061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24_NeikiAnalytics.exe
Size

182KB
MD5

f8604ac7b9f2c67a508597b56e9248d0
SHA1

1523d067f74e02ad5c0ccf86239d382141c2e2bb
SHA256

061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24
SHA512

d28bc7817a9eabef8fcb728bd3015830a6f3c436ef170e1578c04a9bfa05e45da3239cf6e94f06647c99ae5c92f40ed809746c11e03307a5c73f3a2006dbefd7
SSDEEP

3072:x2UPVK2sJDBe9h9Sz4U+vLVQKCzCpxaO1x/k6o28y13VZZnrRuCE:x2UPA1DB29Sz41jVQzCXRVk6o28y13Vi

Score

1^/10

Malware Config

Signatures

Files

061f5a7bbeb2bda3aa6d0cfbdefdcf3f5d9b77b262b1522df968cbe9d9ef8e24_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

2a553cd50e225cf0cf3d7486e4fc1256

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:58:c5:46:6d:26:01:21:03:83:04:dc:62:ab:4e:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-04-2011 00:00

Not After

26-04-2014 23:59

Subject

CN=Shenyang GeneralSoft Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenyang GeneralSoft Co.\, Ltd,L=Shenyang,ST=Liaoning,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:e2:0a:e7:e3:b6:8e:c9:30:b8:81:94:20:2d:a6:4c:e4:a6:61:2c
Signer

Actual PE Digest

b8:e2:0a:e7:e3:b6:8e:c9:30:b8:81:94:20:2d:a6:4c:e4:a6:61:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PeekMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
MsgWaitForMultipleObjects

rpcrt4

UuidFromStringA

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z

blbase

?CompareNoCase@CStdStrEx@@QAEHV1@@Z
?SafeConstruct@CStdStrEx@@QAEPBDPBD@Z
??1CAutoLock@@QAE@XZ
??0CAutoLock@@QAE@PAVCLockInterface@@@Z
??0CCritSec@@QAE@XZ
??1CCritSec@@UAE@XZ
?Format@CStdStrEx@@QAAAAV1@PBDZZ
?Split@CStdStrEx@@QAEXV1@AAV?$list@VCStdStrEx@@V?$allocator@VCStdStrEx@@@std@@@std@@0H@Z
?ToString@CStdStrList@@QAE?AVCStdStrEx@@V2@@Z
?UnicodeToAnsi@CStdStrEx@@SAHPBGPADHPAK@Z
?ToLower@CStdStrEx@@QAEXXZ

msvcrt

_adjust_fdiv
malloc
??2@YAPAXI@Z
__CxxFrameHandler
memcpy
memset
atoi
strncpy
wcsncpy
_mbschr
_mbslen
sscanf
_mbsnbcpy
_mbsrchr
memcmp
strlen
time
_beginthreadex
localtime
free
__dllonexit
_onexit
_initterm
_strupr

scrtobj

??4CSCObject@@QAEPAV0@ABV0@@Z
??0CSCType@@QAE@PAD0H@Z
?GetAtomData@CSCObject@@QAEPAVCSCType@@KPAD@Z
?InitObjectByType@CSCObject@@QAEHPAVCSCType@@PAD1@Z
?InitObject@CSCObject@@QAEHPAV1@@Z
?GetBinData@CSCType@@QAEPAEPAK@Z
?Trans2TypeData@CSCObject@@QAEHPAVCSCType@@PAD@Z
?SetObjectType@CSCObject@@QAEXPAD@Z
?GetAtomData@CSCObject@@QAEPAVCSCType@@KK@Z
?SetValue@CSCType@@QAEXW4D_TYPE@@PADK1@Z
??0CScriptBuffer@@QAE@PADH@Z
??0CSCType@@QAE@PAEKPADH@Z
??0CSCType@@QAE@KPAD@Z
?GetIntValue@CSCType@@QAEKXZ
??0CSCObject@@QAE@XZ
?InitObjectByBinType@CSCObject@@QAEHPAVCSCType@@@Z
??1CSCObject@@QAE@XZ
?GetStringValue@CSCType@@QAEPADXZ
??1CScriptBuffer@@QAE@XZ
??0CSCStruct@@QAE@XZ
??0CSCType@@QAE@XZ
?SetValue@CSCType@@QAEXKPAD@Z
??0CSCType@@QAE@ABV0@@Z
?SetData@CSCStruct@@QAEXVCSCType@@H@Z
?SetData@CSCObject@@QAEXAAVCSCStruct@@H@Z
??1CSCType@@QAE@XZ
??1CSCStruct@@QAE@XZ
?GetData@CSCStruct@@QAEPAVCSCType@@PBD@Z
?GetCount@CSCObject@@QAEKXZ
?GetData@CSCObject@@QAEPAVCSCStruct@@K@Z
?SetObjectName@CSCObject@@QAEXPAD@Z

blnet

?GetRasConnDataInfo@CNetLink@@SAHAAV?$list@U_RasConnData@@V?$allocator@U_RasConnData@@@std@@@std@@PAK@Z
?StopAllRasConnect@CNetLink@@SAHPAK@Z
?GetRasConnectState@CNetLink@@SAHAAHPAK@Z
?strIpaddrToNetAddr@CNetTools@@SAKVCStdStrEx@@@Z
?HostIpaddrToNet@CNetTools@@SA?AVCStdStrEx@@K@Z

