b94b2631613829f26b8ca0bbf00cdae0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b94b2631613829f26b8ca0bbf00cdae0_NeikiAnalytics.exe
Size

576KB
MD5

b94b2631613829f26b8ca0bbf00cdae0
SHA1

ec5e55b89a064db40a59d332d703278a38587b1d
SHA256

7ee6d9c461a733adb1251a7158c04d3b0393d2960774eccb8371487c45623423
SHA512

36c9e2d2edc909d35b84a404c39ee5b330efeb661373f0bbcf0d296abe66f6196c1520c8fa5cc44bebfec2b998121cf1bbd074a32e31fc49fc3cd26a2be9261d
SSDEEP

12288:a2zVVn2FUCrKpt0SZOrbnS4JX2+vsDEK0hJf1rsZa5WryBj+zHoDpwSUofsV:aqVVnQUCrKpjZOrbS2ZmryQVSUSsV

Score

1^/10

Malware Config

Signatures

Files

b94b2631613829f26b8ca0bbf00cdae0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

d153b171c3ca0a21fb7514759312d2e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:9a:a2:7b:e1:81:ce:1f:8f:11:b7:38:1c:c6:ec:f3:6b:19:84:df:e9:b9:9b:8d:fd:16:64:46:65:6d:34:12
Signer

Actual PE Digest

33:9a:a2:7b:e1:81:ce:1f:8f:11:b7:38:1c:c6:ec:f3:6b:19:84:df:e9:b9:9b:8d:fd:16:64:46:65:6d:34:12

Digest Algorithm

sha256

PE Digest Matches

true

f5:dd:bf:b0:52:e5:db:f1:5a:00:07:ab:f8:a9:59:25:b4:24:e9:7e
Signer

Actual PE Digest

f5:dd:bf:b0:52:e5:db:f1:5a:00:07:ab:f8:a9:59:25:b4:24:e9:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\rdm\projects\7075\out\Release\uninst.pdb

Imports

kernel32

WaitForMultipleObjects
DeviceIoControl
GetNativeSystemInfo
ExitThread
GetModuleHandleW
TerminateProcess
RemoveDirectoryW
CreateThread
GetCurrentProcess
InterlockedExchange
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueue
CreateTimerQueue
LocalFree
GetCommandLineW
GetCurrentProcessId
OpenProcess
CopyFileW
GetTickCount
GetTempPathW
MoveFileExW
GetModuleFileNameW
DeleteFileW
WaitForSingleObject
DecodePointer
EnterCriticalSection
HeapSize
LeaveCriticalSection
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetProcAddress
LoadLibraryW
Sleep
InterlockedCompareExchange
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
ReadFile
GetFileSize
CreateFileW
SetEvent
SetEnvironmentVariableA
GetTimeZoneInformation
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FreeLibrary
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
GetFileType
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
GetModuleHandleExW
ExitProcess
RtlUnwind
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
EncodePointer
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
InterlockedIncrement
lstrlenW
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileW
CreateDirectoryW
WriteFile
lstrcmpiW
FindNextFileW
GetPrivateProfileStringW
GetFullPathNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLocalTime
GetShortPathNameW
GetExitCodeProcess
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcpyW
lstrcatW
CreateProcessW
GetFileAttributesW
GetSystemDirectoryW
FlushInstructionCache
GetCurrentThreadId
SetLastError
ExpandEnvironmentStringsW
CreateEventW
CreateMutexW
OpenMutexW
GetSystemDefaultLangID
GetSystemInfo
LocalAlloc
GlobalFree
VirtualQuery
FindResourceExW
ResumeThread
WritePrivateProfileStringW
SetEndOfFile
VirtualAlloc
VirtualFree
GetThreadContext
SetThreadContext
VirtualProtect
IsDebuggerPresent
CloseHandle

user32

PostMessageW
IsWindow
ShowWindow
wsprintfW
OffsetRect
KillTimer
SetTimer
EqualRect
SendMessageW
SetCapture
ReleaseCapture
UnionRect
PtInRect
CreateWindowExW
GetCursorPos
DispatchMessageW
TranslateMessage
IntersectRect
IsRectEmpty
BeginPaint
EndPaint
GetClientRect
EnumChildWindows
GetParent
DestroyIcon
SetRectEmpty
LoadImageW
SetCursor
LoadCursorW
GetWindowLongW
UpdateWindow
DrawFocusRect
GetDC
ReleaseDC
DrawTextW
FindWindowW
FindWindowExW
GetWindowThreadProcessId
MessageBoxW
SetWindowLongW
DefWindowProcW
CallWindowProcW
SetWindowTextW
MoveWindow
SetWindowPos
MapWindowPoints
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
PostQuitMessage
RedrawWindow
RegisterClassExW
GetClassInfoExW
LoadStringW
CharUpperW
GetWindowDC
GetDesktopWindow
GetMessageW
DestroyWindow
IsIconic
IsZoomed
UpdateLayeredWindow
SetWindowRgn
ClientToScreen
EnumWindows
SetForegroundWindow
GetForegroundWindow
SendInput
IsWindowVisible
InvalidateRect
CopyRect
UnregisterClassW
GetSysColor
ScreenToClient
IsWindowEnabled

gdi32

GetStockObject
ExtTextOutW
SetBkColor
GetTextExtentExPointW
GetTextExtentPoint32W
GetCurrentObject
SetBitmapBits
GetBitmapBits
SetTextColor
SetBkMode
CombineRgn
SetDIBColorTable
CreateDIBSection
SetViewportOrgEx
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
CreateRectRgnIndirect
SelectClipRgn
RectVisible
GetViewportOrgEx
DeleteDC
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
RestoreDC
SaveDC
GetClipBox
BitBlt

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathCombineW
SHDeleteKeyW
PathIsDirectoryEmptyW
PathIsDirectoryW
PathIsRootW
PathRemoveBlanksW
PathRemoveBackslashW
PathFindFileNameW
SHDeleteValueW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDisposeImage
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectRectI
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawEllipseI
GdipFillRectangle
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipFillEllipseI
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrush
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePixelFormat
GdiplusStartup
GdipCreateLineBrushFromRect
GdipSetImageAttributesColorMatrix

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

psapi

GetProcessImageFileNameW
GetMappedFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetSetOptionW
InternetConnectW

ws2_32

htons
htonl

Sections

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d153b171c3ca0a21fb7514759312d2e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:9a:a2:7b:e1:81:ce:1f:8f:11:b7:38:1c:c6:ec:f3:6b:19:84:df:e9:b9:9b:8d:fd:16:64:46:65:6d:34:12Signer

f5:dd:bf:b0:52:e5:db:f1:5a:00:07:ab:f8:a9:59:25:b4:24:e9:7eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

netapi32

psapi

version

wininet

ws2_32

Sections

.text Size: 413KB - Virtual size: 413KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 10KB - Virtual size: 86KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 21KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:9a:a2:7b:e1:81:ce:1f:8f:11:b7:38:1c:c6:ec:f3:6b:19:84:df:e9:b9:9b:8d:fd:16:64:46:65:6d:34:12
Signer

f5:dd:bf:b0:52:e5:db:f1:5a:00:07:ab:f8:a9:59:25:b4:24:e9:7e
Signer

.text
Size: 413KB - Virtual size: 413KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 10KB - Virtual size: 86KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 21KB - Virtual size: 21KB