99e2b3af99a586c9399621d16d17e25440760b633957f35a57097d15d0833962_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

99e2b3af99a586c9399621d16d17e25440760b633957f35a57097d15d0833962_NeikiAnalytics.exe
Size

5.9MB
MD5

ea0ca517b44f128728557c3a712dc690
SHA1

d6874890d5c5da6f95600faac1041c0347ee02da
SHA256

99e2b3af99a586c9399621d16d17e25440760b633957f35a57097d15d0833962
SHA512

61d52a6dbe7cc8f60d36f23a8eabc3b347ff27737b34fd70c0a4a319a8ccb32e019f9e4a4d8b39b4a5b03dbdefbd26f0ee163d692d211dcfe025dddcc578838b
SSDEEP

49152:cjY6F+ADBhYZtlydnF3soND0wO0+1aRZeDAs9hP8JsrP7bp:EYCDBhNMRBP8Jgp

Score

1^/10

Malware Config

Signatures

Files

99e2b3af99a586c9399621d16d17e25440760b633957f35a57097d15d0833962_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

8b35860c3b58708e5782820401593c83

Code Sign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/01/2016, 19:41

Not After

06/04/2017, 19:41

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:7a:08:53:aa:4f:a2:83:a6:c3:e9:ab:e7:41:5d:48:82:d0:cb:63:cc:69:bd:88:3d:fb:26:e2:1a:35:1b:68
Signer

Actual PE Digest

8f:7a:08:53:aa:4f:a2:83:a6:c3:e9:ab:e7:41:5d:48:82:d0:cb:63:cc:69:bd:88:3d:fb:26:e2:1a:35:1b:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\core_2.06.51-0.02_src\driver\driver\build\dproc\mfp\uni\objfre_wnet_amd64\amd64\KOAXYA_U.pdb

Imports

kernel32

lstrcpyA
FindActCtxSectionStringW
CreateActCtxW
LocalAlloc
LocalFree
GetModuleHandleExW
QueryActCtxW
GlobalAlloc
GlobalFree
GetModuleFileNameW
lstrcmpA
lstrcpyW
lstrcpynW
DeactivateActCtx
GlobalLock
GlobalUnlock
ActivateActCtx
LoadResource
LockResource
SizeofResource
GlobalHandle
lstrcmpiW
lstrlenW
FindResourceW
MulDiv
lstrlenA
IsDBCSLeadByte
lstrcmpiA
lstrcpynA
GetPrivateProfileStringW
FreeResource
lstrcatW
FindFirstFileW
FindClose
CreateProcessW
CloseHandle
CreateFileW
ReadFile
GetWindowsDirectoryW
GetPrivateProfileIntW
WritePrivateProfileStringW
FindNextFileW
GetComputerNameW
GetSystemDirectoryW
GetCurrentDirectoryW
OutputDebugStringW
CreateThread
SetThreadPriority
CreateEventW
ResumeThread
WaitForSingleObject
SetEvent
GetFileSize
GetVersionExA
RaiseException
RtlPcToFileHeader
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
GetLocaleInfoW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
LoadLibraryW
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
Sleep
InitializeCriticalSectionAndSpinCount
LoadLibraryA
FreeLibrary
WriteFile
HeapSize
HeapReAlloc
OutputDebugStringA
GetOEMCP
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
GetCurrentThread
FlsAlloc
GetCurrentThreadId
GetLastError
FlsGetValue
SetLastError
FlsFree
DecodePointer
EncodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
GetVersionExW
GetCommandLineA
FlsSetValue
LeaveCriticalSection
InitializeCriticalSection
GetProcessHeap
MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
GetACP
EnterCriticalSection
HeapFree
lstrcmpW

winspool.drv

EnumPortsW
AddFormW
DeleteFormW
GetPrinterDataExW
OpenPrinterA
ClosePrinter
GetFormW
DeletePrinterDataW
EnumFormsW
OpenPrinterW
DocumentPropertiesW
SetPrinterW
GetPrinterDataW
SetPrinterDataW
EnumJobsW
GetPrinterW
GetPrinterDriverW

user32

SetCursor
LoadCursorW
CheckRadioButton
IsDlgButtonChecked
EnableWindow
wsprintfA
SetParent
DrawFrameControl
GetKeyState
CharNextW
DefDlgProcW
GetMessagePos
WinHelpW
wvsprintfA
GetWindow
SetFocus
GetScrollInfo
SetScrollPos
DefWindowProcW
GetSystemMetrics
IsWindowVisible
GetKeyboardState
PeekMessageW
DrawTextExW
FindWindowExW
GetNextDlgTabItem
SetTimer
KillTimer
GetCursorPos
SetCursorPos
FindWindowW
DestroyIcon
SystemParametersInfoW
DialogBoxParamW
DialogBoxIndirectParamW
DispatchMessageW
GetScrollPos
TranslateMessage
ScreenToClient
TrackPopupMenu
SendMessageW
PtInRect
LoadIconW
DestroyMenu
CreateDialogIndirectParamW
SetForegroundWindow
GetWindowTextLengthW
FillRect
CopyRect
ValidateRect
GetSysColor
GetWindowDC
LoadStringW
GetDlgItemTextA
LoadBitmapW
ClientToScreen
SetDlgItemTextA
EndDialog
MessageBoxW
ShowWindow
GetDesktopWindow
GetActiveWindow
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
GetClientRect
ReleaseDC
GetDC
GetDialogBaseUnits
IsWindowEnabled
PostMessageW
GetFocus
DrawMenuBar
GetParent
DeleteMenu
SetWindowPos
MoveWindow
GetWindowRect
SetMenuItemInfoW
SetRect
SetWindowLongPtrW
GetDlgCtrlID
GetSubMenu
LoadMenuW
IsWindow
CreateWindowExW
MapDialogRect
GetClassNameW
SetRectEmpty
wsprintfW
SetWindowTextW
DestroyWindow
DrawFocusRect
EndPaint
DrawTextW
InflateRect
GetWindowTextW
DrawIconEx
GetWindowLongPtrW
OffsetRect
GetIconInfo
IsRectEmpty
LoadImageW
BeginPaint
UpdateWindow
ShowScrollBar
InvalidateRect
SetScrollInfo
ScrollWindowEx
GetAncestor
CallWindowProcW
SendDlgItemMessageW
UnionRect
GetDlgItem
CreateDialogParamW

