c80a1ca1ca46d5a90827af2bc47f09c0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c80a1ca1ca46d5a90827af2bc47f09c0_NeikiAnalytics.exe
Size

211KB
MD5

c80a1ca1ca46d5a90827af2bc47f09c0
SHA1

2cba0cc64c8dc5802c11bf2b3378256e677f51cb
SHA256

3aef98ac36b954806318db9f4a528cc82e332721ad7b488a4029473966e7185f
SHA512

900c63702d45fc109b3e72df7e02e0dcd23074fbfbc4bd1754d6e1ec3a1bb3727ce54de7c54bff6bf0549788b50844a87cf7d13917df1706649d82b2a3c925e4
SSDEEP

6144:KQsDDnR80zpp/OzBU419sj54fKJeXfhvrnEFPuTbA2gmkH8jh8F+pc/sjPtfr51Z:KNDRBOzBU419sj54fKJeXfhvrnEFPuTV

Score

1^/10

Malware Config

Signatures

Files

c80a1ca1ca46d5a90827af2bc47f09c0_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

74000a174b6928727340f3365d51ef5b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/03/2015, 00:00

Not After

03/05/2018, 23:59

Subject

CN=CyberLink Corp.,O=CyberLink Corp.,L=New Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/03/2015, 00:00

Not After

03/05/2018, 23:59

Subject

CN=CyberLink Corp.,O=CyberLink Corp.,L=New Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:1e:83:a7:86:5b:45:75:9e:76:a0:4a:b8:f2:f0:e4:83:f3:30:75:eb:89:b7:f0:fd:8e:18:9a:41:89:9a:34
Signer

Actual PE Digest

32:1e:83:a7:86:5b:45:75:9e:76:a0:4a:b8:f2:f0:e4:83:f3:30:75:eb:89:b7:f0:fd:8e:18:9a:41:89:9a:34

Digest Algorithm

sha256

PE Digest Matches

true

c9:aa:e6:8c:ed:1b:53:34:6c:a6:34:a7:61:c2:0c:9d:b7:da:c3:1b
Signer

Actual PE Digest

c9:aa:e6:8c:ed:1b:53:34:6c:a6:34:a7:61:c2:0c:9d:b7:da:c3:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\repo\PowerDVD17\SourceCode\PowerDVD\subsys\PyImage\_PyCL3DPhoto.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
GetProcAddress
OutputDebugStringA
DecodePointer
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

_wicwrapper.pyd

?Clip@Bitmap@WICWrapper@CyberLink@@QAE?AV123@HHHH@Z
?GetPixelFormat@Bitmap@WICWrapper@CyberLink@@QAE?AW4PixelFormat@23@XZ
??0Bitmap@WICWrapper@CyberLink@@QAE@IIW4PixelFormat@12@@Z
??1Bitmap@WICWrapper@CyberLink@@UAE@XZ
??3Base@WICWrapper@CyberLink@@SAXPAX@Z
??0Bitmap@WICWrapper@CyberLink@@QAE@ABV012@@Z
??2Base@WICWrapper@CyberLink@@SAPAXI@Z
??4Bitmap@WICWrapper@CyberLink@@QAEAAV012@ABV012@@Z
??0Bitmap@WICWrapper@CyberLink@@QAE@XZ
?GetSize@BitmapLocker@WICWrapper@CyberLink@@QBE?AU?$pair@II@std@@XZ
?GetStride@BitmapLocker@WICWrapper@CyberLink@@QBEIXZ
?GetBuffer@BitmapLocker@WICWrapper@CyberLink@@QBEPAXXZ
??0BitmapLocker@WICWrapper@CyberLink@@QAE@AAVBitmap@12@_N1@Z
??1BitmapLocker@WICWrapper@CyberLink@@QAE@XZ
?GetSize@Bitmap@WICWrapper@CyberLink@@QAE?AU?$pair@II@std@@XZ

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

msvcr110

__clean_type_info_names_internal
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
memcpy
_except_handler4_common
?terminate@@YAXXZ
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
_vsnprintf_s
printf
strcat_s
??2@YAPAXI@Z
memmove
_purecall
sprintf
strncmp
free
malloc
fputs
strstr
strncpy
??_V@YAXPAX@Z
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
memset

python27

_PyInstance_Lookup
PyCObject_Import
PySequence_Check
PyExc_ZeroDivisionError
PyInstance_Type
PyDict_GetItem
PyGILState_Release
PyInt_AsLong
PyObject_GenericGetAttr
PyString_AsString
PyLong_FromUnsignedLong
PyInstance_NewRaw
PyErr_SetObject
_Py_ZeroStruct
PyExc_AttributeError
PyEval_RestoreThread
PyDict_SetItem
_PyObject_GetDictPtr
_PyWeakref_ProxyType
PyExc_OverflowError
PyObject_CallFunctionObjArgs
PyEval_SaveThread
PyString_Format
PyClass_Type
PyExc_MemoryError
PyUnicodeUCS2_FromObject
PyModule_GetDict
PyExc_ValueError
PyErr_Occurred
_Py_NotImplementedStruct
PyExc_SystemError
PyObject_Free
PyBool_FromLong
PyUnicodeUCS2_GetSize
PyErr_SetString
PySequence_GetItem
PyExc_NotImplementedError
_Py_TrueStruct
PyCObject_FromVoidPtr
PyUnicodeUCS2_AsWideChar
PyLong_AsUnsignedLong
PyLong_AsLong
PyExc_StopIteration
_PyWeakref_CallableProxyType
PyType_Type
PyErr_Clear
PyObject_IsTrue
PyEval_InitThreads
PyObject_GetAttr
PyExc_RuntimeError
PyString_ConcatAndDel
PyGILState_Ensure
PyErr_Format
PyExc_SyntaxError
PyModule_AddObject
PyExc_TypeError
PyLong_FromVoidPtr
PyDict_SetItemString
PyErr_Fetch
PyExc_IndexError
PyObject_GetAttrString
Py_InitModule4
PyArg_UnpackTuple
PyTuple_SetItem
PyInt_FromLong
PyObject_Init
PyString_FromFormat
PyObject_Size
PyDict_New
PyExc_IOError
PyTuple_New
PyObject_Call
PyObject_Str
PySequence_Size
PyString_FromString
Py_BuildValue
PyObject_Malloc

Exports

Exports

init_PyCL3DPhoto

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74000a174b6928727340f3365d51ef5b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

32:1e:83:a7:86:5b:45:75:9e:76:a0:4a:b8:f2:f0:e4:83:f3:30:75:eb:89:b7:f0:fd:8e:18:9a:41:89:9a:34Signer

c9:aa:e6:8c:ed:1b:53:34:6c:a6:34:a7:61:c2:0c:9d:b7:da:c3:1bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

_wicwrapper.pyd

msvcp110

msvcr110

python27

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

2c:d2:c5:77:7b:fc:59:6c:e3:f6:eb:fd:fb:9b:94:69
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

32:1e:83:a7:86:5b:45:75:9e:76:a0:4a:b8:f2:f0:e4:83:f3:30:75:eb:89:b7:f0:fd:8e:18:9a:41:89:9a:34
Signer

c9:aa:e6:8c:ed:1b:53:34:6c:a6:34:a7:61:c2:0c:9d:b7:da:c3:1b
Signer

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB