b8a7354bbbefc6af7bd2656b30617fb0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b8a7354bbbefc6af7bd2656b30617fb0_NeikiAnalytics.exe
Size

178KB
MD5

b8a7354bbbefc6af7bd2656b30617fb0
SHA1

952c8f66912baf41f921b2ae884f2b475b0afd10
SHA256

aa95a6f104317f0d3831cc8dfb4b7c9303000e6c613e78062ed2a6620dcfe552
SHA512

9228bf4224c88588bc71f8a8867ab2ab68bfef8bb1a5ba4beee801227c87f3cb476744155042218a7b1bff6ddc30cc2c462ad56f55cd4d147605fa1c39b7074b
SSDEEP

3072:c21MYeopAg0Fu/bdB4kopLtbL7tipP2lQBV+UdE+rECWp7hKGD:dAO/bdB4ko9kTBV+UdvrEFp7hKq

Score

1^/10

Malware Config

Signatures

Files

b8a7354bbbefc6af7bd2656b30617fb0_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

d7d0ec89284c81dade2c7a3b7ce41964

Code Sign

33:00:00:00:1f:98:00:c9:11:02:95:69:be:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/10/2017, 17:44

Not After

05/10/2018, 17:44

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:83:91:5a:e3:7a:7b:87:06:fa:a1:91:d4:c9:a5:9e:42:9a:16:86:6d:56:84:42:09:f9:5d:18:ab:eb:8f:9c
Signer

Actual PE Digest

1b:83:91:5a:e3:7a:7b:87:06:fa:a1:91:d4:c9:a5:9e:42:9a:16:86:6d:56:84:42:09:f9:5d:18:ab:eb:8f:9c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cbs\build\6855b9~1\in\instal~1\src\wdm\ctcoinst\cisetup\objfre_wnet_x86\i386\CiSetup.pdb

Imports

ntdll

RtlUnwind

kernel32

LocalAlloc
Sleep
LoadLibraryA
FreeLibrary
GetEnvironmentVariableA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
DisableThreadLibraryCalls
VirtualAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetTimeZoneInformation
ReadFile
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetFilePointer
GetLocaleInfoA
InterlockedExchange
SetStdHandle
FlushFileBuffers
RaiseException
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileA
GetCurrentProcess
LocalFree
SetLastError
GetFileAttributesA
MoveFileExA
SetFileAttributesA
CloseHandle
WriteFile
CreateFileA
GetModuleHandleA
GetProcAddress
GetVersionExA
GetLastError
GetModuleFileNameA

advapi32

RegCreateKeyExA
AllocateAndInitializeSid
SetEntriesInAclA
OpenProcessToken
SetNamedSecurityInfoA
FreeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA

lz32

LZOpenFileA

Exports

Exports

BackupDeviceDriver
DisableDevice
EnableDevice
RemoveDevice
RollbackDeviceDriver
UpdateDeviceDriver

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7d0ec89284c81dade2c7a3b7ce41964

Code Sign

33:00:00:00:1f:98:00:c9:11:02:95:69:be:00:00:00:00:00:1fCertificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

1b:83:91:5a:e3:7a:7b:87:06:fa:a1:91:d4:c9:a5:9e:42:9a:16:86:6d:56:84:42:09:f9:5d:18:ab:eb:8f:9cSigner

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

shell32

lz32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 5KB - Virtual size: 4KB

33:00:00:00:1f:98:00:c9:11:02:95:69:be:00:00:00:00:00:1f
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

1b:83:91:5a:e3:7a:7b:87:06:fa:a1:91:d4:c9:a5:9e:42:9a:16:86:6d:56:84:42:09:f9:5d:18:ab:eb:8f:9c
Signer

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 5KB - Virtual size: 4KB