wsock32

getsockname
setsockopt
recv
send
WSAGetLastError
socket
htons
connect
closesocket
WSAStartup
ntohs
ntohl
ioctlsocket
htonl
inet_addr

blsys

?GetNetworkInfo@CNetworkInfo@@SAHAAV?$list@U_NetworkInfo@@V?$allocator@U_NetworkInfo@@@std@@@std@@IPAK@Z
??1CSystemInfo@@QAE@XZ
?GetOperatorSystemVer@CSystemInfo@@SAHAAKPAK11111@Z
??0CSystemInfo@@QAE@XZ

bllog

?AddLog@CLogImpl@@QAEHPAU_ContextBlock@@PBDH@Z
?Log@CLogImpl@@QAAPADPBDZZ
?GetContext@CLogImpl@@QAEPAU_ContextBlock@@IHI@Z
?Instance@CLogImpl@@SAPAV1@XZ
?DebugPrint@CLogImpl@@SAXPBDZZ

blreg

?RegGetDWORDValueEx@CRegKey@@SAHPBD0KAAKPAK@Z

blproc

?GetProcessName@CProcMgr@@QAEHKAAVCStdStrEx@@@Z
??0CProcMgr@@QAE@XZ
?GetProcessList@CProcMgr@@QAEHPAV?$list@U_ProcessInformation@@V?$allocator@U_ProcessInformation@@@std@@@std@@PAK@Z
??1CProcMgr@@UAE@XZ
?GetProcessList@CProcMgr@@QAEHPAV?$list@U_ProcessInfo@@V?$allocator@U_ProcessInfo@@@std@@@std@@PAK@Z

fmlib

?GetActiveUser@CSystemMgr@@QAEHAAVCStdStrEx@@H@Z
?DoAlarmEnableInNetwork@CAlarmMgr@@QAEHKKKPAVCStdStrEx@@@Z
?Instance@CSystemMgr@@SAPAV1@XZ
?ModAddTimer@@YAHPBDI00HH@Z
?ModDeleteTimer@@YAHPBDH@Z
?GetConnectEngineStatus@@YAHH@Z
?ModExecuteAction@@YAHPAVCScriptBuffer@@PAVCSCObject@@H1PAK@Z
?Instance@CResMgr@@SAPAV1@XZ
?LoadStringA@CResMgr@@QAEHIPAVCStdStrEx@@@Z
?ModStringToEString@@YA?AVCStdStrEx@@AAV1@@Z
?ModGetLocalHostId@@YAKHPAK@Z
?Instance@CAlarmMgr@@SAPAV1@XZ
?DoAlarmByDirectSQL@CAlarmMgr@@QAEHKPAVCStdStrEx@@K00KKK_KK@Z
?ModEStringToString@@YA?AVCStdStrEx@@AAV1@@Z

iphlpapi

GetAdaptersInfo
GetUdpTable
GetTcpTable
NotifyAddrChange

kernel32

GetCurrentThreadId
GetLastError
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetLocalTime
CreateEventA
ResumeThread
SetThreadPriority
SetEvent
Sleep
WaitForSingleObject
OutputDebugStringA
WaitForMultipleObjects

Exports

Exports

DisablePolicy
FluxChkTcpInit
FluxChkTcpProcessConnection
FluxChkTcpSetGnacIPAddr
FluxChkTcpSetWorkStatus
FluxGetCutParam
FluxInitTask
FluxManage
FluxManageSetWorkMode
FluxManageTimer
FluxProtocolBindAdapters
FluxSetCutParam
FluxSetWorkMode
FluxTask
FluxmgrFluxAudit
FluxmgrFluxAuditTimer
FluxmgrIntercurrentComManage
FluxmgrIntercurrentComTimer
GetClientStateInfo
GetSysSetSpcAddrList
NetConnectionGetAll
NetConnectionSetPolicy
NetConnectionTimer
PNPDllFini
PNPDllInit
ProcessFireWallAlarm
SendOutConnectionAlarmInfo
SetClientCancelPolicy
SetDial
SetFireWallPolicy
SetOutConnectOfflinePolicy
SetWebPopedom
SysSetSpcAddrList

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a553cd50e225cf0cf3d7486e4fc1256

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6e:58:c5:46:6d:26:01:21:03:83:04:dc:62:ab:4e:83Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b8:e2:0a:e7:e3:b6:8e:c9:30:b8:81:94:20:2d:a6:4c:e4:a6:61:2cSigner

Headers

File Characteristics

Imports

user32

rpcrt4

msvcp60

blbase

msvcrt

scrtobj

blnet

wsock32

blsys

bllog

blreg

blproc

fmlib

iphlpapi

kernel32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6e:58:c5:46:6d:26:01:21:03:83:04:dc:62:ab:4e:83
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b8:e2:0a:e7:e3:b6:8e:c9:30:b8:81:94:20:2d:a6:4c:e4:a6:61:2c
Signer

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 5KB