010a3d5566e1a2954cd09644d56515441911d7db928e53ef6bbd6fe1b8105a60_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

010a3d5566e1a2954cd09644d56515441911d7db928e53ef6bbd6fe1b8105a60_NeikiAnalytics.exe
Size

726KB
MD5

3fd011e5c22bc8e1d3594cc08cd42e20
SHA1

77902f8b3eb74eeb94301e697d18aa113da12ac7
SHA256

010a3d5566e1a2954cd09644d56515441911d7db928e53ef6bbd6fe1b8105a60
SHA512

6e406aa333b0a36c61ec7c36f3ca6e7b761ac726128b8d2904aeb88e84831a7933889c6904fc00f2328eeb7942ead1f137936643d61099bf55c6ad2a37fa456c
SSDEEP

12288:cISCCcCD5kU3XO+lEATdDaD7xHyu5hmrphpqSoi+ZVQSPSPHj3J/n:tSCCLdzZlFTYp5WpBoBZShHrJ/

Score

1^/10

Malware Config

Signatures

Files

010a3d5566e1a2954cd09644d56515441911d7db928e53ef6bbd6fe1b8105a60_NeikiAnalytics.exe
.dll windows:6 windows x86 arch:x86

629508b9438a8919e34cb6194e8ed7c9

Code Sign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:17:4f:0b:eb:48:d6:d9:4b:47:73:d6:97:71:f4:0b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/05/2018, 00:00

Not After

29/05/2021, 23:59

Subject

CN=AVB Disc Soft\, SIA,O=AVB Disc Soft\, SIA,L=Jurmala,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:7b:e3:90:00:b6:5c:d4:e8:1f:16:12:cc:5c:4a:31:26:52:9e:57:77:eb:5d:63:0a:ca:ac:5e:86:67:bd:0b
Signer

Actual PE Digest

fa:7b:e3:90:00:b6:5c:d4:e8:1f:16:12:cc:5c:4a:31:26:52:9e:57:77:eb:5d:63:0a:ca:ac:5e:86:67:bd:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\workspace\rewasd\setup\plugin\SetupHlp\Release\setuphlp.pdb

Imports

urlmon

ObtainUserAgentString

gdi32

GetObjectW
GetStockObject
CreateDCW
CreatePen
CreateSolidBrush
DeleteDC
SetTextColor
SelectObject
SetBkColor
SetBkMode
ExtTextOutW
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
RoundRect
CreateFontIndirectW

user32

PostMessageW
CallWindowProcW
GetDlgItem
SetCapture
ReleaseCapture
GetDC
ReleaseDC
InvalidateRect
IsCharAlphaNumericW
RegisterClassExW
CharLowerA
AllowSetForegroundWindow
SetForegroundWindow
BroadcastSystemMessageW
PeekMessageW
SendMessageW
TranslateMessage
FindWindowExW
WaitForInputIdle
wsprintfW
GetCursorPos
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
DrawIconEx
LoadImageW
DestroyIcon
LoadIconW
CopyRect
GetSysColor
ClientToScreen
MessageBeep
AdjustWindowRect
GetWindowTextLengthW
GetWindowTextW
EndPaint
BeginPaint
UpdateWindow
DrawTextW
EnableMenuItem
GetSystemMenu
GetSystemMetrics
EnableWindow
KillTimer
GetWindowThreadProcessId
GetShellWindow
LoadStringW
DispatchMessageW
SetTimer
GetDialogBaseUnits
CheckDlgButton
EndDialog
DialogBoxIndirectParamW
IsWindow
MessageBoxA
GetActiveWindow
MessageBoxW
SetWindowTextW
UnregisterClassW
RegisterWindowMessageW
RedrawWindow
SetFocus
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
InflateRect
DrawFocusRect
ScreenToClient
SetCursor
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoSetProxyBlanket
CoGetClassObject
OleSetContainedObject

advapi32

OpenProcessToken
FreeSid
CheckTokenMembership
GetTokenInformation
RegSetValueExA
RegEnumKeyW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
SetTokenInformation
IsValidSid
InitializeSid
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
DuplicateTokenEx
CopySid
CreateProcessAsUserW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
ConvertSidToStringSidW
LookupAccountNameW
TraceMessage

shell32

ord680
SHCreateDirectoryExW
DuplicateIcon
SHGetFolderPathW
ShellExecuteA
ShellExecuteW
ShellExecuteExW

