4c380164dafcd60566034c5edfeb6b7068405fe6271db3606eec37110c4ea150_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4c380164dafcd60566034c5edfeb6b7068405fe6271db3606eec37110c4ea150_NeikiAnalytics.exe
Size

761KB
MD5

9474f4e87706a75a09b4c6ace198d040
SHA1

d8e28235ce9a9bb6d36e33f8d81f71b3da6ea4b6
SHA256

4c380164dafcd60566034c5edfeb6b7068405fe6271db3606eec37110c4ea150
SHA512

b9cc5727c02946f31211a1d124c3ca41023249ed0994c33c34607b58fab4b653cde0c7d953d947f8308a94a68ecfeac9386697f7835241bdb18787e331b1c38b
SSDEEP

12288:MY5w9nnLEWfceRZAqhBGVuvo5Zv9fp/5011cyv5:W9nnLBAkGVuvQF5015B

Score

1^/10

Malware Config

Signatures

Files

4c380164dafcd60566034c5edfeb6b7068405fe6271db3606eec37110c4ea150_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

252e07608c4e0be8884afc3b26b82c0f

Code Sign

69:fd:5d:a8:3a:94:8a:cf:46:97:25:4e:03:bd:70:1e
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

05/01/2016, 07:23

Not After

05/01/2017, 07:23

Subject

CN=南京真家伙电子商务有限公司,O=南京真家伙电子商务有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:b0:2f:0b:69:93:bb:4d:76:8e:e3:40:ce:f9:4f:8c:10:26:77:3a
Signer

Actual PE Digest

da:b0:2f:0b:69:93:bb:4d:76:8e:e3:40:ce:f9:4f:8c:10:26:77:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
lstrcatW
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
CreateFileW
LocalAlloc
LocalFree
MultiByteToWideChar
FindResourceA
FreeResource
LoadResource
SizeofResource
TerminateProcess
SetLastError
EnterCriticalSection
SetStdHandle
SetFilePointerEx
LCMapStringW
HeapReAlloc
CreateEventW
GetEnvironmentStringsW
InterlockedDecrement
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
DeleteCriticalSection
OutputDebugStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
ExitProcess
RtlUnwind
RaiseException
GetCommandLineW
GetFileAttributesExW
IsProcessorFeaturePresent
IsDebuggerPresent
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
LoadLibraryExW
ExitThread
CreateThread
DecodePointer
EncodePointer
lstrlenA
SetEvent
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetPrivateProfileIntW
WaitForSingleObject
GetProcAddress
LoadLibraryW
GetModuleHandleW
DeleteFileW
lstrcpyW
CreateFileMappingW
GetLastError
WritePrivateProfileStringW
lstrlenW
GetModuleFileNameW
WideCharToMultiByte
InitializeCriticalSection
GetPrivateProfileStringW
CreateDirectoryW
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
CreateMutexW
CloseHandle
Sleep
FreeEnvironmentStringsW

user32

SetTimer
DefWindowProcW
UpdateWindow
GetSystemMetrics
CreateWindowExW
ShowWindow
SetWindowLongW
RegisterClassExW
LoadCursorW
DestroyWindow
GetMessageW
KillTimer
TranslateMessage
MessageBoxW
GetWindowLongW
SendMessageW
PeekMessageW
DispatchMessageW
PostMessageW
IsWindow
GetDesktopWindow
FindWindowW
GetFocus
PostQuitMessage
EnableWindow
IsWindowVisible
SetWindowPos
GetClientRect
ClientToScreen
SwitchToThisWindow
ReleaseCapture
GetCursorPos
BringWindowToTop
GetWindowPlacement
GetCapture
GetWindowThreadProcessId
SetRectEmpty
SetParent
SetCapture
LoadIconW
GetWindowRect
SetWindowTextW
PostThreadMessageW
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
IsIconic

advapi32

FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetMalloc

ole32

OleRun
CoCreateInstance
CoInitialize
OleInitialize

oleaut32

VariantClear
SysFreeString
VariantCopy
VariantInit
GetErrorInfo
SysAllocString

amui

Plugin_IsValid
Plugin_Redraw
GetPluginByName
MatchString
WindowManager_Attach
LoadStyleZipMemory
ReleaseStyle
DUI_UnLoad
DUI_Init
Plugin_TrackPopupMenu
SetFocusPlugin
Plugin_Clone
Plugin_GetRect
Plugin_Delete
Plugin_SetVisible

urlmon

ObtainUserAgentString
URLDownloadToFileW

shlwapi

StrStrIA
PathFileExistsW

iphlpapi

GetAdaptersInfo

fying

?EndInit@@YGHPAX@Z
?StartInit@@YGPAXPAUHINSTANCE__@@PB_WHI11H@Z

ws2_32

recv
socket
closesocket
inet_addr
WSAStartup
send
htons
connect
gethostbyname

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

252e07608c4e0be8884afc3b26b82c0f

Code Sign

69:fd:5d:a8:3a:94:8a:cf:46:97:25:4e:03:bd:70:1eCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

da:b0:2f:0b:69:93:bb:4d:76:8e:e3:40:ce:f9:4f:8c:10:26:77:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

amui

urlmon

shlwapi

iphlpapi

fying

ws2_32

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 153KB - Virtual size: 198KB

.rsrc Size: 358KB - Virtual size: 357KB

.reloc Size: 12KB - Virtual size: 12KB

69:fd:5d:a8:3a:94:8a:cf:46:97:25:4e:03:bd:70:1e
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

da:b0:2f:0b:69:93:bb:4d:76:8e:e3:40:ce:f9:4f:8c:10:26:77:3a
Signer

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 153KB - Virtual size: 198KB

.rsrc
Size: 358KB - Virtual size: 357KB

.reloc
Size: 12KB - Virtual size: 12KB