6ca1c6bd26544c1a923ce9f54df7b6739ddccbd922a1d275bf3428c0199f7d4c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6ca1c6bd26544c1a923ce9f54df7b6739ddccbd922a1d275bf3428c0199f7d4c_NeikiAnalytics.exe
Size

4.9MB
MD5

2f8ff9876b9f396d8c26715187cab670
SHA1

070ee0cc105db3f1f11e8948e04e055d923f7bbf
SHA256

6ca1c6bd26544c1a923ce9f54df7b6739ddccbd922a1d275bf3428c0199f7d4c
SHA512

770551b570470f5604874536026eba7bd8d95412e96b41f390bb2d800cb2704c96965839d68202b6fb1abff89938d0bfe1f9e23427ef177511b0a61cd33dff22
SSDEEP

98304:ts3qLUqLc++rXG6BnTou7dBdFaW0TUNHadzvv5e+h:ts3qLUqL+rXBoWdBd5o5b

Score

1^/10

Malware Config

Signatures

Files

6ca1c6bd26544c1a923ce9f54df7b6739ddccbd922a1d275bf3428c0199f7d4c_NeikiAnalytics.exe
.dll windows:5 windows x86 arch:x86

2ff27b21094e2dffa9351050b6d0cc79

Code Sign

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ed:90:18:ca:a9:27:b7:62:6c:52:6b:90:6d:93:f5:67
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:5e:f3:57:bc:4e:f6:25:65:40:2e:55
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

28/12/2016, 11:12

Not After

29/12/2018, 11:12

Subject

CN=Hangzhou ToupTek Photonics Co.\, Ltd,O=Hangzhou ToupTek Photonics Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:89:df:86:38:da:c0:c2:e3:32:77:29:78:ce:8b:00:86:26:a4:3a
Signer

Actual PE Digest

70:89:df:86:38:da:c0:c2:e3:32:77:29:78:ce:8b:00:86:26:a4:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr
WSASetLastError
WSASend
select
ioctlsocket
__WSAFDIsSet
shutdown
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
getsockname
getpeername
gethostname
WSACleanup
WSAStartup
socket
listen
getsockopt
connect
closesocket
bind
accept
WSAIoctl
inet_ntoa
WSAGetLastError
ntohs
recvfrom
htons
sendto
setsockopt
ntohl
htonl

rpcrt4

UuidCreate

kernel32

FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
FlushFileBuffers
GetTimeZoneInformation
HeapQueryInformation
HeapSize
SetEndOfFile
GetFullPathNameW
GetCurrentDirectoryW
IsValidCodePage
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringW
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
WriteFile
GetOEMCP
ReadConsoleW
GetConsoleMode
ReadFile
HeapFree
HeapReAlloc
EnterCriticalSection
GetCommandLineA
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetTickCount
InterlockedExchange
WaitForSingleObject
Sleep
CloseHandle
WaitForMultipleObjects
SetEvent
CreateEventA
MultiByteToWideChar
ResetEvent
ReleaseSemaphore
GetModuleHandleA
GetProcAddress
CreateSemaphoreA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessAffinityMask
GetModuleFileNameA
OutputDebugStringA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetModuleHandleW
LoadLibraryExW
WideCharToMultiByte
FormatMessageA
HeapAlloc
ExitProcess
QueryPerformanceFrequency
GetCommandLineW
GetEnvironmentStringsW
InterlockedDecrement
GetFileAttributesExW
FileTimeToSystemTime
SetEnvironmentVariableA
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
WriteConsoleW
SetFilePointerEx
CreateFileW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsW

user32

PostMessageA

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

Exports

Exports

Toupnam_Capture
Toupnam_Capture_BySn
Toupnam_Close
Toupnam_Enum
Toupnam_Fini
Toupnam_Init
Toupnam_Open
Toupnam_Open_ByIndex
Toupnam_Pause
Toupnam_PriFlag
Toupnam_PullImage
Toupnam_Record
Toupnam_Seek
Toupnam_StartPullModeWithCallback
Toupnam_StartPullModeWithWndMsg
Toupnam_StartPushMode
Toupnam_Stop
Toupnam_Version
Toupnam_get_CapSize
Toupnam_get_Chrome
Toupnam_get_Dbgview
Toupnam_get_Duration
Toupnam_get_FourCC
Toupnam_get_HFlip
Toupnam_get_Inst
Toupnam_get_Inst_BySn
Toupnam_get_Negative
Toupnam_get_Network
Toupnam_get_Para
Toupnam_get_Para_BySn
Toupnam_get_Pos
Toupnam_get_Size
Toupnam_get_VFlip
Toupnam_get_Wifi
Toupnam_list_Wifi
Toupnam_put_Chrome
Toupnam_put_Dbgview
Toupnam_put_HFlip
Toupnam_put_Negative
Toupnam_put_Network
Toupnam_put_Para
Toupnam_put_Para_BySn
Toupnam_put_VFlip
Toupnam_put_Wifi

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ff27b21094e2dffa9351050b6d0cc79

Code Sign

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

11:21:ed:90:18:ca:a9:27:b7:62:6c:52:6b:90:6d:93:f5:67Certificate

Extended Key Usages

Key Usages

02:5e:f3:57:bc:4e:f6:25:65:40:2e:55Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

70:89:df:86:38:da:c0:c2:e3:32:77:29:78:ce:8b:00:86:26:a4:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 621KB - Virtual size: 621KB

.data Size: 18KB - Virtual size: 2.3MB

.rodata Size: 18KB - Virtual size: 17KB

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 114KB - Virtual size: 114KB

04:00:00:00:00:01:31:89:c6:50:04
Certificate

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

11:21:ed:90:18:ca:a9:27:b7:62:6c:52:6b:90:6d:93:f5:67
Certificate

02:5e:f3:57:bc:4e:f6:25:65:40:2e:55
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

70:89:df:86:38:da:c0:c2:e3:32:77:29:78:ce:8b:00:86:26:a4:3a
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 621KB - Virtual size: 621KB

.data
Size: 18KB - Virtual size: 2.3MB

.rodata
Size: 18KB - Virtual size: 17KB

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 114KB - Virtual size: 114KB