007 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

Actual PE Digest

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
GetComputerNameA
GetCalendarInfoA
TlsAlloc
CreateDirectoryW
GetMailslotInfo
GetModuleFileNameW
GetCalendarInfoW
GetPriorityClass
GetUserDefaultLCID
GlobalFindAtomA
GetProcAddress
FindAtomW
FileTimeToLocalFileTime
EnumDateFormatsW
OpenEventA
GetLocaleInfoW
lstrcmpiW
SetLocaleInfoW
GetEnvironmentVariableW
GetExitCodeProcess
MulDiv
SetUnhandledExceptionFilter
GetNamedPipeInfo
EndUpdateResourceW
SetComputerNameA
GetProcessHeap
SetPriorityClass
FreeResource
GetModuleHandleW
QueryPerformanceFrequency
GetFileAttributesW
CompareStringA
LoadLibraryA
IsDebuggerPresent
HeapCreate
CreateNamedPipeW
GetThreadPriority
OpenMutexW
ExpandEnvironmentStringsA
lstrcmpi
GetEnvironmentStringsA
FileTimeToDosDateTime
GetCommandLineA
lstrcpynW
GetDiskFreeSpaceW
lstrcmp
GetCurrentDirectoryA

user32

AnimateWindow
GetWindowRgn
GetClassInfoA
CreateDialogParamA
GetClassInfoExW
EnumChildWindows
RegisterClassA
DrawTextA
SetFocus
MessageBoxIndirectW
MonitorFromPoint
ClientToScreen
DefWindowProcA
LoadImageA
ActivateKeyboardLayout
GetTopWindow
LoadMenuIndirectA
MessageBoxA
GetDC
UnregisterClassW
mouse_event
GetMenuState
SetCursor
ShowCursor
IsDlgButtonChecked
CheckDlgButton
SetParent
keybd_event
DrawTextW
SetDlgItemInt
FrameRect
RegisterClassExW
RemoveMenu
SendMessageA
TrackPopupMenuEx
GetForegroundWindow
LoadMenuA
GetDlgItemTextW
CreateDialogIndirectParamW
SetDlgItemTextW
MessageBeep
SetActiveWindow
CharNextA
GetMenu
UpdateLayeredWindow
SetWindowLongA
CloseWindow
MessageBoxW
EndDialog
IsIconic
CreateAcceleratorTableA

gdi32

PtInRegion
SetWorldTransform
CreateEnhMetaFileW
CreateDCW
CreateMetaFileW
TranslateCharsetInfo
EnumFontsA
ScaleViewportExtEx
CreateCompatibleDC
GetDIBits
RemoveFontResourceW
SetPixel
GetEnhMetaFileDescriptionA

advapi32

RegCreateKeyExW
RegOpenKeyW
RegRestoreKeyA
RegOpenKeyA
RegSaveKeyW
RegReplaceKeyA

shlwapi

SHDeleteEmptyKeyA
PathFindNextComponentW
StrCpyW
PathStripPathA
SHCopyKeyW
PathIsURLW
SHRegQueryInfoUSKeyW
PathCreateFromUrlA

oleaut32

VarR4FromR8

winmm

mciSendStringW
mciSendStringA

winspool.drv

DeleteFormA

Sections

.sX
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RqVY
Size: 1KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lziQh
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EXGwv
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 167KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 4KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.E
Size: 4KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dbe4621616d081e3440b0469a9471ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

oleaut32

winmm

winspool.drv

Sections

.sX Size: 4KB - Virtual size: 4KB

.RqVY Size: 1KB - Virtual size: 255KB

.i Size: 14KB - Virtual size: 13KB

.lziQh Size: 4KB - Virtual size: 4KB

.EXGwv Size: 4KB - Virtual size: 142KB

.data Size: 167KB - Virtual size: 535KB

.I Size: 4KB - Virtual size: 279KB

.E Size: 4KB - Virtual size: 452KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 950B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

1a:1a:68:ca:97:da:2f:d6:ef:b5:93:14:5e:61:bb:e0:62:cb:95:b2
Signer

.sX
Size: 4KB - Virtual size: 4KB

.RqVY
Size: 1KB - Virtual size: 255KB

.i
Size: 14KB - Virtual size: 13KB

.lziQh
Size: 4KB - Virtual size: 4KB

.EXGwv
Size: 4KB - Virtual size: 142KB

.data
Size: 167KB - Virtual size: 535KB

.I
Size: 4KB - Virtual size: 279KB

.E
Size: 4KB - Virtual size: 452KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 950B