1ec6b1b06e89c6336b82193491c17980_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1ec6b1b06e89c6336b82193491c17980_NeikiAnalytics.exe
Size

356KB
MD5

1ec6b1b06e89c6336b82193491c17980
SHA1

1b9e43481920491f94f1048551dcfb4ab20cd297
SHA256

c06ace8fb783f0d74d16d4fd22bf7f0a6f39cf2465d8076b4668b4605702a0dd
SHA512

1b3eaabcdacde32d81bfc760c6fadcddcdb05088cf840a3f0d0ac9cc1e4af8cc5482b6cc6e3c42a680cb6cd28fe694856e1de97227b8470d7cc647b14c6a17f7
SSDEEP

6144:fgFtboVBJtNWyPnYG4fUbkggFtboVBJtNWyP:fyw/ecJ9kgyw/ec

Score

1^/10

Malware Config

Signatures

Files

1ec6b1b06e89c6336b82193491c17980_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

430af33f4ce9475c62e2d9321d894f4c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:37:d1:85:e1:e2:87:c8:8c:8d:2a:bb:f9:36:aa:c5:01:88:72:f1
Signer

Actual PE Digest

fa:37:d1:85:e1:e2:87:c8:8c:8d:2a:bb:f9:36:aa:c5:01:88:72:f1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
OpenMutexW
LocalAlloc
lstrcatW
FindAtomW
GetAtomNameA
GetCurrentThread
InitializeCriticalSection
CompareStringA
WinExec
lstrcpy
GetComputerNameA
GetExpandedNameA
FileTimeToDosDateTime
GetAtomNameW
SetUnhandledExceptionFilter
GetLongPathNameA
DuplicateHandle
SetLastError
SetThreadPriority
GlobalGetAtomNameW
SearchPathA
IsBadCodePtr
CreateNamedPipeA
GetStartupInfoW
GetTempPathA
GetLogicalDrives
FindAtomA
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
FindResourceA
GetTimeFormatW
GetHandleInformation
EndUpdateResourceA
GetProcessHeap
CreateMailslotW
GetThreadLocale
GetExpandedNameW
SetCalendarInfoA
GetCurrentDirectoryA
OpenEventA
GetLogicalDriveStringsA
lstrcmp
ExitThread
GetVersionExW
CreateSemaphoreA

user32

GetDCEx
LoadCursorA
CreatePopupMenu
GetCapture
CreateCaret
LoadBitmapW
TrackPopupMenu
DefFrameProcW
GetAsyncKeyState
CharUpperA
CreateDesktopW
CreateAcceleratorTableW
MessageBoxIndirectW
SetCursorPos
InsertMenuW
DeleteMenu
InvalidateRgn
mouse_event
ActivateKeyboardLayout
PeekMessageA
ReleaseDC
CopyIcon
CharUpperW
MonitorFromWindow
LoadMenuIndirectA
CreateWindowExA
GetMenuItemInfoW
LoadCursorW
CopyImage
IsChild
MoveWindow
CharLowerW
EndDialog
DefDlgProcW
GetActiveWindow
DestroyWindow
CheckMenuRadioItem
SetCursor
MonitorFromRect
CreateDialogIndirectParamW
EnableMenuItem
SetDlgItemTextW
UpdateWindow
LoadIconA
ArrangeIconicWindows
SendMessageW
EmptyClipboard
GetMessageA
SetWindowPos

gdi32

RemoveFontResourceExW
SetPaletteEntries
EnumObjects
StrokeAndFillPath
GetEnhMetaFileHeader
RestoreDC
CreateMetaFileW
Polygon
GetBkMode
SetLayout
TranslateCharsetInfo
PolyBezierTo

advapi32

RegCreateKeyExA
RegCreateKeyW
RegReplaceKeyW

comdlg32

ReplaceTextA
FindTextW
FindTextA

oleaut32

VarBoolFromDisp
GetRecordInfoFromGuids
LoadTypeLib

version

VerInstallFileW
GetFileVersionInfoSizeA

urlmon

ReleaseBindInfo
BindAsyncMoniker
HlinkGoForward
CDLGetLongPathNameW
URLDownloadA
CompareSecurityIds
IsAsyncMoniker
URLOpenPullStreamA
URLOpenStreamW
RegisterFormatEnumerator

winmm

mmTaskCreate
midiInGetID
NotifyCallbackData
midiOutMessage

inetcomm

MimeOleSMimeCapsToDlg
MimeOleSetBodyPropA
MimeOleSetDefaultCharset
DllGetClassObject

oledlg

OleUIChangeSourceA
OleUIAddVerbMenuA
OleUIInsertObjectW
OleUIPasteSpecialA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MBqyqw
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Xp
Size: 1KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iVZWys
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.av
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TD
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CXg
Size: 512B - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J
Size: 1KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CDN
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.X
Size: 512B - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

430af33f4ce9475c62e2d9321d894f4c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

fa:37:d1:85:e1:e2:87:c8:8c:8d:2a:bb:f9:36:aa:c5:01:88:72:f1Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comdlg32

oleaut32

version

urlmon

winmm

inetcomm

oledlg

Sections

.text Size: 11KB - Virtual size: 11KB

.MBqyqw Size: 512B - Virtual size: 4KB

.Xp Size: 1KB - Virtual size: 42KB

.iVZWys Size: 2KB - Virtual size: 24KB

.av Size: 4KB - Virtual size: 40KB

.TD Size: 512B - Virtual size: 4KB

.CXg Size: 512B - Virtual size: 49KB

.data Size: 10KB - Virtual size: 9KB

.J Size: 1KB - Virtual size: 23KB

.CDN Size: 512B - Virtual size: 48KB

.X Size: 512B - Virtual size: 118KB

.rsrc Size: 162KB - Virtual size: 161KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

fa:37:d1:85:e1:e2:87:c8:8c:8d:2a:bb:f9:36:aa:c5:01:88:72:f1
Signer

.text
Size: 11KB - Virtual size: 11KB

.MBqyqw
Size: 512B - Virtual size: 4KB

.Xp
Size: 1KB - Virtual size: 42KB

.iVZWys
Size: 2KB - Virtual size: 24KB

.av
Size: 4KB - Virtual size: 40KB

.TD
Size: 512B - Virtual size: 4KB

.CXg
Size: 512B - Virtual size: 49KB

.data
Size: 10KB - Virtual size: 9KB

.J
Size: 1KB - Virtual size: 23KB

.CDN
Size: 512B - Virtual size: 48KB

.X
Size: 512B - Virtual size: 118KB

.rsrc
Size: 162KB - Virtual size: 161KB