856b34b5d60d3953a865b382084f6725eaec12028980696d59d507a769f11b3c_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

856b34b5d60d3953a865b382084f6725eaec12028980696d59d507a769f11b3c_NeikiAnalytics.exe
Size

769KB
MD5

c186a93174948f0555508896f478b9f0
SHA1

9e996e2eeb40c30063d033dee66a20a0d725a661
SHA256

856b34b5d60d3953a865b382084f6725eaec12028980696d59d507a769f11b3c
SHA512

d08c856068ddb54db7c375c3856744a67715b155d27c6d451fd440737617427ad4fecaf32de0ade6ab1cab421c7e43519d969e92a05bf2e058265455022896f3
SSDEEP

12288:bEWoa5gQmjtKcKys08ZncAjbiTd8xMhgaWAAX5+BVUAPThWvBdwqpTy9:bEy5lmJo0IceiTd8xMhEXoVUO09T

Score

1^/10

Malware Config

Signatures

Files

856b34b5d60d3953a865b382084f6725eaec12028980696d59d507a769f11b3c_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

0d4089c6680316a857ccfc730ba80c4a

Code Sign

63:2e:eb:d9:b9:87:bc:68:0d:44:4d:86:75:a2:65:45
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/06/2013, 00:00

Not After

04/06/2014, 23:59

Subject

CN=Engaging Apps,O=Engaging Apps,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:d3:3a:ad:4c:77:08:3f:68:fc:47:a4:2f:ba:61:b2:37:00:9d:d3
Signer

Actual PE Digest

9c:d3:3a:ad:4c:77:08:3f:68:fc:47:a4:2f:ba:61:b2:37:00:9d:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

urlmon

URLDownloadToCacheFileA

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA

kernel32

FindResourceW
FindResourceExW
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetFileSize
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetSystemTimeAsFileTime
CreateDirectoryA
CreateFileA
GetFileAttributesA
OpenProcess
WaitForSingleObject
FindClose
OpenMutexA
GetModuleFileNameA
FindFirstFileA
FindNextFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
LocalFree
GetCurrentProcess
GetVersion
FreeLibrary
LockFile
UnlockFile
LockFileEx
GetSystemTime
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryA
LoadLibraryW
GetTempPathA
GetTempPathW
GetFullPathNameA
GetFullPathNameW
CreateFileW
GetFileAttributesW
DeleteFileA
DeleteFileW
AreFileApisANSI
GetVersionExA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
RaiseException
GetExitCodeThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
MulDiv
lstrcmpA
OutputDebugStringA
FileTimeToSystemTime
DosDateTimeToFileTime
GlobalHandle
GlobalFree
lstrcmpiA
LoadLibraryExA
FindResourceA
IsDBCSLeadByte
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineA
LoadLibraryExW
ExitThread
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
GetModuleHandleExW
ExitProcess
IsDebuggerPresent
RtlUnwind
GetLocalTime
GetStringTypeW
EncodePointer
DecodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
CompareStringW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateMutexA
CloseHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetFileType
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetStdHandle
WriteConsoleW
ReadConsoleW
SizeofResource
LoadResource
Sleep
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentThreadId
GetCurrentProcessId
LockResource
ReleaseMutex
SetEnvironmentVariableA
TlsFree
GetStartupInfoW
GetModuleHandleW
DeleteCriticalSection

user32

InvalidateRect
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
InvalidateRgn
GetWindowLongA
SetWindowLongA
GetClassNameA
GetWindow
RedrawWindow
SetWindowTextA
GetWindowTextLengthA
GetClientRect
LoadCursorA
FillRect
SetWindowContextHelpId
BeginPaint
MapDialogRect
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
SetTimer
ReleaseCapture
SetCapture
CharNextA
SendDlgItemMessageA
GetDlgItem
EndDialog
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
DefWindowProcA
RegisterWindowMessageA
GetParent
GetDesktopWindow
GetWindowTextA
SetFocus
PostMessageA
SendMessageA
UnregisterClassA
DialogBoxIndirectParamA
GetActiveWindow
ReleaseDC
GetFocus

gdi32

GetStockObject
GetDeviceCaps
DeleteObject
SelectObject
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetObjectA

advapi32

RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegQueryInfoKeyW
RegEnumKeyExA

shell32

SHFileOperationA
SHGetFolderPathA

ole32

CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
OleInitialize
OleUninitialize
OleLockRunning
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

UrlEscapeA

comctl32

InitCommonControlsEx

Sections

.text
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d4089c6680316a857ccfc730ba80c4a

Code Sign

63:2e:eb:d9:b9:87:bc:68:0d:44:4d:86:75:a2:65:45Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

9c:d3:3a:ad:4c:77:08:3f:68:fc:47:a4:2f:ba:61:b2:37:00:9d:d3Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

urlmon

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 625KB - Virtual size: 625KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 13KB - Virtual size: 22KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

63:2e:eb:d9:b9:87:bc:68:0d:44:4d:86:75:a2:65:45
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

9c:d3:3a:ad:4c:77:08:3f:68:fc:47:a4:2f:ba:61:b2:37:00:9d:d3
Signer

.text
Size: 625KB - Virtual size: 625KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 13KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB