1b245e14dc79ce4ae0e05a0dc10c328ebe209f828b6a8c642d099f04479dda77_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1b245e14dc79ce4ae0e05a0dc10c328ebe209f828b6a8c642d099f04479dda77_NeikiAnalytics.exe
Size

180KB
MD5

7bc17c9eb6dd8ed31babb67ebf10a440
SHA1

23b70581bc60f50364c6aafeeeab7cb3e45ec58f
SHA256

1b245e14dc79ce4ae0e05a0dc10c328ebe209f828b6a8c642d099f04479dda77
SHA512

ccd71bc60a55d3f6fc454f353a7c66139ea2533f22de550e0b295afeb1f82528ac6f0db18e6fd2956c5a297660dea57c1e986124e8f9663f31241d1c42a7c826
SSDEEP

3072:D8V9ovhyJvvX2rGXxaw7K/rG3+9wTZ5tu9mkdRrAA2tcX:i9gyJnGraAC3EwTZ5tu9mkdxAHeX

Score

1^/10

Malware Config

Signatures

Files

1b245e14dc79ce4ae0e05a0dc10c328ebe209f828b6a8c642d099f04479dda77_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

021f9e87f3d107002efbcf21b07af3a1

Code Sign

5b:de:b2:55:5d:84:8b:bd:e0:18:bc:8c:1e:2c:9b:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/12/2013, 00:00

Not After

12/03/2017, 23:59

Subject

CN=HBM Netherlands B.V.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HBM Netherlands B.V.,L=Waalwijk,ST=Noord Brabant,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:b2:4f:b7:12:ae:af:71:db:47:42:df:35:2c:01:3e:96:ee:e3:53
Signer

Actual PE Digest

82:b2:4f:b7:12:ae:af:71:db:47:42:df:35:2c:01:3e:96:ee:e3:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
LocalFree
GetCommandLineW
GlobalUnlock
GlobalLock
GlobalAlloc
_lclose
_lopen
GetPrivateProfileStringA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
lstrlenA
GetModuleFileNameA
GetTickCount
GlobalReAlloc
GlobalFree
GetCurrentThread
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
SetEvent
InterlockedIncrement
lstrcpyA
TlsSetValue
TlsGetValue
CloseHandle
CreateFileW
SetStdHandle
LCMapStringW
FlushFileBuffers
HeapReAlloc
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
lstrcatA
TlsFree
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
HeapSize
Sleep
InterlockedDecrement
TlsAlloc
HeapCreate
ExitProcess
WriteFile
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
EncodePointer
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetSystemInfo
VirtualQuery
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetLastError

user32

wsprintfA
SendMessageA
SetWindowTextA
MessageBoxA
RegisterWindowMessageA
LoadCursorA
RegisterClassA
InvalidateRect
PostThreadMessageA
IsIconic
BeginPaint
GetClientRect
DefWindowProcA
DrawIcon
EndPaint
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
UpdateWindow
ShowWindow
IsWindow
CharLowerA
PostMessageA
LoadIconA

gdi32

SetBkColor
GetStockObject

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance

oleaut32

SysAllocStringLen
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayRedim
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

021f9e87f3d107002efbcf21b07af3a1

Code Sign

5b:de:b2:55:5d:84:8b:bd:e0:18:bc:8c:1e:2c:9b:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

82:b2:4f:b7:12:ae:af:71:db:47:42:df:35:2c:01:3e:96:ee:e3:53Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 9KB - Virtual size: 49KB

.rsrc Size: 4KB - Virtual size: 3KB

5b:de:b2:55:5d:84:8b:bd:e0:18:bc:8c:1e:2c:9b:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

82:b2:4f:b7:12:ae:af:71:db:47:42:df:35:2c:01:3e:96:ee:e3:53
Signer

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 9KB - Virtual size: 49KB

.rsrc
Size: 4KB - Virtual size: 3KB