79503c47bf4f360e55b478254d2af5853b81af807181330e18543fae1939654b_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

79503c47bf4f360e55b478254d2af5853b81af807181330e18543fae1939654b_NeikiAnalytics.exe
Size

401KB
MD5

c4a7fd1a707549d19e7390d1b29b5970
SHA1

af6c7c9184bf90b82742a248287978bfc921753f
SHA256

79503c47bf4f360e55b478254d2af5853b81af807181330e18543fae1939654b
SHA512

0224210872099d7437cc989bd2f1d71c661ee23c7af11c8cf94199e315be7d082e55ab815a72fa99b9dcf6bb77e974a280453dfcc3828c573ef811c4db3f29dc
SSDEEP

6144:YBicSqRK7xMd3UjB1/7FWkqT1a6cXJlJYjYV4mZemhGw4hbU5aq:Yolqsr7HqBIJlqYijwHAq

Score

1^/10

Malware Config

Signatures

Files

79503c47bf4f360e55b478254d2af5853b81af807181330e18543fae1939654b_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

b59d670df8c28fe7d12b893d6f067862

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
Certificate

Issuer

CN=thawte Primary Root CA - G3,OU=Certification Services Division+OU=(c) 2008 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

02-04-2008 00:00

Not After

01-12-2037 23:59

Subject

CN=thawte Primary Root CA - G3,OU=Certification Services Division+OU=(c) 2008 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

57:99:24:3f:e3:08:c9:b4:89:93:71:b9:09:10:6e:a8
Certificate

Issuer

CN=thawte SHA256 Code Signing CA - G2,O=thawte\, Inc.,C=US

Not Before

22-09-2019 00:00

Not After

21-09-2022 23:59

Subject

CN=PC SOFT INFORMATIQUE SAS,OU=PC SOFT INFORMATIQUE SAS,O=PC SOFT INFORMATIQUE SAS,L=MONTPELLIER,ST=Hérault,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07
Certificate

Issuer

CN=thawte Primary Root CA - G3,OU=Certification Services Division+OU=(c) 2008 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=thawte SHA256 Code Signing CA - G2,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:cd:a7:f1:11:b7:ae:64:9b:cc:f2:9e:ec:25:f6:c8:09:9e:26:69
Signer

Actual PE Digest

10:cd:a7:f1:11:b7:ae:64:9b:cc:f2:9e:ec:25:f6:c8:09:9e:26:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\source\source.GP\64601\Release_moteurwebdev_163\wx\Desktop_x86_64\Release\Awp\wd260awp.pdb

Imports

kernel32

WaitForSingleObject
ReleaseMutex
CloseHandle
GetTickCount64
FlushFileBuffers
DisconnectNamedPipe
PeekNamedPipe
ReadFile
WriteFile
GetLastError
CreateFileW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
SetFilePointer
LockFile
LockFileEx
UnlockFile
UnlockFileEx
SetEndOfFile
SetFileValidData
SetErrorMode
SetLastError
GetTickCount
Sleep
DeleteFileW
GetFileAttributesW
FindClose
FindFirstFileExW
FindNextFileW
GetFullPathNameW
GetDriveTypeW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
HeapAlloc
GetProcessHeap
WideCharToMultiByte
HeapFree
GetModuleHandleW
GetModuleFileNameW
ProcessIdToSessionId
GetCurrentProcessId
FormatMessageW
LocalFree
OpenMutexW
GetVersionExW
GetSystemTime
CreatePipe
DuplicateHandle
GetCurrentProcess
CreateProcessW
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenProcess
GetExitCodeProcess
TerminateProcess
IsDebuggerPresent
OpenEventW
ResetEvent
WaitForMultipleObjects
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
QueryFullProcessImageNameW
LCMapStringW
GetSystemTimeAsFileTime
LoadLibraryExW
FreeLibrary
SetProcessWorkingSetSize
GetStdHandle
GetSystemWindowsDirectoryW
GetCurrentThread
CancelIo
SetNamedPipeHandleState
ExitThread
SetStdHandle
FormatMessageA
CreateIoCompletionPort
ConnectNamedPipe
LoadLibraryExA
VirtualQuery
GetSystemInfo
ReadConsoleW
WriteConsoleW
QueryPerformanceCounter
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
SetEvent
CreateThread
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
VirtualProtect
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetFileType
ExitProcess
GetModuleHandleExW
ResumeThread
GetACP
CompareStringW
GetStringTypeW
HeapReAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
RtlUnwind

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b59d670df8c28fe7d12b893d6f067862

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fbCertificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

57:99:24:3f:e3:08:c9:b4:89:93:71:b9:09:10:6e:a8Certificate

Extended Key Usages

Key Usages

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07Certificate

Extended Key Usages

Key Usages

10:cd:a7:f1:11:b7:ae:64:9b:cc:f2:9e:ec:25:f6:c8:09:9e:26:69Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 242KB - Virtual size: 242KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 4KB - Virtual size: 20KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 2KB - Virtual size: 2KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

57:99:24:3f:e3:08:c9:b4:89:93:71:b9:09:10:6e:a8
Certificate

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07
Certificate

10:cd:a7:f1:11:b7:ae:64:9b:cc:f2:9e:ec:25:f6:c8:09:9e:26:69
Signer

.text
Size: 242KB - Virtual size: 242KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 4KB - Virtual size: 20KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 2KB