63143b115dcbe9b19a6244e223844c81bd68a9a1d1b0a76a0a8a4fbca8bab67c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

63143b115dcbe9b19a6244e223844c81bd68a9a1d1b0a76a0a8a4fbca8bab67c_NeikiAnalytics.exe
Size

2.5MB
MD5

58bef4aad364ad3f9ebebe35cc02aac0
SHA1

d42023506ca4057a0df1d137cd91bd39833eb2f7
SHA256

63143b115dcbe9b19a6244e223844c81bd68a9a1d1b0a76a0a8a4fbca8bab67c
SHA512

59a82a20d8371bbe641b0bf43b421bf0d692c2e3046acf27912f7d89073a824de277ffd740891a6075a61f7422f2e94c79c1c6916bc37fb0057749ac07b3557d
SSDEEP

49152:7tIfLtAFSTLxZRFuIs0f+tpJserSSSSSSSSSv:7VFqaserSSSSSSSSSv

Score

1^/10

Malware Config

Signatures

Files

63143b115dcbe9b19a6244e223844c81bd68a9a1d1b0a76a0a8a4fbca8bab67c_NeikiAnalytics.exe
.exe windows:6 windows x86 arch:x86

ddb7fb0fe1aef6b3922a8e31ccc704f4

Code Sign

08:30:4b:42:d7:38:e0:5d:14:03:9d:55:a2:9a:00:c8
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/04/2016, 00:00

Not After

27/06/2018, 12:00

Subject

CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:3f:df:11:11:e0:83:74:be:33:9c:ab:d3:c2:61:0c:2e:51:dd:21
Signer

Actual PE Digest

d6:3f:df:11:11:e0:83:74:be:33:9c:ab:d3:c2:61:0c:2e:51:dd:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
ioctlsocket
WSAPoll
WSASendTo
WSASend
WSARecvFrom
WSAIoctl
sendto
recvfrom
WSACleanup
WSAStartup
recv
setsockopt
select
getsockopt
getsockname
bind
__WSAFDIsSet
socket
send
connect
WSAGetLastError
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_addr
htons
htonl
inet_pton
gethostname
gethostbyname
inet_ntop
ntohl
inet_ntoa
ntohs
closesocket

advapi32

CryptReleaseContext
CryptAcquireContextA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
CryptGenRandom

libeay32

ord160
ord122
ord119
ord1002
ord117
ord1001
ord3503
ord809
ord227
ord128
ord225
ord253
ord246
ord2743
ord3899
ord2630
ord2821
ord3109
ord269
ord2936
ord2894
ord276
ord2660
ord3067
ord266
ord2656
ord961
ord256
ord2399
ord3019
ord3212
ord315
ord316
ord962
ord2433
ord339
ord464
ord478
ord479
ord477
ord1045
ord501
ord78
ord2334
ord52
ord95
ord361
ord364
ord1870
ord286
ord1010
ord2034
ord281
ord639
ord641
ord754
ord653
ord657
ord654
ord576
ord578
ord567
ord566
ord421
ord223
ord2201
ord2254
ord140
ord134
ord1000
ord127
ord115
ord120
ord118
ord123
ord150
ord151
ord2239
ord156
ord110
ord111
ord181
ord231

ssleay32

ord157
ord183
ord110
ord6
ord21
ord74
ord70
ord178
ord12
ord15
ord242
ord154
ord96
ord8
ord58
ord45
ord108
ord78
ord43
ord48
ord75
ord90
ord87
ord61
ord31

shell32

ShellExecuteA
SHGetFolderPathA

msvcr120

sscanf
exit
atoi
strtod
islower
isdigit
_stricmp
_strnicmp
strftime
_ctime64
_localtime64
_time64
_stat64i32
sprintf_s
sprintf
calloc
strcpy_s
strcat_s
strncpy_s
strtok
_read
strncmp
strrchr
_getch
_kbhit
memchr
_errno
_findclose
_findfirst64i32
_findnext64i32
_mkdir
isalpha
isupper
ispunct
isalnum
isprint
isgraph
iscntrl
srand
_CIfmod
floor
ceil
malloc
setlocale
strpbrk
realloc
_snprintf
_libm_sse2_log_precise
fwrite
vfprintf
strncat
_difftime64
_libm_sse2_log10_precise
fgetc
fprintf
ungetc
tolower
__RTDynamicCast
feof
ferror
fread
freopen
getc
longjmp
abort
_setjmp3
localeconv
ldexp
strspn
_libm_sse2_pow_precise
frexp
strcoll
toupper
clock
clearerr
_fseeki64
_ftelli64
_pclose
_popen
setvbuf
tmpfile
system
_gmtime64
_mktime64
remove
rename
tmpnam
_HUGE
rand
_CIatan2
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_tan_precise
_access
_ftime64
_dup2
_setmode
_open_osfhandle
fputs
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except1
_except_handler4_common
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_vsnprintf
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
fflush
getenv
isspace
isxdigit
strtol
fopen
fgets
fclose
strtoul
strstr
strcspn
strchr
_libm_sse2_sqrt_precise
_wassert
??_U@YAPAXI@Z
??_V@YAXPAX@Z
qsort
printf
__iob_func
strncpy
strerror
_strdup
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
free
_rmdir
_libm_sse2_exp_precise
perror

msvcp120

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

kernel32

CreateMutexW
CreateThread
PeekNamedPipe
CreatePipe
WriteFile
ReadFile
SetStdHandle
Sleep
GetCurrentProcess
DuplicateHandle
CancelIo
CancelIoEx
RaiseException
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetOverlappedResult
SetLastError
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
CreateMutexA
WaitForSingleObject
ReleaseMutex
SetCurrentDirectoryA
CreateFileMappingA
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetSystemDirectoryA
PostQueuedCompletionStatus
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
HeapFree
GetProcessHeap
GetStdHandle
FlushConsoleInputBuffer
GetVersion
CreateFileA
GetFileSize
CloseHandle
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetWindowsDirectoryA

Sections

.text
Size: 766KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddb7fb0fe1aef6b3922a8e31ccc704f4

Code Sign

08:30:4b:42:d7:38:e0:5d:14:03:9d:55:a2:9a:00:c8Certificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

d6:3f:df:11:11:e0:83:74:be:33:9c:ab:d3:c2:61:0c:2e:51:dd:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

libeay32

ssleay32

shell32

msvcr120

msvcp120

kernel32

Sections

.text Size: 766KB - Virtual size: 766KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 1.5MB - Virtual size: 1.6MB

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 42KB - Virtual size: 42KB

08:30:4b:42:d7:38:e0:5d:14:03:9d:55:a2:9a:00:c8
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

d6:3f:df:11:11:e0:83:74:be:33:9c:ab:d3:c2:61:0c:2e:51:dd:21
Signer

.text
Size: 766KB - Virtual size: 766KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 1.5MB - Virtual size: 1.6MB

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 42KB - Virtual size: 42KB