kernel32

IsValidLocale
GetLocaleInfoW
DecodePointer
CreateMutexW
CreateThread
SystemTimeToFileTime
GetModuleFileNameW
GetSystemTime
GetCurrentThreadId
GetFileAttributesW
CreateDirectoryW
MoveFileExW
VirtualProtect
VirtualQuery
GetExitCodeProcess
GetCPInfo
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SetLastError
EncodePointer
GetStringTypeW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetThreadTimes
GetCurrentThread
LoadLibraryExA
WritePrivateProfileStringW
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
FindFirstFileW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
SetEndOfFile
TerminateProcess
TerminateThread
GetCurrentProcess
OutputDebugStringW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
RtlUnwind
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileAttributesExW
ExitProcess
GetPrivateProfileStringW
GetModuleFileNameA
RemoveDirectoryW
LCMapStringW
GlobalFree
MoveFileW
CopyFileW
LoadLibraryA
GetVersion
CreateProcessW
GetCurrentProcessId
OpenEventW
CreateEventW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
WaitForSingleObject
FindNextFileW
FindResourceExW
FreeLibrary
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
CreateFileW
GetFileTime
ReadFile
SetFileTime
WriteFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
WideCharToMultiByte
CreateFileA
GetVolumeInformationW
DeviceIoControl
GetSystemDirectoryA
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GetTickCount
DeleteFileW
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
SetEnvironmentVariableW
OpenProcess
GetModuleHandleW
DeleteAtom
GlobalAddAtomW
GetTempFileNameW
GetTempPathW
RaiseException
InitializeCriticalSectionAndSpinCount
SetEvent

comctl32

_TrackMouseEvent

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCmp
SysAllocStringLen
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringLen
VariantInit
VariantClear

shlwapi

PathRemoveFileSpecW
PathFileExistsW

Exports

Exports

Activate
CheckEmail
CheckGUIStarted
CheckSerialNumber
ComponentsPageFree
ComponentsPageInit
ComponentsPageUpdate
CopyOldProfiles
CreatePrivacyHyperlink
CustomFinishPageInit
ExecLowerIntegrity
ExecuteWait
FinishPageFree
FinishPageInit
FormatFile
FreePrivacyHyperlink
GetBuyNowLink
GetFileVersionHlp
GetFinishStr
GetLicenseInfo
GetOSInfo
GetParamStr
GetSpecStr
GetStr
GetTextLinkOffsets
GetTextWidth
InitInstance
InitLang
InitNewSetupInstance
InstallNETFramework
IsAdmin
IsFolderExist
IsGUIRunning
IsHighDPI
IsNeedGadget
IsRebootRequired
IsSHA2Supported
IsWindows10OrHigher
IsWindows7OrHigher
IsWindows8OrHigher
LicenseOfferPageFree
LicenseOfferPageInit
LoadRTFToReachEdit
MoveControl
MoveSetupWindow
MoveTwoLinks
QuoteStr
ResizeControl
SendCloseGUI
SendGoogleStat
SetFolderFullAccess
SetRebootFlag
SetupFreeDefault
SetupInitDefault
StartUpdating
WelcomePageFree
WelcomePageInit

Sections

.text
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

629508b9438a8919e34cb6194e8ed7c9

Code Sign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

50:17:4f:0b:eb:48:d6:d9:4b:47:73:d6:97:71:f4:0bCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

fa:7b:e3:90:00:b6:5c:d4:e8:1f:16:12:cc:5c:4a:31:26:52:9e:57:77:eb:5d:63:0a:ca:ac:5e:86:67:bd:0bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

gdi32

user32

ole32

advapi32

shell32

kernel32

comctl32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 461KB - Virtual size: 460KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 21KB - Virtual size: 81KB

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 26KB - Virtual size: 26KB

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

50:17:4f:0b:eb:48:d6:d9:4b:47:73:d6:97:71:f4:0b
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

fa:7b:e3:90:00:b6:5c:d4:e8:1f:16:12:cc:5c:4a:31:26:52:9e:57:77:eb:5d:63:0a:ca:ac:5e:86:67:bd:0b
Signer

.text
Size: 461KB - Virtual size: 460KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 21KB - Virtual size: 81KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 26KB - Virtual size: 26KB