ole32

CoTaskMemFree
CoCreateGuid

advapi32

RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
GetUserNameW
RegEnumValueW
RegDeleteValueW
RegCreateKeyW
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
LookupAccountNameW
RegOpenCurrentUser
RegQueryValueExA
RegSetValueExA
RegEnumKeyExW
RegOpenKeyExW

gdi32

CreateBrushIndirect
SelectObject
DeleteObject
CreatePen
RoundRect
SetBkMode
GetStockObject
CreateFontIndirectW
GetOutlineTextMetricsW
SetTextAlign
GetTextAlign
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
SetMapMode
CreateCompatibleDC
BitBlt
DeleteDC
GetClipBox
SetTextColor
GetBitmapBits
CreateBitmap
CreateDCW
CreatePalette
CreateSolidBrush
SetTextCharacterExtra
EnumFontFamiliesW
SetBkColor
StretchBlt
TextOutW
GetCharABCWidthsW
GetTextColor
MoveToEx
LineTo
SetViewportOrgEx
EnumFontFamiliesExW
SaveDC
RestoreDC
ExtTextOutW
GetDeviceCaps
CreatePolygonRgn
ExtSelectClipRgn
Polygon
Polyline
CreateCompatibleBitmap
SetStretchBltMode
SetWindowExtEx
SetViewportExtEx
DPtoLP
Rectangle
GetSystemPaletteEntries
SelectPalette
RealizePalette
StretchDIBits
CreateDIBSection
GetObjectW
PatBlt
ExcludeClipRect
IntersectClipRect

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW

winmm

timeGetTime

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

Bidi_DevicePropertySheets_Init
Bidi_DocumentEvent_CreateDC
Bidi_DocumentPropertySheets_Init
Bidi_PrintStart_GetAuthCapability
Bidi_PrintStart_GetEncryptionKey
Bidi_PrintStart_IsCommunicate
Bidi_PrintStart_SSO
Bidi_PrintStart_VerifyAndEncryptKey
Bidi_PrnterEvent_Initialize
Bidi_WakeOnCall
CheckFormFile
CopyDriverName
CreateToolWnd2
DispHintControl
DoConstraints
FPB_Request_Abbr
FaxCoverSheet_PopupDialog
FindOEMDevPtr
GetFormFileName
IsInstalledDLManager
MyDialogBox
OAPICom_Create
OAPICom_Delete
OAPI_Sizeof_HeaderFooter
OAPI_Sizeof_OverlayList
Popup_ChkBlankRatioDlg
Popup_FaxSendToDlg
Popup_MiddleServerAuthenticDlg
Popup_UserAuthenticDlg
Popup_UserSettingDlgT2
Popup_UserSettingSecurityDlg
Prc_DocCoverPageProc
Prc_DocCoverPageProc_T2
Prc_DocCoverPageProc_T3
Prc_DocFaxProc
Prc_DocFinishingProc_T1
Prc_DocFinishingProc_T2
Prc_DocInitializeProc
Prc_DocMyTabChildProc
Prc_DocMyTabProc
Prc_DocMyTabWaitingProc
Prc_DocOtherProc
Prc_DocPaper1Proc
Prc_DocPaper2Proc
Prc_DocQualityMonoProc
Prc_DocQualityPrnMonoProc
Prc_DocQualityProc
Prc_DocVersionProc
Prc_DocWOProc
Prc_PrnDeviceOptionProc
Prc_PrnSettingsProc
Prc_RegDefWMarkA
Prc_RegDefWMarkW
Prc_ResetDevOption
Prc_TBLimit_CheckMinMaxFromString
Prc_TBLimit_CheckString
ReqDrawStopInfoIconExp
SPRINST_DefaultSetting
SPRINST_FixSetting
SPRINST_GetErrorMsg
SPRINST_PersonalInfoImport
SPRINST_SettingExport
SPRINST_SettingImport
SetChildInfo
SetDispStringSingle
SetEasySetPreset
SetEasySetPresetByHandle
SetUIAesKeyInfo
StoreStopIconRectExp

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b35860c3b58708e5782820401593c83

Code Sign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

8f:7a:08:53:aa:4f:a2:83:a6:c3:e9:ab:e7:41:5d:48:82:d0:cb:63:cc:69:bd:88:3d:fb:26:e2:1a:35:1b:68Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

winspool.drv

user32

ole32

advapi32

gdi32

shell32

winmm

setupapi

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.data Size: 2.4MB - Virtual size: 3.4MB

.pdata Size: 69KB - Virtual size: 69KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

8f:7a:08:53:aa:4f:a2:83:a6:c3:e9:ab:e7:41:5d:48:82:d0:cb:63:cc:69:bd:88:3d:fb:26:e2:1a:35:1b:68
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 2.4MB - Virtual size: 3.4MB

.pdata
Size: 69KB - Virtual size: 69KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB