003ed38d7e230a45fc995f2db3db55266a4640625e1a719787a3f8e46316de88_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

003ed38d7e230a45fc995f2db3db55266a4640625e1a719787a3f8e46316de88_NeikiAnalytics.exe
Size

224KB
MD5

566a2767ae7a079867acc21dfb796200
SHA1

7bb66aea0ca1031c75ac84825991a7e10af6abea
SHA256

003ed38d7e230a45fc995f2db3db55266a4640625e1a719787a3f8e46316de88
SHA512

ef80a8b7c2b2687c3fe22353bf9bb0fccf09ee7ac87e71692f67df0df61165219bb6234a9203f09a7154caf66e6373084f5f8d2b0ea7c20a0ca402484d4f2cf1
SSDEEP

6144:hq8wNUUOwTzT77xe54asOlvrUi+CxCfPn:hbMQ8eaa3vrUiqH

Score

1^/10

Malware Config

Signatures

Files

003ed38d7e230a45fc995f2db3db55266a4640625e1a719787a3f8e46316de88_NeikiAnalytics.exe
.dll regsvr32 windows:4 windows x86 arch:x86

781ba4d6f6af18d9d7099868c47ebb2f

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:0a:13:ad:b7:c1:1a:42:a7:6c:6c:16:53:66:4e:93
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/02/2009, 00:00

Not After

26/02/2012, 23:59

Subject

CN=iTrusChina Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=CA Center,O=iTrusChina Co.\,Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:e4:c8:d0:fc:4a:58:89:4d:e3:72:26:d6:9a:f0:18:9f:b1:ec:e7
Signer

Actual PE Digest

39:e4:c8:d0:fc:4a:58:89:4d:e3:72:26:d6:9a:f0:18:9f:b1:ec:e7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptHashPublicKeyInfo
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertCreateCertificateContext
CertOpenStore
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext
CryptMsgClose
CryptExportPublicKeyInfo
CryptDecodeObject
CryptSignAndEncodeCertificate

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

kernel32

lstrcmpiA
lstrcpynA
IsDBCSLeadByte
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcatA
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
GetWindowsDirectoryW
GetLastError
lstrlenW
lstrcpyA
lstrlenA
MultiByteToWideChar
OutputDebugStringA
GetLocalTime
WideCharToMultiByte
GetCurrentProcessId
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
HeapFree
HeapAlloc
RtlUnwind
HeapReAlloc
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
TerminateProcess
GetCurrentProcess
HeapSize
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
RaiseException

user32

CharNextA
LoadStringA
GetForegroundWindow
GetWindowThreadProcessId

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

CryptReleaseContext
CryptDestroyKey
RegCloseKey
RegSetValueExA
RegCreateKeyExA
CryptGenKey
CryptGetProvParam
CryptGetUserKey
CryptAcquireContextW
CryptSetKeyParam
CryptAcquireContextA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegDeleteValueA
CryptEnumProvidersA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID

oleaut32

LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocString
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

781ba4d6f6af18d9d7099868c47ebb2f

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

45:0a:13:ad:b7:c1:1a:42:a7:6c:6c:16:53:66:4e:93Certificate

Extended Key Usages

Key Usages

39:e4:c8:d0:fc:4a:58:89:4d:e3:72:26:d6:9a:f0:18:9f:b1:ec:e7Signer

Headers

File Characteristics

Imports

crypt32

rpcrt4

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

45:0a:13:ad:b7:c1:1a:42:a7:6c:6c:16:53:66:4e:93
Certificate

39:e4:c8:d0:fc:4a:58:89:4d:e3:72:26:d6:9a:f0:18:9f:b1:ec:e7
Signer

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB